Manuel Pégourié-Gonnard
722e5156fd
Add test for ecdsa_read_signature_restartable()
...
Test values taken from a random signature as generated in
ecdsa_write_read_random() test function
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
1ed2505f85
Add some negative testing for ecdsa_verify()
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
0ff17df081
Fix ECDSA test descriptions
...
The rename script was a bit zealous during the Great Renaming.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
4b9c51ef32
Rename EARLY_RETURN -> RESTARTABLE
...
This is more consistent with function and context names.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
1631d63d0c
Make muladd_restartable() actually restartable
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
54dd6527f0
Introduce muladd_restartable() and its sub-context
...
Only the administrative parts for now, not actually restartable so far.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
8467e6848d
Stop checking for argument change
...
This was intended to detect aborted operations, but now that case is handled
by the caller freeing the restart context.
Also, as the internal sub-context is managed by the callee, no need for the
caller to free/reset the restart context between successful calls.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
b739a712d1
Start moving to new design/API
...
Following discussion in the team, it was deemed preferable for the restart
context to be explicitly managed by the caller.
This commits in the first in a series moving in that directly: it starts by
only changing the public API, while still internally using the old design.
Future commits in that series will change to the new design internally.
The test function was simplified as it no longer makes sense to test for some
memory management errors since that responsibility shifted to the caller.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
d3a0ca8500
Add tests about number of restarts
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
9c5c78ff5c
Fix indicative values of ops counts
...
Previous measurements were wrong due to counting multiplication by a small
constant as a full multiplication, which it is not.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
78d564a841
Add check for changing arguments
...
In case of argument change, freeing everything is not the most efficient
(wastes one free()+calloc()) but makes the code simpler, which is probably
more important here
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
77af79a324
Add proper allocation of restart context
...
We'll need to store MPIs and other things that allocate memory in this
context, so we need a place to free it. We can't rely on doing it before
returning from ecp_mul() as we might return MBEDTLS_ERR_ECP_IN_PROGRESS (thus
preserving the context) and never be called again (for example, TLS handshake
aborted for another reason). So, ecp_group_free() looks like a good place to
do this, if the restart context is part of struct ecp_group.
This means it's not possible to use the same ecp_group structure in different
threads concurrently, but:
- that's already the case (and documented) for other reasons
- this feature is precisely intended for environments that lack threading
An alternative option would be for the caller to have to allocate/free the
restart context and pass it explicitly, but this means creating new functions
that take a context argument, and putting a burden on the user.
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
510d5caece
Add early return test + fake implementation
2017-08-09 11:44:53 +02:00
Manuel Pégourié-Gonnard
a54f6cc874
Unify name of default profile in X.509 tests
2017-08-09 10:41:42 +02:00
Manuel Pégourié-Gonnard
ea2dc14c0c
Fix some whitespace
2017-08-08 11:10:37 +02:00
Manuel Pégourié-Gonnard
9bc860c3ad
Add test for callback and bad signatures
...
Our current behaviour is a bit inconsistent here:
- when the bad signature is made by a trusted CA, we stop here and don't
include the trusted CA in the chain (don't call vrfy on it)
- otherwise, we just add NOT_TRUSTED to the flags but keep building the chain
and call vrfy on the upper certs
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
a656825aef
Add test for bad name and callback
...
This ensures that the callback can actually clear that flag, and that it is
seen by the callback at the right level. This flag is not set at the same
place than others, and this difference will get bigger in the upcoming
refactor, so let's ensure we don't break anything here.
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
2d825d42bb
Add test for same CA with different keys
...
When a trusted CA is rolling its root keys, it could happen that for some
users the list of trusted roots contains two versions of the same CA with the
same name but different keys. Currently this is supported but wasn't tested.
Note: the intermediate file test-ca-alt.csr is commited on purpose, as not
commiting intermediate files causes make to regenerate files that we don't
want it to touch.
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
c10afdb322
Add test for CA forgery attempt
...
As we accept EE certs that are explicitly trusted (in the list of trusted
roots) and usually look for parent by subject, and in the future we might want
to avoid checking the self-signature on trusted certs, there could a risk that we
incorrectly accept a cert that looks like a trusted root except it doesn't
have the same key. This test ensures this will never happen.
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
d092277683
Add test for profile on trusted EE cert
2017-08-08 11:06:50 +02:00
Manuel Pégourié-Gonnard
bc313017a5
Add tests for flags passed to f_vrfy
...
The tests cover chains of length 0, 1 and 2, with one error, located at any of
the available levels in the chain. This exercises all three call sites of
f_vrfy (two in verify_top, one in verify_child). Chains of greater length
would not cover any new code path or behaviour that I can see.
2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
ffa42efa1c
Add ability to test flags value in vrfy callback
...
So far there was no test ensuring that the flags passed to the vrfy callback
are correct (ie the flags for the current certificate, not including those of
the parent).
Actual tests case making use of that test function will be added in the next
commit.
2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
43be6cda47
Fix depends_on:pk_alg in test suites
2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
5be9533cdf
Fix depends_on:curve in x509 tests
2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
1fe6bb9f25
Fix missing depends_on:SHA/MD in x509 tests
2017-08-08 11:06:49 +02:00
Manuel Pégourié-Gonnard
b341dd58c5
Add tests for spurious certs in the chain
...
We have code to skip them but didn't have explicit tests ensuring they are
(the corresponding branch was never taken).
While at it, remove extra copy of the chain in server10*.crt, which was
duplicated for no reason.
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
4dfc04a66f
Add test for bad signature with longer chain
...
This is one line that wasn't covered in verify_child()
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
29d60fb85f
Add test for expired cert in longer chain
...
That's two lines that were not covered in verify_child()
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
41859786be
Add tests for fatal error in vrfy callback
...
This shows inconsistencies in how flags are handled when callback fails:
- sometimes the flags set by the callback are transmitted, sometimes not
- when the cert if not trusted, sometimes BADCERT_NOT_TRUSTED is set,
sometimes not
This adds coverage for 9 lines and 9 branches. Now all lines related to
callback failure are covered.
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
6b9d53f6c8
Add ability to test failing vrfy callback
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
6622fed524
Add tests for profile enforcement
...
Now all checks related to profile are covered in:
- verify_with_profile()
- verify_child()
- verify_top()
(that's 10 lines that were previously not covered)
Leaving aside profile enforcement in CRLs for now, as the focus is on
preparing to refactor cert verification.
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
9832ceaa2a
Set deterministic flags for NULL profile
...
Previously flags was left to whatever value it had before. It's cleaner to
make sure it has a definite value, and all bits set looks like the safest way
for when it went very wrong.
2017-08-08 11:00:46 +02:00
Manuel Pégourié-Gonnard
e54931f489
Add "profile" arg to X.509 test function
...
Unused yet, tests using it will be added in the next commit
2017-08-08 11:00:46 +02:00
Simon Butcher
9e24b5184c
Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA
2017-07-28 18:18:29 +01:00
Simon Butcher
efdfeeba6a
Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA
2017-07-28 12:15:13 +01:00
Andres AG
7d6ec7bacc
Add CRT DER tests with incorrect version
2017-07-27 21:44:34 +01:00
Andres AG
c124061681
Add CRL DER tests with incorrect version
2017-07-27 21:44:34 +01:00
Andres AG
6fb6d79a37
Add CSR DER tests with incorrect version
2017-07-27 21:44:34 +01:00
Ron Eldor
5a21fd62bf
fix for issue 1118: check if iv is zero in gcm.
...
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-27 21:44:33 +01:00
Andres AG
7d97e669f0
Add CRT DER tests with incorrect version
2017-07-27 15:08:01 +01:00
Andres AG
fff826cfd6
Add CRL DER tests with incorrect version
2017-07-27 15:08:01 +01:00
Andres AG
f00baffdc1
Add CSR DER tests with incorrect version
2017-07-27 15:08:01 +01:00
Ron Eldor
e2efaeaafc
fix for issue 1118: check if iv is zero in gcm.
...
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-27 15:08:01 +01:00
Hanno Becker
3b1422e55e
Check threshold for MBEDTLS_X509_MAX_INTERMEDIATE_CA in X509 tests
...
The X509 test suite assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA is below the
hardcoded threshold 20 used in the long certificate chain generating script
tests/data_files/dir-max/long.sh. This commit adds a compile-time check for
that.
2017-07-26 13:49:38 +01:00
Andres AG
eacc616a9c
Add CRT DER tests with incorrect version
2017-07-26 12:13:13 +01:00
Andres AG
2a9fd0e5c7
Add CRL DER tests with incorrect version
2017-07-26 12:13:04 +01:00
Andres AG
ae7b1c4aed
Add CSR DER tests with incorrect version
2017-07-26 12:12:53 +01:00
Hanno Becker
47deec488f
Move flag indicating presence of strong entropy to test code
2017-07-24 15:31:30 +01:00
Hanno Becker
c6deafc0d4
Omit RSA key generation test if no strong entropy is present
...
The RSA key generation test needs strong entropy to succeed. This commit captures the presence of a strong entropy
source in a preprocessor flag and only runs the key generation test if that flag is set.
2017-07-24 09:09:01 +01:00
Hanno Becker
75efa79201
Adapt generic test suite file to coding standard
2017-07-23 10:40:58 +01:00
Hanno Becker
910f662cd7
Increase readability of verbose test suite output
2017-07-23 10:40:53 +01:00
Hanno Becker
1b841cc9bf
Correct typo in entropy test suite data
2017-07-23 10:40:46 +01:00
Hanno Becker
7e8e57c6d1
Initialize RSA context in RSA test suite before first potentially failing operation
...
The function `mbedtls_rsa_gen_key` from `test_suite_rsa.function` initialized a stack allocated RSA context only after
seeding the CTR DRBG. If the latter operation failed, the cleanup code tried to free the uninitialized RSA context,
potentially resulting in a segmentation fault. Fixes one aspect of #1023 .
2017-07-23 10:40:29 +01:00
Ron Eldor
e1b92fee55
fix for issue 1118: check if iv is zero in gcm.
...
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-20 00:11:24 +02:00
Manuel Pégourié-Gonnard
31458a1878
Only return VERIFY_FAILED from a single point
...
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
2017-07-06 11:58:41 +02:00
Manuel Pégourié-Gonnard
d15795acd5
Improve behaviour on fatal errors
...
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
2017-07-06 11:58:41 +02:00
Manuel Pégourié-Gonnard
1beb048316
Add test for limit on intermediate certificates
...
Inspired by test code provided by Nicholas Wilson in PR #351 .
The test will fail if someone sets MAX_INTERMEDIATE_CA to a value larger than
18 (default is 8), which is hopefully unlikely and can easily be fixed by
running long.sh again with a larger value if it ever happens.
Current behaviour is suboptimal as flags are not set, but currently the goal
is only to document/test existing behaviour.
2017-07-06 11:57:31 +02:00
Andres Amaya Garcia
b71b630730
Change test suites to use new MD API with ret code
2017-06-28 12:52:16 +01:00
Simon Butcher
f2a597fa3d
Update the version number to 2.5.1
2017-06-20 23:08:10 +01:00
Hanno Becker
a540068a56
Modify PK test suite to provide PRNG to RSA signature function
...
To prepare for the option of mandatory blinding, this commit changes
the PK test suite to always call signature functions with a PRNG.
2017-06-09 13:29:53 +01:00
Manuel Pégourié-Gonnard
b86b143030
Merge remote-tracking branch 'restricted/iotssl-1138-rsa-padding-check-restricted' into development-restricted
...
* restricted/iotssl-1138-rsa-padding-check-restricted:
RSA PKCS1v1.5 verification: check padding length
2017-06-08 20:31:06 +02:00
Manuel Pégourié-Gonnard
1178ac5e77
Merge remote-tracking branch 'hanno/sliding_exponentiation' into development
...
* hanno/sliding_exponentiation:
Adapt ChangeLog
Abort modular inversion when modulus is one.
Correct sign in modular exponentiation algorithm.
2017-06-08 19:46:30 +02:00
Gilles Peskine
f11d33b2df
Cleaned up negative test predicate for test case
...
The test infrastructure does support negative predicates for test
cases, thanks to Andreas for letting me know.
2017-06-06 19:16:18 +02:00
Gilles Peskine
5d2511c4d4
SHA-1 deprecation: allow it in key exchange
...
By default, keep allowing SHA-1 in key exchange signatures. Disabling
it causes compatibility issues, especially with clients that use
TLS1.2 but don't send the signature_algorithms extension.
SHA-1 is forbidden in certificates by default, since it's vulnerable
to offline collision-based attacks.
