Janos Follath
6d3e3389e5
Add simple test for repeated IVs when using AEAD
...
In a USENIX WOOT '16 paper the authors exploit implementation
mistakes that cause Initialisation Vectors (IV) to repeat. This
did not happen in mbed TLS, and this test makes sure that this
won't happen in the future either.
A new test option is introduced to ssl-opt.sh that checks the server
and client logs for a pattern and fails in case there are any
duplicates in the lines following the matching ones. (This is
necessary because of the structure of the logging)
Added a test case as well to utilise the new option. This test forces
the TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 ciphersuite to make the
client and the server use an AEAD cipher.
Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
2016-10-13 10:26:58 +01:00
Andres AG
effb5582dd
Add test for bounds in X509 DER write funcs
2016-10-11 16:52:06 +01:00
Simon Butcher
8b459923ac
Add missing dependencies to X509 Parse test suite for P-384 curve
...
The test script curves.pl was failing on testing dependencies for the P-384
curve on the new test cases introduced by ede75f0
and 884b4fc
.
2016-07-15 12:53:25 +01:00
Janos Follath
e223527da0
X509: Future CA among trusted: add more tests
2016-07-14 12:02:56 +01:00
Janos Follath
38921c8837
X509: Future CA among trusted: add unit tests
2016-07-14 12:02:50 +01:00
Simon Butcher
64f5df5545
Changed version number to version 2.1.5
2016-06-27 19:37:08 +01:00
Simon Butcher
88aa189415
Merge branch 'mbedtls-2.1' into mbedtls-2.1
2016-06-27 01:16:16 +01:00
Janos Follath
b700c46750
Add a test for SSLv3 with extensions, server side
...
This test verifies if the server parses or sends extensions when
the protocol is SSLv3.
2016-05-23 14:43:54 +01:00
Paul Bakker
3b224ffd25
Split test into valgrind and no-valgrind version
...
Running valgrind on: "DTLS client reconnect from same port: reconnect,
nbio" results in timeouts.
New version added that runs only under valgrind. Original only runs when
valgrind is not used
2016-05-22 21:49:34 +01:00
Simon Butcher
6eb066ed56
Fixes RC4 config dependencies in tests in ssl-opt.h
...
Adds dependencies on MBEDTLS_REMOVE_ARC4_CIPHERSUITES for tests that
require RC4 to be disabled (the default config).
2016-05-19 22:25:42 +01:00
Janos Follath
f06edd695a
Remove unused code from PKCS1v15 test suite
2016-05-18 19:36:04 +01:00
Simon Butcher
282e1d9130
Add missing config dependencies to PKCS1 V15 tests
2016-05-18 19:36:03 +01:00
Janos Follath
329149e575
Add tests to cover PKCS1 v1.5 signature functions.
...
The reported memory leak should have been spotted by
make memcheck
But it wasn't. Keeping the tests for better coverage.
2016-05-18 19:36:03 +01:00
Janos Follath
c184d9d34f
Fix the broken pkcs1 v1.5 test.
...
The random buffer handed over to the test function was too small
and the remaining bytes were generated by the default (platform
dependant) function.
2016-05-18 19:36:03 +01:00
Janos Follath
b645c45865
Add tests for the bug IOTSSL-619.
...
The main goal with these tests is to test the bug in question and
they are not meant to test the entire PKCS#1 v1.5 behaviour. To
achieve full test coverage, further test cases are needed.
2016-05-18 19:30:09 +01:00
Simon Butcher
0705dd0588
Adds test for odd bit length RSA key size
...
Also tidy up ChangeLog following review.
2016-04-19 09:19:46 +01:00
Janos Follath
365b226a56
x509: trailing bytes in DER: add integration tests
2016-03-15 23:49:46 +00:00
Janos Follath
f6f5441fd1
x509: trailing bytes in DER: correct a unit test
...
One of the unit test was failing, because it was testing behavior
that was part of the bug. Updated the return value to the correct one
2016-03-15 23:48:25 +00:00
Simon Butcher
02b8d481f6
Adapt SSLv3 test configuration for new default
...
Removed SSLv3 test suites from system tests in 'compat.sh' script, and
added SSLv3 specific tests to 'all.sh'
2016-03-15 20:39:52 +00:00
Janos Follath
542ee5d8f3
Update default configuration
...