2017-06-06 18:44:14 +02:00
Gilles Peskine
4fa6bed0c6
X.509 tests: obey compile-time SHA-1 support option
...
There is now one test case to validate that SHA-1 is rejected in
certificates by default, and one test case to validate that SHA-1 is
supported if MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 is #defined.
2017-06-06 18:44:14 +02:00
Gilles Peskine
2dc81a0cbc
Test that X.509 verification rejects SHA-256 by default
2017-06-06 18:44:13 +02:00
Gilles Peskine
ef86ab238f
Allow SHA-1 in X.509 and TLS tests
...
SHA-1 is now disabled by default in the X.509 layer. Explicitly enable
it in our tests for now. Updating all the test data to SHA-256 should
be done over time.
2017-06-06 18:44:13 +02:00
Hanno Becker
8435c381bd
Remove use of size zero array in ECJPAKE test suite
...
The ECJPAKE test suite uses a size zero array for the empty password
used in the tests, which is not valid C. This commit fixes this.
This originally showed up as a compilation failure on Visual Studio
2015, documented in IOTSSL-1242, but can also be observed with GCC
when using the -Wpedantic compilation option.
2017-06-05 15:10:59 +01:00
Andres AG
a3b9adb6bd
Add negative testing for mbedtls_pem_read_buffer()
2017-05-30 16:54:23 +01:00
Simon Butcher
9f77017a8d
Updated version number to 2.5.0
2017-05-16 10:22:37 +01:00
Andres AG
5c79d25d94
Add PK tests to avoid hashlen overflow for RSA
2017-05-11 21:58:25 +01:00
Manuel Pégourié-Gonnard
c1380de887
RSA PKCS1v1.5 verification: check padding length
...
The test case was generated by modifying our signature code so that it
produces a 7-byte long padding (which also means garbage at the end, so it is
essential in to check that the error that is detected first is indeed the
padding rather than the final length check).
2017-05-11 13:10:13 +02:00
Hanno Becker
4bcb4914c5
Abort modular inversion when modulus is one.
...
The modular inversion function hangs when provided with the modulus 1. This commit refuses this modulus with a BAD_INPUT error code. It also adds a test for this case.
2017-05-08 14:47:04 +01:00
Hanno Becker
a4af1c47d2
Correct sign in modular exponentiation algorithm.
...
The modular exponentiation function handled the sign incorrectly. This commit fixes this and a test case which should have caught it.
2017-04-18 09:07:45 +01:00
Andres AG
d1cc7f6f34
Fix buffer overflow in mbedtls_mpi_write_string()
...
Fix a buffer overflow when writting a string representation of an MPI
number to a buffer in hexadecimal. The problem occurs because hex
digits are written in pairs and this is not accounted for in the
calculation of the required buffer size when the number of digits is
odd.
2017-03-02 21:34:21 +00:00
Andres AG
99acfc4521
Fix failing pkparse test case
...
The first three test cases from test_suites_pkparse.data failed because
the key file they read requires DES to be read. However, MBEDTLS_DES_C
was missing from the dependency list.
2017-03-02 16:01:08 +00:00
Janos Follath
28fff14113
Add invalid key tests for curve SECP224K1
...
This curve has special arithmetic on 64 bit platforms and an untested
path lead to trying to free a buffer on the stack.
For the sake of completeness, a test case for a point with non-affine
coordinates has been added as well.
2017-02-28 18:41:39 +00:00
Janos Follath
ea7054a00c
Add unit tests for X509 certificate date parsing
2017-02-28 14:23:12 +00:00
Simon Butcher
fc794ff2b7
Merge branch 'iotssl-1071-ca-flags'
...
Fixes a regression introduced by an earlier commit that modified
x509_crt_verify_top() to ensure that valid certificates that are after past or
future valid in the chain are processed. However the change introduced a change
in behaviour that caused the verification flags MBEDTLS_X509_BADCERT_EXPIRED and
MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in the
verification regardless of the cause.
The fix maintains both behaviours:
* Ensure that valid certificates after future and past are verified
* Ensure that the correct verification flags are set.
2017-02-27 19:06:05 +00:00
Simon Butcher
0278a38f10
Merge branch 'iotssl-1077-dos-crl'
...
Modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM
format with trailing characters after the footer does not result in the
execution of an infinite loop.
2017-02-26 01:16:02 +00:00
Andres Amaya Garcia
6a54336897
Fix integer overflows in buffer bound checks
...
Fix potential integer overflows in the following functions:
* mbedtls_md2_update() to be bypassed and cause
* mbedtls_cipher_update()
* mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-15 23:31:07 +02:00
Andres AG
49d29337fa
Add tests for overreads in pem_read_buffer()
2017-02-15 23:31:07 +02:00
Janos Follath
4c006cdb1c
Update library version number to 2.4.1
2017-02-15 22:55:55 +02:00
Andres AG
342889fdbe
Remove unused var warnings in windows unittests
2017-02-15 09:08:26 +00:00
Andres AG
9060d4da08
Fix generate_code.pl to handle escaped :
2017-02-02 14:38:13 +00:00
Andres AG
9f430c15d8
Add tests for out flags from x509_crt_verify_top()
...
The tests load certificate chains from files. The CA chains contain a
past or future certificate and an invalid certificate. The test then
checks that the flags set are MBEDTLS_X509_BADCERT_EXPIRED or
MBEDTLS_X509_BADCERT_FUTURE.
2017-01-20 13:52:01 +00:00
Andres AG
a39db394db
Add test for infinite loop in CRL parse
2017-01-19 17:10:51 +00:00
Janos Follath
1808dc01bd
Update library version number to 2.4.1
2016-12-13 16:00:52 +00:00
Andres AG
9c94b6951c
Add tests for overreads in pem_read_buffer()
2016-11-21 11:03:40 +00:00
Andres AG
ea67eeb4e8
Remove unused var warnings in windows unittests
2016-11-10 17:22:12 +00:00
Simon Butcher
16c54ee9c8
Update library version number to 2.4.0
2016-10-16 19:34:39 +01:00
Simon Butcher
9800a058ae
Merge branch 'development'
2016-10-13 17:25:56 +01:00
Simon Butcher
488c08c00b
Merge branch fixing date validity in X.509
2016-10-13 16:13:09 +01:00
Janos Follath
f45dab1939
Fix global variable shadowing
2016-10-13 13:54:48 +01:00
Simon Butcher
6437b221a3
Fix stdio redirection memory leak in test suites
2016-10-13 13:54:48 +01:00
Janos Follath
e5dc202469
Restore P>Q in RSA key generation ( #558 )
...
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.
This commit restores this behaviour.
2016-10-13 13:54:48 +01:00
Janos Follath
d7b9049806
Fix memory leaks in CMAC tests
2016-10-13 13:53:56 +01:00
Andres AG
fe4db8f575
Fix memory leak in test_suite_cmac.function
2016-10-13 13:53:56 +01:00
Janos Follath
2d9c46767a
Fix minor style issues in test framework
2016-10-13 13:53:13 +01:00
Simon Butcher
33388669ec
Fix to test output in test suites
...
Fixes the test suites to consistently use mbedtls_fprintf to output to
stdout or stderr.
Also redirects output from the tests to /dev/null to avoid confusing
output if the test suite code or library outputs anything to stdout.
2016-10-13 13:53:13 +01:00
Simon Butcher
8739aa9403
Fix exit and formatting in CMAC test suite
...
Minor fixes following review.
2016-10-13 13:53:13 +01:00
Simon Butcher
c3db62fd51
Extend test coverage of CMAC
...
Expands tests to include NULL tests and successive calls to
mbedtls_cipher_cmac_update() and mbedtls_cipher_cmac_reset().
2016-10-13 13:53:13 +01:00
Simon Butcher
f394e09431
Clean up and minor fixes following review
...
Minor fixes following review including:
* formatting changes including indentation and code style
* corrections
* removal of debug code
* clarification of code through variable renaming
* memory leak
* compiler warnings
2016-10-13 13:51:12 +01:00
Simon Butcher
937fddbfcb
Introduce a CMAC specific test suite
2016-10-13 13:51:11 +01:00
Andres AG
42547d0cf7
Set selftest verbose flag to boost coverage
2016-10-13 13:48:48 +01:00
Simon Butcher
1c8b33ad19
Merge branch 'development'
2016-10-13 13:40:41 +01:00
Janos Follath
e709f7c9e0
Fix global variable shadowing
2016-10-13 13:20:12 +01:00
Simon Butcher
e019296ab7
Fix stdio redirection memory leak in test suites
2016-10-13 10:03:08 +01:00
Janos Follath
ef44178474
Restore P>Q in RSA key generation ( #558 )
...
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.
This commit restores this behaviour.
2016-10-13 00:25:07 +01:00
Janos Follath
99d09d2747
Fix memory leaks in CMAC tests
2016-10-12 15:32:54 +01:00
Andres AG
c4424c0a69
Fix memory leak in test_suite_cmac.function
2016-10-12 15:32:53 +01:00
Janos Follath
d444358247
Fix memory leaks in CMAC tests
2016-10-12 14:31:01 +01:00
Andres AG
8abc6b86f9
Fix memory leak in test_suite_cmac.function
2016-10-12 00:40:16 +01:00
Andres AG
e0af995f12
Add test for bounds in X509 DER write funcs
2016-10-11 14:07:48 +01:00
Janos Follath
8ca53b51c5
Fix minor style issues in test framework
2016-10-11 12:25:34 +01:00
Simon Butcher
2573136fa8
Fix to test output in test suites
...
Fixes the test suites to consistently use mbedtls_fprintf to output to
stdout or stderr.
Also redirects output from the tests to /dev/null to avoid confusing
output if the test suite code or library outputs anything to stdout.
2016-10-11 12:25:34 +01:00
Simon Butcher
bd8d221920
Fix exit and formatting in CMAC test suite
...
Minor fixes following review.
2016-10-11 12:25:04 +01:00
Simon Butcher
33183fd408
Extend test coverage of CMAC
...
Expands tests to include NULL tests and successive calls to
mbedtls_cipher_cmac_update() and mbedtls_cipher_cmac_reset().
2016-10-11 12:25:04 +01:00
Simon Butcher
69283e51d5
Clean up and minor fixes following review
...
Minor fixes following review including:
* formatting changes including indentation and code style
* corrections
* removal of debug code
* clarification of code through variable renaming
* memory leak
* compiler warnings
2016-10-06 12:49:58 +01:00
Simon Butcher
d812fa69d9
Introduce a CMAC specific test suite
2016-10-05 14:19:18 +01:00
Andres AG
4b76aecaf3
Add check for validity of date in x509_get_time()
2016-09-28 14:32:54 +01:00
Andres AG
93012e8bce
Set selftest verbose flag to boost coverage
2016-09-27 17:29:22 +01:00
Simon Butcher
b7f45c54a7
Fixes for entropy test suite for some configurations
...
Changes to allow the entropy tests to work for configurations without an
entropy seed file (MBEDTLS_ENTROPY_NV_SEED), and with no entropy sources
configured (MBEDTLS_TEST_NULL_ENTROPY).
2016-09-15 18:42:26 +01:00
Simon Butcher
7dda0dd038
Fix typo in dependency in test_suite_debug.data
2016-09-04 15:14:38 +01:00
palaviv
f180df99a9
Added needed ECDSA dependencies to test_suite_x509parse.data
2016-09-04 15:14:38 +01:00
palaviv
00cb9c5c08
Added needed HASH dependencies to tests/suites/test_suite_pkparse.data
2016-09-04 15:14:38 +01:00
palaviv
1472f11608
Added needed HASH dependencies to test_suite_debug.data
2016-09-04 15:14:38 +01:00
palaviv
a07ecda04e
Added needed HASH dependencies to test_suite_x509parse.data
2016-09-04 15:14:38 +01:00
Andres AG
e7723ec284
Make entropy bias self test poll multiple times
...
Instead of polling the hardware entropy source a single time and
comparing the output with itself, the source is polled at least twice
and make sure that the separate outputs are different.
2016-08-30 16:50:48 +01:00
Andres AG
b34e42e69e
Add a new self test to entropy module
...
The self test is a quick way to check at startup whether the entropy
sources are functioning correctly. The self test only polls 8 bytes
from the default entropy source and performs the following checks:
- The bytes are not all 0x00 or 0xFF.
- The hardware does not return an error when polled.
- The entropy does not provide data in a patter. Only check pattern
at byte, word and long word sizes.
2016-08-30 16:50:48 +01:00
Andres AG
99b257ca19
Fix memory leak in test_suite_md.function
2016-08-26 17:21:14 +01:00
Paul Bakker
50157ff5ab
Add new timing test suite that runs the timing self test
2016-08-25 16:36:35 +01:00
Paul Bakker
81c60910e1
Run PKCS#5 selftest in test suites
2016-08-25 16:36:35 +01:00
Simon Butcher
80cd444978
Adds missing dependency to AES special case tests
...
Added MBEDTLS_AES_C to the AES cipher special behaviours test case.
2016-08-25 15:42:28 +01:00
Paul Bakker
5c57e02b1d
Fix style issues in test_suite_md.function
2016-08-25 15:42:28 +01:00
Paul Bakker
6a9c725652
Add Cipher layer corner case test coverage
2016-08-25 15:42:28 +01:00
Paul Bakker
185ccf7070
Add coverage for CTR-DRBG corner case function behaviours
2016-08-25 15:42:28 +01:00
Paul Bakker
ec5ceb65d6
Test invalid bit value in mbedtls_mpi_set_bit()
2016-08-25 15:42:28 +01:00
Paul Bakker
c7d6bd4b5f
Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths
...
As a consequence also adds coverage for reading 3 and 4 byte lengths
(which were not covered before)
2016-08-25 15:42:27 +01:00
Paul Bakker
5e8b77cd8c
Test result of mbedtls_asn1_write_len() through mbedtls_asn1_get_len()
2016-08-25 15:42:27 +01:00
Paul Bakker
58bfb83bb0
Add buffer length tests for mbedtls_asn1_write_len()
2016-08-25 15:42:27 +01:00
Paul Bakker
e325db9055
Add explicit test coverage for mbedtls_asn1_write_len()
2016-08-25 15:42:27 +01:00
Paul Bakker
97c53c2867
Add coverage testing of mbedtls_md_clone() (and wraps)
...
+13 functions, +57 lines
2016-08-25 15:42:27 +01:00
Paul Bakker
e35afa28f7
Update *_multi tests in test_suite_md to do more than 1 step
2016-08-25 15:42:27 +01:00
Simon Butcher
905cef6c2c
Changed library version number to 2.3.0
2016-06-27 19:36:45 +01:00
Simon Butcher
ab069c6b46
Merge branch 'development' into development-restricted
2016-06-23 21:42:26 +01:00
Simon Butcher
02c4a38013
Corrects missing dependency for MBEDTLS_CIPHER_MODE_CBC in some tests
2016-06-23 02:41:31 +01:00
Janos Follath
15ab7ed0f3
Merge branch 'development' into development-restricted
...
Conflicts:
programs/pkey/rsa_decrypt.c
programs/pkey/rsa_encrypt.c
programs/test/selftest.c
2016-06-14 09:20:46 +01:00
Paul Bakker
c568762a5c
Fix dependency on MBEDTLS_ENTROPY_SHA512_ACCUMULATOR in test suite
2016-06-07 13:00:43 +01:00
Paul Bakker
b598c293ce
Fix dependency guard for test
2016-06-01 16:57:11 +01:00
Paul Bakker
4a6c6fc72d
Properly gate NV_SEED additions in test suite
2016-06-01 16:34:50 +01:00
Paul Bakker
ffbfb4c24c
Add test cases for NV seed functionality
...
A standard 'test' that writes a seed file is added so that regular tests
still can succeed. This is in lieu of a 'SUITE_PRE_CODE' kind of
arrangement where a suite can run code before (and after) all other code
runs.
A test is added that checks if we can read and write the standard NV
seed file
A test is added that actually checks if the entropy and seed file values
that are the result of just using the NV seed are the same as the manual
calculation.
2016-06-01 16:34:50 +01:00
Janos Follath
04b591ee79
Merge branch 'development' for weekly test report.
2016-05-31 10:18:41 +01:00
Simon Butcher
65b1fa6b07
Fixes warnings found by Clang static analyser
...
Also removes annotations in the code to avoid warnings which don't appear to
be needed.
2016-05-23 23:18:26 +01:00
Paul Bakker
774180e14e
Fix memory-leak in verbose test framework in case of unexpected input
2016-05-23 14:29:31 +01:00
Paul Bakker
26b60bf7d1
Fox verbose test framework not to duplicate strings if not verbose
2016-05-23 14:29:31 +01:00
Paul Bakker
a30a72f80f
Fix verbose test framework mote to use unmet_dep_count for index
2016-05-23 14:29:31 +01:00
Simon Butcher
a557cfb9ad
Widens test bounds on memory alloc tests
2016-05-23 14:29:30 +01:00
Simon Butcher
4ec1e8193e
Widens test parameters in memory alloc tests
2016-05-23 14:29:30 +01:00
SimonB
214f5c0af2
Additional tests to test stack buffer allocator
...
Adds additional tests to the test suite for
memory_buffer_alloc.c
2016-05-23 14:29:29 +01:00
SimonB
20273ddc4c
Adds reporting of file/line no. in failed tests
...
Tests in tests/suites will now report the file and line number of
failed test assertions.
2016-05-23 14:29:29 +01:00
Nicholas Wilson
b19bac4d82
Allow test suites to be run on Windows
...
For a start, they don't even compile with Visual Studio due to strcasecmp
being missing. Secondly, on Windows Perl scripts aren't executable and have
to be run using the Perl interpreter directly; thankfully CMake is able to
find cygwin Perl straight away without problems.
2016-05-23 14:29:28 +01:00
Simon Butcher
94bafdf834
Merge branch 'development'
2016-05-18 18:40:46 +01:00
Simon Butcher
edb7fd9d76
Fixes stdlib.h dependencies in test suites
...
Moved stdlib.h in test suites, so platforms that don't support
MBEDTLS_PLATFORM_C would build.
2016-05-17 13:35:51 +01:00
Simon Butcher
c21bec8af4
Merge branch 'development'
2016-05-16 16:15:20 +01:00
Paul Bakker
53f01199e2
Fix memory-leak in verbose test framework in case of unexpected input
2016-05-12 15:59:48 +01:00
Paul Bakker
2a259c63e3
Fox verbose test framework not to duplicate strings if not verbose
2016-05-12 15:55:37 +01:00
Paul Bakker
6e51915187
Fix verbose test framework mote to use unmet_dep_count for index
2016-05-12 15:52:48 +01:00
Paul Bakker
324258fdc8
Merge pull request #353 from NWilson/win-tests
...
Allow test suites to be run on Windows
2016-05-11 20:09:13 +02:00
Simon Butcher
938f65c452
Merge 'development' into development
2016-05-10 20:58:54 +01:00
Simon Butcher
e9f25c8a60
Widens test bounds on memory alloc tests
2016-05-10 20:57:03 +01:00
Simon Butcher
d96924de9c
Widens test parameters in memory alloc tests
2016-05-06 00:22:18 +01:00
SimonB
a0ed709f05
Additional tests to test stack buffer allocator
...
Adds additional tests to the test suite for
memory_buffer_alloc.c
2016-05-05 14:25:03 +01:00
SimonB
31a6c49139
Adds reporting of file/line no. in failed tests
...
Tests in tests/suites will now report the file and line number of
failed test assertions.
2016-05-05 14:25:03 +01:00
Simon Butcher
e4a46f696f
Merge branch 'development'
2016-04-27 18:44:37 +01:00
Simon Butcher
b2d5dd105d
Fixes X509 sample app and SSL test suite
...
Fixes the X.509 cert_app and the SSL test suite for the non-default
configs which don't build with if MBEDTLS_PLATFORM_C isn't defined.
2016-04-27 13:35:37 +01:00
SimonB
1594210a49
Adds better support to debug generated code
...
The commit adds to the generate_code.pl script support to add #line directives
to generated code to allow build breaks to be more easily found from the
generated code.
2016-04-26 14:46:56 +01:00
Simon Butcher
956420d6e6
Merge branch 'development'
2016-04-19 19:29:09 +01:00
Janos Follath
55abc21521
Fix ci break in builds without platform.h
2016-04-19 15:15:53 +01:00
Simon Butcher
2300776816
Merge branch 'development'
2016-04-19 10:39:36 +01:00
Janos Follath
f5e254a9ff
Remove unused code from PKCS1v15 test suite
2016-04-18 10:00:55 +01:00
SimonB
8ca7bc42d0
Adds verbose mode to the test suites
...
Added a verbose option to the generated test suites which can list the
dependencies not met for skipped test cases.
Also clarifies internal interfaces between the main_test.function and test code,
and fixed a bug on calculating available tests in run-test-suites.pl.
2016-04-17 23:24:50 +01:00
Simon Butcher
3f5c875654
Adds test for odd bit length RSA key size
...
Also tidy up ChangeLog following review.
2016-04-15 19:06:59 +01:00
Simon Butcher
0914ac47d2
Add missing config dependencies to PKCS1 V15 tests
2016-04-13 14:49:25 +01:00
Janos Follath
e6aef9fa70
Add tests to cover PKCS1 v1.5 signature functions.
...
The reported memory leak should have been spotted by
make memcheck
But it wasn't. Keeping the tests for better coverage.
2016-04-11 23:32:26 +01:00
Janos Follath
4c5dccf419
Fix the broken pkcs1 v1.5 test.
...
The random buffer handed over to the test function was too small
and the remaining bytes were generated by the default (platform
dependant) function.
2016-03-30 00:53:44 +01:00
Simon Butcher
184990c1d4
Merge development into development-restricted
2016-03-16 13:56:00 +00:00
Simon Butcher
4b852db299
Merge branch 'iotssl-629-der-trailing-bytes'
...
Fixes bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer following DER certificates to be included in the raw representation.
2016-03-12 23:28:26 +00:00
Janos Follath
8a49a019b0
Add tests for the bug IOTSSL-619.
...
The main goal with these tests is to test the bug in question and
they are not meant to test the entire PKCS#1 v1.5 behaviour. To
achieve full test coverage, further test cases are needed.
2016-03-09 21:06:19 +00:00
Simon Butcher
fbe85fe4fa
Add missing dependencies to X509 Parse test suite for P-384 curve
...
The test script curves.pl was failing on testing dependencies for the P-384
curve on the new test cases introduced by ede75f0
and 884b4fc
.
2016-03-09 19:32:10 +00:00
Janos Follath
df4bca2029
X509: Future CA among trusted: add more tests
2016-03-09 19:32:10 +00:00
Janos Follath
12c868c5d6
X509: Future CA among trusted: add unit tests
2016-03-09 19:32:10 +00:00
SimonB
0269dad5e5
Refactored test suite template code
...
Restructed test suite helper and main code to support tests suite helper
functions, changed C++ comments to C-style, and made the generated
source code more navigable.
2016-03-09 19:32:10 +00:00
SimonB
152ea18037
Added support for per test suite helper functions
...
Added to generate_code.pl:
- support for per test suite helper functions
- description of the structure of the files the script uses to construct
the test suite file
- delimiters through the source code to make the machine generated code
easier to understand
2016-03-09 19:32:10 +00:00
Simon Butcher
aad787f1c7
Parameterised the test suite applications
...
All test suites can now take an arbitrary test file.
2016-03-09 19:32:09 +00:00
Janos Follath
e154f95e03
x509: trailing bytes in DER: correct a unit test
...
One of the unit test was failing, because it was testing behavior
that was part of the bug. Updated the return value to the correct one
2016-02-17 14:24:28 +00:00
Manuel Pégourié-Gonnard
e9c1b1a3bf
Merge remote-tracking branch 'yanesca/iss309' into development
...
* yanesca/iss309:
Improved on the previous fix and added a test case to cover both types of carries.
Removed recursion from fix #309 .
Improved on the fix of #309 and extended the test to cover subroutines.
Tests and fix added for #309 (inplace mpi doubling).
2016-01-07 13:22:27 +01:00
Simon Butcher
bfafadb45d
Change version number to 2.2.1
...
Changed version for library files and yotta module
2016-01-04 22:26:36 +00:00
Manuel Pégourié-Gonnard
8b4331aa56
Add test case for root with max_pathlen=0
...
This was already working but not tested so far
(Test case from previous commit still failing.)
Test certificates generated with:
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key
programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \
issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
selfsign=1 max_pathlen=0
programs/x509/cert_write serial=92 output_file=cert92.crt \
issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK"
mv cert9?.crt tests/data_files/dir4
rm cert9?.key
2015-11-19 11:10:33 +01:00
Manuel Pégourié-Gonnard
a3aa43da5f
Add test case for first intermediate max_pathlen=0
...
!!! This test case is currently failing !!!
(See fix in next-next commit.)
Test certificates generated with the following script:
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key
programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"
mv cert8?.crt tests/data_files/dir4
rm cert8?.key
2015-11-19 10:56:30 +01:00
Nicholas Wilson
733676b978
Allow test suites to be run on Windows
...
For a start, they don't even compile with Visual Studio due to strcasecmp
being missing. Secondly, on Windows Perl scripts aren't executable and have
to be run using the Perl interpreter directly; thankfully CMake is able to
find cygwin Perl straight away without problems.
2015-11-14 13:09:01 +00:00
Simon Butcher
8254ed2a9f
Change version number to 2.2.0
...
Changed for library and yotta module
2015-11-04 19:55:40 +00:00
Manuel Pégourié-Gonnard
a8838af8e6
Use own implementation of strsep()
...
Not available on windows, and strtok() is not a good option
2015-11-02 06:44:24 +09:00
Manuel Pégourié-Gonnard
568f1e7cb3
Merge branch 'iotssl-515-max-pathlen' into development
...
* iotssl-515-max-pathlen:
Add Changelog entries for this branch
Fix a style issue
Fix whitespace at EOL issues
Use symbolic constants in test data
Fixed pathlen contraint enforcement.
Additional corner cases for testing pathlen constrains. Just in case.
Added test case for pathlen constrains in intermediate certificates
2015-11-02 05:49:08 +09:00
Janos Follath
6c92268093
Improved on the previous fix and added a test case to cover both types
...
of carries.
2015-10-30 17:50:12 +01:00
Manuel Pégourié-Gonnard
45777c384d
Fix a style issue
2015-10-30 09:24:28 +01:00
Manuel Pégourié-Gonnard
e670f90e48
Fix whitespace at EOL issues
2015-10-30 09:23:19 +01:00
Manuel Pégourié-Gonnard
03dde85c3b
Use symbolic constants in test data
2015-10-30 09:18:06 +01:00
Simon Butcher
c87747b675
Removed debug code accidentally left in test code
...
Removed debug code accidentally left in test_suite_x509parse.function.
2015-10-27 15:16:51 +00:00
Simon Butcher
5f7c34b8b0
Merge branch iotssl-521-keylen-check
2015-10-27 15:14:55 +00:00
Janos Follath
6cbacec3b3
Improved on the fix of #309 and extended the test to cover subroutines.
2015-10-25 12:31:27 +01:00
Janos Follath
044a86bde8
Tests and fix added for #309 (inplace mpi doubling).
2015-10-25 10:58:03 +01:00
Manuel Pégourié-Gonnard
65eefc8707
Fix missing check for RSA key length on EE certs
...
- also adapt tests to use lesser requirement for compatibility with old
testing material
2015-10-23 16:19:53 +02:00
Manuel Pégourié-Gonnard
fadacb9d0b
Merge branch 'development' into iotssl-461-ecjpake-finalization
...
* development: (73 commits)
Bump yotta dependencies version
Fix typo in documentation
Corrected misleading fn description in ssl_cache.h
Corrected URL/reference to MPI library
Fix yotta dependencies
Fix minor spelling mistake in programs/pkey/gen_key.c
Bump version to 2.1.2
Fix CVE number in ChangeLog
Add 'inline' workaround where needed
Fix references to non-standard SIZE_T_MAX
Fix yotta version dependencies again
Upgrade yotta dependency versions
Fix compile error in net.c with musl libc
Add missing warning in doc
Remove inline workaround when not useful
Fix macroization of inline in C++
Changed attribution for Guido Vranken
Merge of IOTSSL-476 - Random malloc in pem_read()
Fix for IOTSSL-473 Double free error
Fix potential overflow in CertificateRequest
...
Conflicts:
include/mbedtls/ssl_internal.h
library/ssl_cli.c
2015-10-20 15:00:29 +02:00
Janos Follath
ef4f2588f3
Additional corner cases for testing pathlen constrains. Just in case.
2015-10-11 16:17:27 +02:00
Janos Follath
822b2c33b9
Added test case for pathlen constrains in intermediate certificates
2015-10-11 10:39:15 +02:00
Manuel Pégourié-Gonnard
c4e7d8a381
Bump version to 2.1.2
...
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
50a739f8c3
Add test for base64 output length
2015-09-30 16:31:10 +02:00
Manuel Pégourié-Gonnard
8cea8ad8b8
Bump version to 2.1.1
2015-09-17 11:58:45 +02:00
Manuel Pégourié-Gonnard
cd345898a0
Fix #ifdef in test suite
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
d9802af1d0
Add tests for round 2
...
Also move one check earlier as it makes more sense
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
3059095e86
Complete tests for reading round one
...
Also change the code to forbid public keys being 0
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
bbe4e52c3b
Start adding tests for EC J-PAKE round one
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
4d8685b4ff
Add skeleton for EC J-PAKE module
2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
aac5502553
Bump version to 2.1.0
2015-09-04 14:33:31 +02:00
Simon Butcher
52754594b6
Merging iotssl-457-badtail with development branch
2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard
fdbdd72b8b
Skip to trusted certs early in the chain
...
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).
closes #220
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
560fea3767
Add tests for verify callback
...
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
4d04cdcd12
Fix RSA mutex fix
...
Once the mutex is acquired, we must goto cleanup rather that return.
Since cleanup adjusts the return value, adjust that in test cases.
Also, at cleanup we don't want to overwrite 'ret', or we'll loose track of
errors.
see #257
2015-08-31 09:31:55 +02:00
Manuel Pégourié-Gonnard
38db006e0c
Finish test in pkwrite
2015-08-19 10:24:34 +02:00
Manuel Pégourié-Gonnard
04b7eec539
Fix pkwrite test that were failing on mingw32
...
Apparently fread() writes some junk after the contents of the file. Don't look
at it.
2015-08-18 19:49:40 +02:00
Manuel Pégourié-Gonnard
052d10c9d5
Accept a trailing space at end of PEM lines
...
With certs being copy-pasted from webmails and all, this will probably become
more and more common.
closes #226
2015-07-31 11:11:26 +02:00
Paul Bakker
4cb87f409d
Prepare for 2.0.0 release
2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard
a16e7c468c
Rename a debug function
2015-06-29 20:14:19 +02:00
Manuel Pégourié-Gonnard
b74c245a20
Rework debug to not need dynamic alloc
...
But introduces dependency on variadic macros
2015-06-29 20:08:23 +02:00
Manuel Pégourié-Gonnard
4fd0b256a8
Fix dual use of buffer in test
...
x509_get_name() does not make defensive copies of strings in its input (which
is OK as usually the caller will have made a copy already), so we shouldn't
reuse its input buffer as an output while "parsed" is still alive.
2015-06-26 14:15:48 +02:00
Manuel Pégourié-Gonnard
4b00f08e20
Fix snprintf test
...
Our Windows implementation based on vsnprintf_s( ..., _TRUNCATE ) sometimes
writes *two* terminating NULLs. Allow for that, but obviously bytes past the
end of the buffer mustn't be touched.
2015-06-26 14:10:13 +02:00
Manuel Pégourié-Gonnard
ac5361f7dc
Fix small issues in tests found by Coverity
2015-06-24 01:08:09 +02:00
Manuel Pégourié-Gonnard
fd474233c8
Change SSL debug API in the library
2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard
d23f593737
Avoid static buffer in debug module
...
Caused issues in threading situations
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
655a964539
Adapt check_key_usage to new weird bits
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
9a702255f4
Add parsing/printing for new X.509 keyUsage flags
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
07894338a0
Rename M255 to Curve25519
2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
9386664543
Move from inttypes.h to stdint.h
...
Some toolchains do not have inttypes.h, and we only need stdint.h which is a
subset of it.
2015-06-22 23:41:26 +02:00
Manuel Pégourié-Gonnard
e91e21cf1b
Simplify code in test suites
...
Hopefully makes it easier on static analyzers
2015-06-22 18:47:07 +02:00
Manuel Pégourié-Gonnard
7b6dcbe993
Add tests for snprintf
...
- Added in each tests program to be sure they are run (putting them in a test
suite/function specific to the platform layer would cause them to be skipped
when PLATFORM_C is not defined).
- Platforms have already moved from a standard to a broken snprintf in the
past [1], so make sure to catch that if it ever happens again.
[1]: http://sourceforge.net/p/mingw-w64/mailman/message/31241434/
2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard
d5f38b045d
Fix dependencies on time on x509 test suite
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
7580ba475d
Add a concept of entropy source strength.
...
The main goal is, we want and error if cycle counter is the only source.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
c0696c216b
Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen
2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard
097c7bb05b
Rename relevant global symbols from size to bitlen
...
Just applying rename.pl with this file:
mbedtls_cipher_get_key_size mbedtls_cipher_get_key_bitlen
mbedtls_pk_get_size mbedtls_pk_get_bitlen
MBEDTLS_BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
MBEDTLS_BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
2015-06-18 16:43:38 +02:00
Manuel Pégourié-Gonnard
797f48ace6
Rename ecp_curve_info.size to bit_size
2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard
b31c5f68b1
Add SSL presets.
...
No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values.
2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard
cbb1f6e5cb
Implement cert profile checking
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
9505164ef4
Create cert profile API (unimplemented yet)
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
bc7bbbc85a
Remove duplicated tests for x509_verify_info()
2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
ba56136b5c
Avoid in-out length in base64
2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard
3335205a21
Avoid in-out length in dhm_calc_secret()
2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard
f79b425226
Avoid in-out length parameter in bignum
2015-06-02 15:41:48 +01:00
Manuel Pégourié-Gonnard
c730ed3f2d
Rename boolean functions to be clearer
2015-06-02 10:38:50 +01:00
Manuel Pégourié-Gonnard
d14acbc31a
Test assumptions we make about the platform
...
Things that are not guaranteed by the standard but should be true of all
platforms of interest to us:
- 8-bit chars
- NULL pointers represented by all-bits-zero
2015-05-29 12:25:40 +02:00
Manuel Pégourié-Gonnard
cb46fd8216
Avoid non-standard strcasecmp()
2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard
41b9c2b418
Remove individual mdX_file() and shaX_file()
2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
bfffa908a6
Implement md_file in the MD layer
2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
7551cb9ee9
Replace malloc with calloc
...
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard
5e94ddebbc
Create ssl_internal.h and move some functions
2015-05-26 11:57:05 +02:00
Manuel Pégourié-Gonnard
d9e6a3ac10
Rename pk_init_ctx() -> pk_setup()
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
8473f87984
Rename cipher_init_ctx() to cipher_setup()
2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
e6ef16f98c
Change X.509 verify flags to uint32_t
2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard
e3a062ba1f
Rename ecp_use_known_dp -> mbedtls_ecp_group_load()
2015-05-11 18:46:47 +02:00
Manuel Pégourié-Gonnard
23ee4d65a3
Rm ecp_small tests (use only named groups)
2015-05-11 18:02:58 +02:00
Manuel Pégourié-Gonnard
6729e79482
Rename ssl_set_xxx() to ssl_conf_xxx()
2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
d36e33fc07
Move easy ssl_set_xxx() functions to work on conf
...
mbedtls_ssl_set_alpn_protocols
mbedtls_ssl_set_arc4_support
mbedtls_ssl_set_authmode
mbedtls_ssl_set_ciphersuites
mbedtls_ssl_set_ciphersuites_for_version
mbedtls_ssl_set_curves
mbedtls_ssl_set_dbg
mbedtls_ssl_set_dh_param
mbedtls_ssl_set_dh_param_ctx
mbedtls_ssl_set_dtls_anti_replay
mbedtls_ssl_set_dtls_badmac_limit
mbedtls_ssl_set_dtls_cookies
mbedtls_ssl_set_encrypt_then_mac
mbedtls_ssl_set_endpoint
mbedtls_ssl_set_extended_master_secret
mbedtls_ssl_set_handshake_timeout
mbedtls_ssl_legacy_renegotiation
mbedtls_ssl_set_max_version
mbedtls_ssl_set_min_version
mbedtls_ssl_set_psk_cb
mbedtls_ssl_set_renegotiation
mbedtls_ssl_set_renegotiation_enforced
mbedtls_ssl_set_renegotiation_period
mbedtls_ssl_set_session_cache
mbedtls_ssl_set_session_ticket_lifetime
mbedtls_ssl_set_sni
mbedtls_ssl_set_transport
mbedtls_ssl_set_truncated_hmac
mbedtls_ssl_set_verify
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
419d5ae419
Make endpoint+transport args of config_defaults()
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
def0bbe3ab
Allocate ssl_config out of ssl_setup()
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
d5a9e41296
Adapt test_suite_debug to recent changes
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
da61ed3346
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Include changes from the 1.2 branch
Remove unused headers in o_p_test
Add countermeasure against cache-based lucky 13
Make results of (ext)KeyUsage accessible
Fix missing NULL check in MPI
Fix detection of getrandom()
Fix "make install" handling of symlinks
Fix bugs in programs displaying verify flags
Conflicts:
Makefile
include/polarssl/ssl.h
library/entropy_poll.c
library/ssl_srv.c
library/ssl_tls.c
programs/test/o_p_test.c
programs/test/ssl_cert_test.c
programs/x509/cert_app.c
2015-04-30 10:38:44 +02:00
Manuel Pégourié-Gonnard
770b5e1e9e
Fix missing NULL check in MPI
2015-04-29 17:02:01 +02:00
Manuel Pégourié-Gonnard
41d479e7df
Split ssl_init() -> ssl_setup()
2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
8d128efd48
Split mbedtls_ctr_drbg_init() -> seed()
2015-04-28 22:38:08 +02:00
Manuel Pégourié-Gonnard
f9e9481bc5
Split mbedtls_hmac_drbg_init() -> seed{,_buf}()
2015-04-28 22:07:14 +02:00
Manuel Pégourié-Gonnard
c34e8dd265
Split mbedtls_gcm_init() -> gcm_setkey()
2015-04-28 21:42:17 +02:00
Manuel Pégourié-Gonnard
6963ff0969
Split mbedtls_ccm_init() -> setkey()
2015-04-28 18:02:54 +02:00
Manuel Pégourié-Gonnard
e6028c93f5
Fix some X509 macro names
...
For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard
e75fa70b36
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Make results of (ext)KeyUsage accessible
Use x509_crt_verify_info() in programs
Add x509_crt_verify_info()
Conflicts:
ChangeLog
include/mbedtls/x509_crt.h
include/polarssl/ssl.h
include/polarssl/x509.h
library/ssl_srv.c
library/ssl_tls.c
library/x509_crt.c
programs/ssl/ssl_client1.c
programs/ssl/ssl_client2.c
programs/ssl/ssl_mail_client.c
programs/ssl/ssl_server2.c
programs/test/ssl_cert_test.c
programs/x509/cert_app.c
tests/ssl-opt.sh
tests/suites/test_suite_x509parse.function
2015-04-20 11:51:34 +01:00
Manuel Pégourié-Gonnard
b5f48ad82f
manually merge 39a183a
add x509_crt_verify_info()
2015-04-20 11:22:57 +01:00
Manuel Pégourié-Gonnard
de9b363fbd
Merge branch mbedtls-1.3 into development
...
* commit '95f0089':
Update Changelog for DH params
Add test case for dh params with privateValueLength
accept PKCS#3 DH parameters with privateValueLength included
Conflicts:
library/dhm.c
2015-04-17 20:07:22 +02:00
Manuel Pégourié-Gonnard
39a183a629
Add x509_crt_verify_info()
2015-04-17 17:24:25 +02:00
Manuel Pégourié-Gonnard
5119df2022
Add test case for dh params with privateValueLength
2015-04-15 13:50:29 +02:00
Manuel Pégourié-Gonnard
e6c8366b46
Fix bug in pk_parse_key()
2015-04-15 11:21:24 +02:00
Manuel Pégourié-Gonnard
e1e5871a55
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Fix bug in pk_parse_key()
Update generated file
Conflicts:
library/pkparse.c
library/version_features.c
2015-04-15 10:50:34 +02:00
Manuel Pégourié-Gonnard
924cd100a6
Fix bug in pk_parse_key()
2015-04-14 11:18:04 +02:00
Manuel Pégourié-Gonnard
2cf5a7c98e
The Great Renaming
...
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
6c7af4c200
Fix a few internal name choices
2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard
932e3934bd
Fix typos & Co
2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard
26c9f90cae
Merge branch 'mbedtls-1.3' into development
...
* mbedtls-1.3:
Add missing depends in x509 programs
Simplify ifdef checks in programs/x509
Fix thread safety issue in RSA operations
Add test certificate for bitstring in DN
Add support for X.520 uniqueIdentifier
Accept bitstrings in X.509 names
2015-03-31 17:56:15 +02:00
Manuel Pégourié-Gonnard
348bcb3694
Make RSA_ALT support optionnal
2015-03-31 14:01:33 +02:00
Manuel Pégourié-Gonnard
dfdcac9d51
Merge ecdsa_write_signature{,_det}() together
2015-03-31 11:41:42 +02:00
Manuel Pégourié-Gonnard
b8cfe3f0d9
pk_sign() now requires non-NONE md_alg for ECDSA
2015-03-31 11:14:41 +02:00
Manuel Pégourié-Gonnard
39ead3ef2f
Add test certificate for bitstring in DN
2015-03-27 13:11:33 +01:00
Manuel Pégourié-Gonnard
19d644b7d1
Add more tests for MD utility functions
2015-03-26 12:42:35 +01:00
Manuel Pégourié-Gonnard
abb674467b
Rename md_init_ctx() to md_setup()
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
4063ceb281
Make hmac_ctx optional
...
Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
ec4a339c2a
Remove tests for xxx_hmac()
2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard
40fc4155d3
Add generic HMAC tests from mdx.data
...
In preparation of moving HMAC to the MD layer, this ensures all tests that are
present in a specific MDx/SHAx suite are now present in the MD suite too.
2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard
a115def330
Fix tests and programs to use md_get_xxx()
2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard
e46c6c38c9
Fix tests to work with DEPRECATED_REMOVED
2015-03-23 14:11:11 +01:00
Manuel Pégourié-Gonnard
079333bf77
Fix use of deprecated function in test
2015-03-20 18:23:56 +00:00
Manuel Pégourié-Gonnard
48d3cef31a
Fix use of deprecated function in test
2015-03-20 18:21:12 +00:00
Manuel Pégourié-Gonnard
240b092a6c
Drop dummy self_test functions
2015-03-19 15:30:28 +00:00
Manuel Pégourié-Gonnard
b6b16bddc3
Drop pbkdf2 module (superseded by pkcs5)
2015-03-11 11:31:51 +00:00
Manuel Pégourié-Gonnard
f9c1387b9d
Drop POLARSSL_ERROR_STRERROR_BC
2015-03-11 10:59:38 +00:00
Manuel Pégourié-Gonnard
7f8099773e
Rename include directory to mbedtls
2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard
d901d17817
Merge branch 'development' into dtls
...
* development: (100 commits)
Update Changelog for the mem-measure branch
Fix issues introduced when rebasing
Fix compile error in memory_buffer_alloc_selftest
Code cosmetics
Add curve25519 to ecc-heap.sh
Add curve25519 to the benchmark program
Fix compile issue when buffer_alloc not available
New script ecc-heap.sh
Fix unused variable issue in some configs
Rm usunused member in private struct
Add heap usage for PK in benchmark
Use memory_buffer_alloc() in benchmark if available
Only define mode_func if mode is enabled (CBC etc)
PKCS8 encrypted key depend on PKCS5 or PKCS12
Disable SRV_C for client measurement
Output stack+heap usage with massif
Enable NIST_OPTIM by default for config-suite-b
Refactor memory.sh
Adapt memory.sh to config-suite-b
Adapt mini-client for config-suite-b.h
...
Conflicts:
ChangeLog
include/polarssl/net.h
library/Makefile
library/error.c
library/ssl_tls.c
programs/Makefile
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
tests/Makefile
2015-02-16 18:44:39 +00:00
Manuel Pégourié-Gonnard
ab025803ed
Merge remote-tracking branch 'rich/platform' into development
...
* rich/platform:
modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
modify programs/*.c to use polarssl_snprintf
2015-02-16 16:10:51 +00:00
Manuel Pégourié-Gonnard
e43187d59d
Fix possible fd leak in test file
2015-02-16 09:13:40 +00:00
Rich Evans
012acfc20f
modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
2015-02-13 16:52:49 +00:00
Rich Evans
3d62e72648
fix bug introduced by the addition of snprintf and assert macro which caused tests to fail without polarssl_platform_c defined
2015-02-13 13:50:26 +00:00
Rich Evans
4c09114c32
add macro definition of assert using polarssl_exit
2015-02-13 13:50:26 +00:00
Rich Evans
77d3638497
modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
2015-02-13 13:50:26 +00:00
Rich Evans
6aa04bcd85
modify scripts/* and tests/* to use polarssl_snprintf
2015-02-13 13:50:26 +00:00
Rich Evans
63adb49062
Fix compile warning in tests/
...
where result_len at tests/suites/test_suite_ccm.function:165 is
potentially uninitialized using gcc-4.8.2.
2015-02-10 14:37:49 +00:00
Rich Evans
ce2f237697
change test function includes to use one convention
2015-02-10 11:28:46 +00:00
Rich Evans
00ab47026b
cleanup library and some basic tests. Includes, add guards to includes
2015-02-10 11:28:46 +00:00
Rich Evans
4291445377
fix style issues with tests/suites/helpers.function
2015-02-10 10:14:15 +00:00
Rich Evans
1fef5ff5ec
fix always true assertion
2015-02-10 10:14:15 +00:00
Paul Bakker
daae3b749b
Prepare for mbed TLS 1.3.10 release
2015-02-08 15:49:54 +01:00
Manuel Pégourié-Gonnard
4eaf8f02bb
Merge branch 'development' into dtls
...
* development:
Support composite RDNs in X.509 certs parsing
2015-02-05 11:01:37 +00:00
Manuel Pégourié-Gonnard
555fbf8758
Support composite RDNs in X.509 certs parsing
2015-02-04 17:11:55 +00:00
Manuel Pégourié-Gonnard
2a0718d947
Merge branch 'development' into dtls
...
* development: (46 commits)
Fix url again
Fix small bug in base64_encode()
Fix depend that was checked but not documented
Fix dependency that was not checked
Minor gitginore fixes
Move some ignore patterns to subdirectories
Ignore CMake/MSVC-related build files.
Re-categorize changelog entry
Fix misattribution
Minor nits with stdout/stderr.
Add cmake compatibility targets
Add script for polarssl symlink creation
Fix more stdio inclusion issues
Add debug info for cert/suite selection
Fix possible portability issue
Fix bug in ssl_get_verify_result()
aescrypt2.c local char array not initial
Update Changelog
Fix mips64 bignum implementation
Fix usage string of ssl_client2
...
Conflicts:
include/polarssl/ssl.h
library/CMakeLists.txt
library/Makefile
programs/Makefile
programs/ssl/ssl_client2.c
programs/ssl/ssl_server2.c
visualc/VS2010/PolarSSL.sln
visualc/VS2010/mbedTLS.vcxproj
visualc/VS6/mbedtls.dsp
visualc/VS6/mbedtls.dsw
2015-01-29 11:29:12 +00:00
Manuel Pégourié-Gonnard
9ad7b6ebde
Rm spurious printf from test function
2015-01-28 15:28:28 +01:00
Rich Evans
920aa9c8ee
change more references to (f)printf to polarssl_(f)printf to allow overriding
2015-01-28 15:28:28 +01:00
Rich Evans
3d536ba30c
fix main_test.function to use polarssl (f)printf functions
2015-01-28 15:28:27 +01:00
Manuel Pégourié-Gonnard
0ac1d2d5ca
Fix error while removing memory.h usage
2015-01-26 16:44:37 +00:00
Manuel Pégourié-Gonnard
d43ccb66fb
Quit using deprecated header.
2015-01-23 17:38:09 +00:00
Manuel Pégourié-Gonnard
eab72e2ced
Merge branch 'development' into dtls
...
* development:
Update copyright
Fix issue in compat.sh
Rename doxyfile
Rename to mbed TLS in tests/
Rename to mbed TLS in examples
Remove old test certificates.
Rename to mbed TLS in the documentation/comments
Change name to mbed TLS in the copyright notice
Conflicts:
doxygen/input/doc_mainpage.h
doxygen/mbedtls.doxyfile
include/polarssl/version.h
tests/compat.sh
2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard
e4f6edcda1
Rename to mbed TLS in tests/
2015-01-22 16:43:54 +00:00
Manuel Pégourié-Gonnard
edb7ed3a43
Merge commit 'd7e2483' into dtls
...
* commit 'd7e2483': (57 commits)
Skip signature_algorithms ext if PSK only
Fix bug in ssl_client2 reconnect option
Cosmetics in ssl_server2
Improve debugging message.
Fix net_usleep for durations greater than 1 second
Use pk_load_file() in X509
Create ticket keys only if enabled
Fix typo in #ifdef
Clarify documentation a bit
Fix comment on resumption
Update comment from draft to RFC
Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
Add recursion.pl to all.sh
Allow x509_crt_verify_child() in recursion.pl
Set a compile-time limit to X.509 chain length
Fix 3DES -> DES in all.sh (+ time estimates)
Add curves.pl to all.sh
Rework all.sh to use MSan instead of valgrind
Fix depends on individual curves in tests
Add script to test depends on individual curves
...
Conflicts:
CMakeLists.txt
programs/ssl/ssl_client2.c
2015-01-20 16:52:28 +00:00
Manuel Pégourié-Gonnard
f9c8a606b5
Merge commit '8b9bcec' into dtls
...
* commit '8b9bcec':
Stop assuming chars are signed
Fix len miscalculation in buffer-based allocator
Fix NULL dereference in buffer-based allocator
Add test_suite_memory_buffer_alloc
Add memory_buffer_alloc_self_test()
Fix missing bound check
Add test for ctr_drbg_update() input sanitizing
Refactor for clearer correctness/security
Stop assuming chars are signed
Conflicts:
library/ssl_tls.c
2015-01-20 16:38:39 +00:00
Paul Bakker
d7e2483bfc
Merge miscellaneous fixes into development
2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard
765bb31d24
Add test_suite_memory_buffer_alloc
2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
f5f25b3a0d
Add test for ctr_drbg_update() input sanitizing
2015-01-13 14:56:59 +01:00
Manuel Pégourié-Gonnard
cf4de32f58
Fix depends on individual curves in tests
2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard
5c2aa10c15
Fix curve dependency issues in X.509 test suite
2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard
57a5d60abb
Add tests for concatenated CRLs
2014-11-19 16:08:34 +01:00
Manuel Pégourié-Gonnard
8c9223df84
Add text view to debug_print_buf()
2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard
8a5e3d4a40
Forbid repeated X.509 extensions
2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard
b134060f90
Fix memory leak with crafted X.509 certs
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
0369a5291b
Fix uninitialised pointer dereference
2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
7c13d69cb5
Fix dependency issues
2014-11-12 00:01:34 +01:00
Manuel Pégourié-Gonnard
a1efcb084f
Implement pk_check_pair() for RSA-alt
2014-11-08 18:00:22 +01:00
Manuel Pégourié-Gonnard
70bdadf54b
Add pk_check_pair()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
30668d688d
Add ecp_check_pub_priv()
2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
2f8d1f9fc3
Add rsa_check_pub_priv()
2014-11-06 18:25:51 +01:00
Paul Bakker
f2a459df05
Preparation for PolarSSL 1.4.0
2014-10-21 16:40:54 +02:00
Manuel Pégourié-Gonnard
4956fd7437
Test and fix anti-replay functions
2014-10-21 16:32:34 +02:00
Paul Bakker
9eac4f7c4e
Prepare for release 1.3.9
2014-10-20 13:56:15 +02:00
Manuel Pégourié-Gonnard
9c911da68f
Add tests for X.509 name encoding mismatch
2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard
5d8618539f
Fix memory leak while parsing some X.509 certs
2014-10-17 12:41:41 +02:00
Manuel Pégourié-Gonnard
64938c63f0
Accept spaces at end of line/buffer in base64
2014-10-15 23:53:33 +02:00
Manuel Pégourié-Gonnard
da1b4de0e4
Increase MPI_MAX_BYTES to allow RSA 8192
2014-10-15 22:06:46 +02:00
Paul Bakker
5a5fa92bfe
x509_crt_parse() did not increase total_failed on PEM error
...
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
2014-10-03 15:47:13 +02:00
Paul Bakker
d153ef335f
Missing dependencies on POLARSSL_ECP_C fixed
2014-08-18 12:00:28 +02:00
Manuel Pégourié-Gonnard
192253aaa9
Fix buffer size in pk_write_*_pem()
2014-08-14 11:34:35 +02:00
Paul Bakker
8dcb2d7d7e
Support escaping of commas in x509_string_to_names()
2014-08-11 11:59:52 +02:00
Paul Bakker
bd51b262d1
Add 'exit' label and variable initialization to relevant test suite functions
2014-07-10 16:37:50 +02:00
Paul Bakker
318d0fe844
Auto add 'exit' label in every test function. Failed assert now goes there
2014-07-10 15:27:11 +02:00
Paul Bakker
4d0cfe80ea
Split assert() with side effects in test suite helper
2014-07-10 15:27:11 +02:00
Paul Bakker
6c343d7d9a
Fix mpi_write_string() to write "00" as hex output for empty MPI
2014-07-10 15:27:10 +02:00
Paul Bakker
5b11d026cd
Fix dependencies and includes without FS_IO and PLATFORM_C
2014-07-10 15:27:10 +02:00
Paul Bakker
ec3a617d40
Make ready for release of 1.3.8 and soversion 7
2014-07-09 10:21:28 +02:00
Paul Bakker
d2a2d61a68
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
Paul Bakker
a317a98221
Adapt programs / test suites
2014-07-09 10:19:24 +02:00
Paul Bakker
14e8be4d33
Adapted programs / test suites to _init() and _free()
2014-07-09 10:19:23 +02:00
Paul Bakker
8cfd9d8c59
Adapt programs / test suites to _init() and _free()
2014-07-09 10:19:23 +02:00
Paul Bakker
6697b6c13b
Properly free memory in new base64 tests
2014-07-04 18:35:50 +02:00
Paul Bakker
d598318661
Fix base64_decode() to return and check length correctly
2014-07-04 15:01:00 +02:00
Paul Bakker
237a847f1c
Fix typos in comments
2014-06-25 14:45:24 +02:00
Paul Bakker
2a45d1c8bb
Merge changes to config examples and configuration issues
2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
d249b7ab9a
Restore ability to trust non-CA selfsigned EE cert
2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
c4eff16516
Restore ability to use v1 CA if trusted locally
2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
f87cad9397
Fix some curve-specific depends in tests
2014-06-24 16:55:17 +02:00
Manuel Pégourié-Gonnard
8f625632bb
Fix dependencies: GCM != AEAD != CCM
2014-06-24 15:26:28 +02:00
Manuel Pégourié-Gonnard
f9378d8f11
Fix dependencies on PEM in tests and programs
2014-06-24 13:11:25 +02:00
Manuel Pégourié-Gonnard
0f7b619875
Fix tests dependencies in X509_USE_C
2014-06-24 12:54:46 +02:00
Manuel Pégourié-Gonnard
fea3102dcb
Fix dependencies on X509_CRT_C in tests
2014-06-24 12:54:46 +02:00
Paul Bakker
1c98ff96b5
Merge more test improvements and tests
...
Conflicts:
tests/suites/test_suite_cipher.blowfish.data
2014-06-24 11:12:00 +02:00
Manuel Pégourié-Gonnard
398c57b0b3
Blowfish accepts variable key len in cipher layer
2014-06-24 11:01:33 +02:00
Manuel Pégourié-Gonnard
ed5c03ff1d
Add tests for Blowfish-ECB via the cipher layer
2014-06-23 12:05:11 +02:00
Manuel Pégourié-Gonnard
f3b47243df
Split x509_csr_parse_der() out of x509_csr_parse()
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
15f58a86f7
Add test for mpi_gen_prime()
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
0dc5e0d80b
Add helper function zero_malloc for tests
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
b25f81665f
Add test for bad arguments to MD functions
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
5e7693f6ba
Add tests for bad arguments to cipher functions
2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
6deaac0e62
Add tests vectors for (3)DES via cipher layer
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
255fe4b10e
Add tests for Blowfish-ECB via the cipher layer
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
d77cd5d0c3
Add tests for x509_csr_parse
2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
66aca931bc
Add tests for pkcs5_pbes2
2014-06-23 11:52:59 +02:00
Paul Bakker
3461772559
Introduce polarssl_zeroize() instead of memset() for zeroization
2014-06-14 16:46:03 +02:00
Paul Bakker
c2ff2083ee
Merge parsing and verification of RSASSA-PSS in X.509 modules
2014-06-12 22:02:47 +02:00
Manuel Pégourié-Gonnard
c7c56b2e82
Add more tests for the entropy module
2014-06-10 15:38:44 +02:00
Manuel Pégourié-Gonnard
2c25eb0b0a
Add test_suite_entropy
2014-06-10 15:38:44 +02:00
Manuel Pégourié-Gonnard
7b4919c399
Add test vectors for XTEA CBC
...
Generate using an independent implementation found at:
https://code.google.com/p/zzt-code-base/source/browse/trunk/src/python/xtea.py
2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard
c22bb4994c
Add tests for asn1_write_ia5_string()
2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard
36178ffb87
Add tests for asn1_write_octet_string()
2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard
5873b00b7f
Add pathological RSASSA-PSS test certificates
...
Certificates announcing different PSS options than the ones actually used for
the signature. Makes sure the options are correctly passed to the verification
function.
2014-06-07 11:21:52 +02:00
Manuel Pégourié-Gonnard
97049c26d8
Add forgotten depends in test
2014-06-06 17:00:03 +02:00
Manuel Pégourié-Gonnard
d1539b1e88
Rename RSASSA_PSS_CERTIFICATES to X509_RSASSA_PSS_SUPPORT
2014-06-06 16:42:37 +02:00
Manuel Pégourié-Gonnard
854036956d
Add tests for x509 rsassa_pss params parsing
2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard
3d49b9d220
Add test helper function unhexify_alloc()
2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard
b29a7ba3f2
Fix missing depends in test_suite_pk
2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard
eacccb7fb9
Add RSASSA-PSS certificate with all defaults
2014-06-05 18:00:08 +02:00
Manuel Pégourié-Gonnard
53882023e7
Also verify CRLs signed with RSASSA-PSS
2014-06-05 17:59:55 +02:00
Manuel Pégourié-Gonnard
20422e9a3a
Add pk_verify_ext()
2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard
3a6a95d67c
Cleanup depends in PKCS#1 v2.1 test suite
2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard
5ec628a2b9
Add rsa_rsassa_pss_verify_ext()
2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard
920e1cd5e2
Add basic PSS cert verification
...
Still todo:
- handle MGF-hash != sign-hash
- check effective salt len == announced salt len
- add support in the PK layer so that we don't have to bypass it here
2014-06-04 12:09:08 +02:00
Manuel Pégourié-Gonnard
78117d57b0
Consider trailerField a constant
2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard
39868ee301
Parse CSRs signed with RSASSA-PSS
2014-06-02 16:10:30 +02:00
Manuel Pégourié-Gonnard
2a8d7fd76e
Add tests for parsing CSRs
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
8e42ff6bde
Parse CRLs signed with RSASSA-PSS
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
9df5c96214
Fix dependencies
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
e76b750b69
Finish parsing RSASSA-PSS parameters
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
f346bab139
Start parsing RSASSA-PSS parameters
2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
59a75d5b9d
Basic parsing of certs signed with RSASSA-PSS
2014-06-02 16:10:29 +02:00
Paul Bakker
1ebc0c592c
Fix typos
2014-05-22 15:47:58 +02:00
Paul Bakker
b5212b436f
Merge CCM cipher mode and ciphersuites
...
Conflicts:
library/ssl_tls.c
2014-05-22 15:30:31 +02:00
Paul Bakker
4cdb4d9bb7
X509 time-related tests depend on POLARSSL_HAVE_TIME
2014-05-22 14:22:59 +02:00
Manuel Pégourié-Gonnard
542eac5aba
Add tests for CCM via cipher layer
2014-05-20 17:26:16 +02:00
Manuel Pégourié-Gonnard
64bf996fd9
Add test vectors for Camellia-CCM
2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard
0f6b66dba1
CCM operations allow input == output
2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard
e8b8d01782
Use tighter buffers in CCM test suite
2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard
87df5ba0a1
Add test for length checks
2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard
ce77d55023
Implement ccm_auth_decrypt()
2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard
002323340a
Refactor to prepare for CCM decryption
2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard
9322e49037
Add NIST CAVS 11.0 test vectors for AES-CCM
...
Since there are 2160 test vectors fro encryption, which is a lot,
only the first one (out of ten) for each length quadruple was kept.
2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard
637eb3d31d
Add ccm_encrypt_and_tag()
2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard
9fe0d13e8d
Add ccm_init/free()
2014-05-06 12:12:45 +02:00
Manuel Pégourié-Gonnard
a6916fada8
Add (placeholder) CCM module
2014-05-06 11:28:09 +02:00
Paul Bakker
da13016d84
Prepped for 1.3.7 release
2014-05-01 14:27:19 +02:00
Paul Bakker
2a024ac86a
Merge dependency fixes
2014-04-30 16:50:59 +02:00
Paul Bakker
f96f7b607a
On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings
2014-04-30 16:02:38 +02:00
Paul Bakker
24f37ccaed
rsa_check_pubkey() now allows an E up to N
2014-04-30 13:43:51 +02:00
Paul Bakker
0f90d7d2b5
version_check_feature() added to check for compile-time options at run-time
2014-04-30 11:49:44 +02:00
Manuel Pégourié-Gonnard
3d41370645
Fix hash dependencies in X.509 tests
2014-04-29 15:29:41 +02:00
Manuel Pégourié-Gonnard
edc81ff8c2
Fix some more curve depends in X.509 tests
2014-04-29 15:10:40 +02:00
Manuel Pégourié-Gonnard
ec4d27398a
Fix curve dependencies in *keyusage tests
2014-04-29 15:06:41 +02:00
Paul Bakker
c73079a78c
Add debug_set_threshold() and thresholding of messages
2014-04-25 16:58:16 +02:00
Paul Bakker
92478c37a6
Debug module only outputs full lines instead of parts
2014-04-25 16:58:15 +02:00
Paul Bakker
eaebbd5eaa
debug_set_log_mode() added to determine raw or full logging
2014-04-25 16:58:14 +02:00
Paul Bakker
57ffa5570d
Add tests for debug_print_ret() and debug_print_buf().
2014-04-25 16:58:13 +02:00
Paul Bakker
2b34657b39
Updated Debug test suite data
2014-04-25 16:58:12 +02:00
Paul Bakker
8a0c0a9ed9
Check additional return values in some test cases
2014-04-17 17:24:23 +02:00
Paul Bakker
94b916c7b5
Split assignment and assert check into seperate lines in tests
2014-04-17 16:07:20 +02:00
Paul Bakker
dd0aae92e0
Replaced strcpy() with strncpy() in tests suites
2014-04-17 16:06:37 +02:00
Paul Bakker
b6487dade9
Fixed result for test case in test_suite_x509parse
2014-04-17 16:04:33 +02:00
Paul Bakker
784b04ff9a
Prepared for version 1.3.6
2014-04-11 15:33:59 +02:00
Paul Bakker
d8b0c5ef01
Fixed typo
2014-04-11 15:31:33 +02:00
Paul Bakker
52c5af7d2d
Merge support for verifying the extendedKeyUsage extension in X.509
2014-04-11 13:58:57 +02:00
Paul Bakker
1630058dde
Potential buffer overwrite in pem_write_buffer() fixed
...
Length indication when given a too small buffer was off.
Added regression test in test_suite_pem to detect this.
2014-04-11 13:58:05 +02:00
Manuel Pégourié-Gonnard
add05d7125
Fix some dependency declarations in X.509 tests
2014-04-11 11:12:40 +02:00
Manuel Pégourié-Gonnard
7afb8a0dca
Add x509_crt_check_extended_key_usage()
2014-04-11 11:09:00 +02:00
Paul Bakker
5c986f5244
Make test suite checks dependent on POLARSSL_X509_CHECK_KEY_USAGE
2014-04-09 16:58:51 +02:00
Manuel Pégourié-Gonnard
99d4f19111
Add keyUsage checking for CAs
2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
603116c570
Add x509_crt_check_key_usage()
2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
0148875cfc
Add tests and fix bugs for RSA-alt contexts
2014-04-04 17:46:46 +02:00
Manuel Pégourié-Gonnard
edb242fb2f
Minimally test md_process and associated wrappers
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
f8708ddc95
Also test shax_hmac_reset in test_suite_hmac_shax
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
9ce7e8414a
Add test for des_key_check_weak()
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
3fec220a33
Add test for dhm_parse_dhmfile
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
66dfc5a689
Add test for cipher_list()
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
f3013830cc
Tests for MD info functions
2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
5819db1384
Test RIPEMD160 via MD layer more completely
2014-04-04 16:34:37 +02:00
Manuel Pégourié-Gonnard
59ba4e983b
Test generic md_hmac_reset()
2014-04-04 16:34:37 +02:00
Manuel Pégourié-Gonnard
58319e7f5c
Test mdX_hmax_reset() functions
2014-04-04 16:34:37 +02:00
Manuel Pégourié-Gonnard
7afdb88216
Test and fix x509_oid functions
2014-04-04 16:34:30 +02:00
Manuel Pégourié-Gonnard
6c1a73e061
Improve x509xrite_csr testing: extensions, version
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
c5ce83a3b8
Improve x509xrite_csr testing: extensions, ECDSA
2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
52a555cd7d
Also test backwards compat strerror() function
2014-04-04 16:33:00 +02:00
Manuel Pégourié-Gonnard
7b30cfc5b0
x509_crt_info() list output cosmectics
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
f6f4ab40d3
Print extended key usage in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
65c2ddc318
Print key_usage in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
bce2b30855
Print subject alt name in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
919f8f5829
Print NS Cert Type in x509_crt_info()
2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
b28487db1f
Start printing extensions in x509_crt_info()
2014-04-04 14:01:39 +02:00
Paul Bakker
96d5265315
Made ready for release 1.3.5
2014-03-26 16:55:50 +01:00
Manuel Pégourié-Gonnard
c042cf0013
Fix broken tests due to changed error code
...
Introduced in 5246ee5c59
2014-03-26 14:12:20 +01:00
Manuel Pégourié-Gonnard
a11a77f316
Add test for SpecifiedECDomain
2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard
c7a88a960d
Fix more depend issues on specific curves
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
9533765b25
Reject certs and CRLs from the future
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
6304f786e0
Add x509_time_future()
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
29dcc0b93c
Fix depend issues in test suites for cipher modes
2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
c9093085ed
Revert "Merged RSA-PSS support in Certificate, CSR and CRL"
...
This reverts commit ab50d8d30c
, reversing
changes made to e31b1d992a
.
2014-02-12 09:39:59 +01:00
Paul Bakker
ab50d8d30c
Merged RSA-PSS support in Certificate, CSR and CRL
2014-02-06 13:14:56 +01:00
Manuel Pégourié-Gonnard
fbf0915404
Fix bug in RSA PKCS#1 v1.5 "reversed" operations
2014-02-05 17:01:24 +01:00
Manuel Pégourié-Gonnard
c4919bc528
Add tests for rsa_copy()
2014-02-05 17:00:39 +01:00
Manuel Pégourié-Gonnard
725afd8b55
Fix the 'error' test suite
2014-02-01 11:54:28 +01:00
Manuel Pégourié-Gonnard
e6cdbbd40b
Add tests for th init_buf() variant of HMAC_DRBG
2014-02-01 11:30:03 +01:00
Manuel Pégourié-Gonnard
7575daa1f2
Expand CTR_DRBG test coverage
2014-01-31 12:16:54 +01:00
Manuel Pégourié-Gonnard
b3b205e081
Clean up details in ctr_drbg_selftest()
2014-01-31 12:04:06 +01:00
Manuel Pégourié-Gonnard
79afaa0551
Add hmac_drbg_selftest()
2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard
62273b88ab
Add NIST validation tests for HMAC_DRBG pr=true
2014-01-31 10:19:05 +01:00
Manuel Pégourié-Gonnard
24600b7c8a
Add NIST validation tests for HMAC_DRBG nopr
2014-01-31 09:58:12 +01:00
Manuel Pégourié-Gonnard
4f880a5dc2
Add misc tests for HMAC_DRBG
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
48bc3e81da
Add hmac_drbg_{write,update}_seed_file()
2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
6801f39397
Add NIST no_reseed validation tests for HMAC_DRBG
2014-01-30 23:17:33 +01:00
Paul Bakker
2aca241425
Ready for release 1.3.4
2014-01-27 11:59:30 +01:00
Paul Bakker
42099c3155
Revert "Add pk_rsa_set_padding() and rsa_set_padding()"
...
This reverts commit b4fae579e8
.
Conflicts:
library/pk.c
tests/suites/test_suite_pk.data
tests/suites/test_suite_pk.function
2014-01-27 11:59:29 +01:00
Manuel Pégourié-Gonnard
41cae8e1f9
Parse CSRs signed with RSASSA-PSS
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
d4fd57dda4
Add tests for parsing CSRs
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
5eeb32b552
Parse CRLs signed with RSASSA-PSS
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
ce7c6fd433
Fix dependencies
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
3c1e8b539c
Finish parsing RSASSA-PSS parameters
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
d9fd87be33
Start parsing RSASSA-PSS parameters
2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
b1d4eb16e4
Basic parsing of certs signed with RSASSA-PSS
2014-01-25 12:48:58 +01:00
Paul Bakker
556efba51c
Added AES CFB8 mode
2014-01-24 15:38:12 +01:00
Manuel Pégourié-Gonnard
a56d363724
Fix missing dependency declaration in test
2014-01-23 17:50:56 +01:00
Manuel Pégourié-Gonnard
027a7cb800
Rm now useless test helper function
2014-01-23 17:00:33 +01:00
Manuel Pégourié-Gonnard
544416aa99
Fix failing ECDH test (test vectors misuse)
2014-01-23 16:55:18 +01:00
Paul Bakker
bf98c3dd11
Merged deterministic ECDSA
...
Conflicts:
library/ecdsa.c
2014-01-23 15:48:01 +01:00
Manuel Pégourié-Gonnard
2d5f142dc6
Fix warning in main_test
2014-01-22 16:01:17 +01:00
Manuel Pégourié-Gonnard
dfab4c1193
Add forgotten #ifdef and depends_on
2014-01-22 16:01:06 +01:00
Manuel Pégourié-Gonnard
e707eb6df3
Fix unused variable in test case
2014-01-22 14:57:36 +01:00
Paul Bakker
5862eee4ca
Merged RIPEMD-160 support
2014-01-22 14:18:34 +01:00
Paul Bakker
61b699ed1b
Renamed RMD160 to RIPEMD160
2014-01-22 14:17:31 +01:00
Paul Bakker
0ac99ca7bc
Merged support for secp224k1, secp192k1 and secp25k1
2014-01-22 13:10:48 +01:00
Manuel Pégourié-Gonnard
b4fae579e8
Add pk_rsa_set_padding() and rsa_set_padding()
2014-01-22 13:03:27 +01:00
Manuel Pégourié-Gonnard
ea499a7321
Add support for secp192k1
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
18e3ec9b4d
Add support for secp224k1
2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
e4d47a655b
Add RIPEMD-160 to the generic MD layer
2014-01-17 20:41:32 +01:00
Manuel Pégourié-Gonnard
ff40c3ac34
Add HMAC support to RIPEMD-160
2014-01-17 20:04:59 +01:00
Manuel Pégourié-Gonnard
130fe97055
Tighten sizes in mdx.function
2014-01-17 14:23:48 +01:00
Manuel Pégourié-Gonnard
df2437d156
Rm redundant "depends" in mdx.data
2014-01-17 14:09:46 +01:00
Manuel Pégourié-Gonnard
cab4a8807c
Add RIPEMD-160 (core functions)
2014-01-17 14:04:25 +01:00
Manuel Pégourié-Gonnard
f51c8fc353
Add support for secp256k1 arithmetic
2014-01-10 18:17:18 +01:00
Manuel Pégourié-Gonnard
937340bce0
Add ecdsa_write_signature_det()
2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
4daaef7e27
Add ecdsa_sign_det() with test vectors
2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
fae079e4c5
Adapt ECDSA tests to new ecp_gen_keypair()
2014-01-06 11:01:24 +01:00
Manuel Pégourié-Gonnard
217a29c844
Fix bug in rnd_pseudo_rnd() test helper function
...
Only the first 4 bytes of the output were set, the rest was untouched.
2014-01-03 12:19:19 +01:00
Paul Bakker
5bc07a3d30
Prepped for 1.3.3
2013-12-31 10:57:44 +01:00
Paul Bakker
3a8cb6ff8e
Proper const modifier in test_suite_x509_csr_check()
2013-12-30 20:41:54 +01:00
Paul Bakker
a5320904bf
Fixed dependency on POLARSSL_GENPRIME in PK tests
2013-12-19 17:29:52 +01:00
Paul Bakker
474c2ce05f
Fixed dependencies for some tests
2013-12-19 16:40:30 +01:00
Manuel Pégourié-Gonnard
a60fe8943d
Add mpi_safe_cond_swap()
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
357ff65a51
Details in ecp_mul_mxz()
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
fe0af405f9
Adapt ecp_gen_keypair() to Curve25519
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
9a4a5ac4de
Fix bug in mpi_set_bit
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
a0179b8c4a
Change ecp_mul to handle Curve25519 too
2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
312d2e8ea2
Adapt key checking functions for Curve25519
2013-12-05 15:58:38 +01:00
Paul Bakker
76af736a47
Merged splitting off curves from ecp.c into ecp_curves.c
2013-12-02 22:01:26 +01:00
Paul Bakker
a2ffccd09f
Fixed memory leak in new x509parse test
2013-12-02 21:56:37 +01:00
Manuel Pégourié-Gonnard
a0d758b917
Fix typo in test dependency
2013-12-02 16:34:24 +01:00
Paul Bakker
c680405135
Removed test for empty data_files/dir0
...
dir0 is not in git (empty directories cannot be added to git)
2013-12-02 15:26:02 +01:00
Paul Bakker
014f143c2a
Merged EC key generation support
2013-12-02 14:55:09 +01:00
Manuel Pégourié-Gonnard
0267e3dc9b
Add ecp_curve_info_from_name()
2013-11-30 15:10:14 +01:00
Manuel Pégourié-Gonnard
104ee1d1f6
Add ecp_genkey(), prettier wrapper
2013-11-30 14:35:07 +01:00
Manuel Pégourié-Gonnard
fbae2a1f53
Add tests for x509_crt_parse_path()
2013-11-28 18:07:39 +01:00
Paul Bakker
3ddfa663a5
Renamed test_offset to prevent clash with one in ctr_drbg.c
2013-11-26 17:45:20 +01:00
Paul Bakker
3209ce3692
Merged ECP improvements
2013-11-26 15:19:17 +01:00
Paul Bakker
e4c71f0e11
Merged Prime generation improvements
2013-11-25 14:27:28 +01:00
Paul Bakker
8fc30b178c
Various const fixes
2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard
378fb4b70a
Split mpi_is_prime() and make its first arg const
2013-11-22 19:40:32 +01:00
Manuel Pégourié-Gonnard
3e3d2b818c
Fix bug in mpi_safe_cond_assign()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
71c2c21601
Add mpi_safe_cond_assign()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
5868163e07
Add mpi_shrink()
2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
ff27b7c968
Tighten ecp_mul() validity checks
2013-11-21 21:56:38 +01:00
Paul Bakker
f4dc186818
Prep for PolarSSL 1.3.2
2013-11-04 17:29:42 +01:00
Paul Bakker
60b1d10131
Fixed spelling / typos (from PowerDNS:codespell)
2013-10-29 10:02:51 +01:00
Paul Bakker
7bc745b6a1
Merged constant-time padding checks
2013-10-28 14:40:26 +01:00
Paul Bakker
1642122f8b
Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer
2013-10-28 14:38:35 +01:00
Paul Bakker
3f917e230d
Merged optimizations for MODP NIST curves
2013-10-28 14:18:26 +01:00
Paul Bakker
08bb187bb6
Merged Public Key framwork tests
2013-10-28 14:11:09 +01:00
Manuel Pégourié-Gonnard
3daaf3d21d
X509 key identifiers depend on SHA1
2013-10-28 13:58:32 +01:00
Manuel Pégourié-Gonnard
f8669dabf2
Fix error.c test suite relying on old name
2013-10-28 13:58:10 +01:00
Manuel Pégourié-Gonnard
7446833626
Fix endianness issue in test helper function
2013-10-28 13:02:20 +01:00
Manuel Pégourié-Gonnard
f8ab069d6a
Make get_pkcs_padding() constant-time
2013-10-27 17:25:57 +01:00
Manuel Pégourié-Gonnard
c2bd7a2f2f
Add test vectors for Camellia-GCM via cipher layer
2013-10-24 16:49:51 +02:00
Manuel Pégourié-Gonnard
0684f74023
Add failing test vectors for Camellia-GCM auth
2013-10-24 16:19:30 +02:00
Manuel Pégourié-Gonnard
2009718fbe
Add tests for AES-{192,256}-GCM in cipher layer
2013-10-24 16:02:02 +02:00
Manuel Pégourié-Gonnard
87181d1deb
Add Camellia-GCM to th cipher layer
2013-10-24 14:02:40 +02:00
Manuel Pégourié-Gonnard
7bd8a99e11
Fix GCM dependencies
2013-10-24 13:39:39 +02:00
Manuel Pégourié-Gonnard
13e0d449f7
Add Camellia-GCM test vectors
...
https://tools.ietf.org/html/draft-kato-ipsec-camellia-gcm-03#section-4
2013-10-24 13:24:25 +02:00
Manuel Pégourié-Gonnard
083d66821e
Make GCM tests accept any cipher, not just AES
2013-10-24 13:21:39 +02:00
Manuel Pégourié-Gonnard
94dd5b4dd4
Rename GCM test suites to AES-GCM
2013-10-24 13:21:39 +02:00
Manuel Pégourié-Gonnard
e783f06f73
Start working on mod_p224
...
(Prototype, works only on 32-bit and little-endian 64-bit.)
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
cc67aee9c8
Make ecp_mod_p521 a bit faster
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
d1e7a45fdd
Rework ecp_mod_p192()
...
On x86_64, this makes it 5x faster, and ecp_mul() 17% faster for this curve.
The code is shorter too.
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
748190d319
Fix some dependency issues
2013-10-17 13:26:48 +02:00
Manuel Pégourié-Gonnard
75c7882de3
Add PK test for forbidden operations
2013-10-17 12:57:47 +02:00
Manuel Pégourié-Gonnard
67d4583835
Add PK tests for rsa encrypt/decrypt
2013-10-17 12:57:47 +02:00
Manuel Pégourié-Gonnard
b0a467fdbe
Start adding a PK test suite
2013-10-15 15:19:59 +02:00
Paul Bakker
5c17ccdf2a
Bumped version to 1.3.1
2013-10-15 13:12:41 +02:00
Manuel Pégourié-Gonnard
48ac3db551
Add OIDs for brainpool curves
2013-10-10 15:11:33 +02:00
Manuel Pégourié-Gonnard
201401646e
Fix a few selftest typos
2013-10-10 13:21:48 +02:00
Manuel Pégourié-Gonnard
43545c8b4f
Add test vectors for brainpool curves
2013-10-10 12:56:00 +02:00
Paul Bakker
1337affc91
Buffer allocator threading support
2013-09-29 15:02:11 +02:00
Paul Bakker
1ffefaca1e
Introduced entropy_free()
2013-09-29 15:01:42 +02:00
Manuel Pégourié-Gonnard
420edcaf1d
Clean up config-suite-b.h thanks to new certs
2013-09-25 11:52:38 +02:00
Manuel Pégourié-Gonnard
cc648d19dc
Adapt test cases to new certs and file names
2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
cbf3ef3861
RSA and ECDSA key exchanges don't depend on CRL
2013-09-24 21:25:53 +02:00
Paul Bakker
c27c4e2efb
Support faulty X509 v1 certificates with extensions
...
(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
2013-09-23 15:01:36 +02:00
Manuel Pégourié-Gonnard
a7496f00ff
Fix a few more warnings in small configurations
2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard
4fee79b885
Fix some more depend issues
2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard
387a211fad
Fix some dependencies in tests
2013-09-20 10:58:59 +02:00
Paul Bakker
5ad403f5b5
Prepared for 1.3.0 RC0
2013-09-18 21:21:30 +02:00
Manuel Pégourié-Gonnard
15d5de1969
Simplify usage of DHM blinding
2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard
456d3b9b0b
Make ECP error codes more specific
2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard
dd0f57f186
Check key size in cipher_setkey()
2013-09-18 14:34:32 +02:00
Paul Bakker
c559c7a680
Renamed x509_cert structure to x509_crt for consistency
2013-09-18 14:32:52 +02:00
Paul Bakker
ddf26b4e38
Renamed x509parse_* functions to new form
...
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker
369d2eb2a2
Introduced x509_crt_init(), x509_crl_init() and x509_csr_init()
2013-09-18 12:01:43 +02:00
Paul Bakker
86d0c1949e
Generalized function names of x509 functions not parse-specific
...
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
2013-09-18 12:01:42 +02:00
Paul Bakker
5187656211
Renamed X509 / X509WRITE error codes to generic (non-cert-specific)
2013-09-17 14:36:05 +02:00
Paul Bakker
36713e8ed9
Fixed bunch of X509_PARSE related defines / dependencies
2013-09-17 13:25:29 +02:00
Paul Bakker
7c6b2c320e
Split up X509 files into smaller modules
2013-09-16 21:41:54 +02:00
Paul Bakker
cff6842b39
POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C
2013-09-16 13:36:18 +02:00
Paul Bakker
77e23fb0e0
Move *_pemify() function to PEM module
2013-09-15 20:03:26 +02:00
Paul Bakker
40ce79f1e6
Moved DHM parsing from X509 module to DHM module
2013-09-15 17:43:54 +02:00
Paul Bakker
dce7fdcbc9
Fixed warnings in case POLARSSL_PEM_C is not defined
2013-09-15 17:15:26 +02:00
Paul Bakker
2292d1fad0
Fixed warnings in case POLARSSL_X509_PARSE_C is not defined
2013-09-15 17:06:49 +02:00
Paul Bakker
de56ca1097
The suite specific header should only be used when the suite is active
2013-09-15 17:05:21 +02:00
Paul Bakker
4606c7317b
Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C
2013-09-15 17:04:23 +02:00
Paul Bakker
428b9ba3b7
Moved POLARSSL_FS_IO check to .function from .data
2013-09-15 15:20:37 +02:00
Paul Bakker
e827ce013f
Fix for parse commit
2013-09-15 15:08:31 +02:00
Paul Bakker
c7bb02be77
Moved PK key writing from X509 module to PK module
2013-09-15 14:54:56 +02:00
Paul Bakker
1a7550ac67
Moved PK key parsing from X509 module to PK module
2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard
92cb1d3a91
Make CBC an option, step 3: individual ciphers
2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard
989ed38de2
Make CBC an option, step 2: cipher layer
2013-09-13 15:48:40 +02:00
Manuel Pégourié-Gonnard
4fe9200f47
Fix memory leak in GCM by adding gcm_free()
2013-09-13 13:45:58 +02:00
Manuel Pégourié-Gonnard
735b8fcb0b
Fix blunder in 8a109f1
2013-09-13 12:57:23 +02:00
Paul Bakker
9013af76a3
Merged major refactoring of x509write module into development
...
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard
0237620a78
Fix some dependencies declaration
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
31e59400d2
Add missing f_rng/p_rng arguments to x509write_crt
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
f38e71afd5
Convert x509write_crt interface to PK
2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
6de63e480d
Add EC support to x509write_key
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
7f1f0926e4
Add test for x509write_key
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
3837daec9e
Add EC support to x509write_pubkey
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
e1f821a6eb
Adapt x509write_pubkey interface to use PK
...
key_app_writer will be fixed later
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
33250b0461
Add test for x509write_pubkey_pem()
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
ee73179b2f
Adapt x509write_csr prototypes for PK
2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
27d87fa6c4
Fix many off-by-one errors
2013-09-12 11:57:00 +02:00
Paul Bakker
c0dcf0ceb1
Merged blinding additions for EC, RSA and DHM into development
2013-09-10 14:44:27 +02:00
Paul Bakker
36b7e1efe7
Merged GCM refactoring into development
...
GCM is now independent of AES and can be used as a mode for any
cipher-layer supported 128-bit based block cipher
2013-09-10 14:41:05 +02:00
Paul Bakker
a5943858d8
x509_verify() now case insensitive for cn (RFC 6125 6.4)
2013-09-09 17:21:45 +02:00
Paul Bakker
cd35803684
Changes x509_csr to x509write_csr
2013-09-09 12:38:45 +02:00
Paul Bakker
43aff2aec4
Moved GCM to use cipher layer instead of AES directly
2013-09-09 00:10:27 +02:00
Paul Bakker
5e0efa7ef5
Added POLARSSL_MODE_ECB to the cipher layer
2013-09-08 23:04:04 +02:00
Paul Bakker
2397cf3ede
First certificate writing test. Full server1.crt reconstruction
2013-09-08 15:58:15 +02:00
Manuel Pégourié-Gonnard
b8bd593741
Restrict cipher_update() for GCM
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
1af50a240b
Cipher: test multiple cycles
...
GCM-cipher: just trust the user to call update_ad at the right time
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
ed8a02bfae
Simplify DH blinding a bit
2013-09-04 17:18:28 +02:00