Change the default settings for SSL and modify the tests accordingly.
2016-03-07 16:34:25 +00:00
Manuel Pégourié-Gonnard
f10f85f676
Add test for yotta debug build
2016-01-08 15:08:49 +01:00
Manuel Pégourié-Gonnard
bb81b4a009
Make ar invocation more portable
...
armar doesn't understand the syntax without dash. OTOH, the syntax with dash
is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as
bundled with OS X) and armar, so it looks like the most portable syntax.
fixes #386
2016-01-08 14:52:14 +01:00
Janos Follath
79a1da6948
Improved on the previous fix and added a test case to cover both types
...
of carries.
2016-01-08 14:48:01 +01:00
Janos Follath
5429c0a7d0
Improved on the fix of #309 and extended the test to cover subroutines.
2016-01-08 14:48:00 +01:00
Janos Follath
d0e0c03520
Tests and fix added for #309 (inplace mpi doubling).
2016-01-08 14:47:16 +01:00
Simon Butcher
543e4366bc
Change version number to 2.1.4
...
Changed version for library files and yotta module
2016-01-04 22:41:11 +00:00
Manuel Pégourié-Gonnard
3cb2074a82
Add test case for root with max_pathlen=0
...
This was already working but not tested so far
(Test case from previous commit still failing.)
Test certificates generated with:
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key
programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \
issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
selfsign=1 max_pathlen=0
programs/x509/cert_write serial=92 output_file=cert92.crt \
issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK"
mv cert9?.crt tests/data_files/dir4
rm cert9?.key
2015-11-19 11:25:30 +01:00
Manuel Pégourié-Gonnard
922cd9ba36
Add test case for first intermediate max_pathlen=0
...
!!! This test case is currently failing !!!
(See fix in next-next commit.)
Test certificates generated with the following script:
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key
programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"
mv cert8?.crt tests/data_files/dir4
rm cert8?.key
2015-11-19 11:25:27 +01:00
Simon Butcher
ef43d41f67
Changed version number to 2.1.3
...
Changed for library
2015-11-04 22:08:33 +00:00
Simon Butcher
5b289208cb
Remove debugging code left in test case
...
Removed debug code from tests/suites/test_suite_x509parse.function
2015-11-04 21:50:54 +00:00
Simon Butcher
73156357ed
Disable Yotta tests from 'all tests' script
...
Yotta tests not supported in 2.1 branch
2015-11-04 00:36:30 +00:00
Manuel Pégourié-Gonnard
e34dcd7ec5
Use own implementation of strsep()
...
Not available on windows, and strtok() is not a good option
2015-11-02 06:48:40 +09:00
Jonathan Leroy
e03fa7c16a
Test certificate "Server1 SHA1, key_usage" reissued.
2015-11-02 05:58:58 +09:00
Manuel Pégourié-Gonnard
1d9348a06f
Fix a style issue
2015-11-02 05:56:08 +09:00
Manuel Pégourié-Gonnard
fd1f9e735e
Fix whitespace at EOL issues
2015-11-02 05:55:58 +09:00
Manuel Pégourié-Gonnard
841caf1b74
Use symbolic constants in test data
2015-11-02 05:55:39 +09:00
Janos Follath
36f1234d96
Additional corner cases for testing pathlen constrains. Just in case.
2015-11-02 05:55:15 +09:00
Janos Follath
c7bea3158a
Added test case for pathlen constrains in intermediate certificates
2015-11-02 05:55:02 +09:00
Manuel Pégourié-Gonnard
d13585f1b3
Small improvement to test script
2015-10-30 16:56:30 +01:00
Manuel Pégourié-Gonnard
93080dfacf
Fix missing check for RSA key length on EE certs
...
- also adapt tests to use lesser requirement for compatibility with old
testing material
2015-10-28 13:22:32 +01:00
Manuel Pégourié-Gonnard
134ca18fbc
Add key-exchanges.pl to test list
2015-10-28 13:17:18 +01:00
Manuel Pégourié-Gonnard
fe3affdad2
Add -Werror to reduced configs test scripts
2015-10-28 13:17:08 +01:00
Manuel Pégourié-Gonnard
4b56e755af
Add script to test configs with single key exchanges
2015-10-28 13:15:23 +01:00
Manuel Pégourié-Gonnard
c4cbc94d44
Small fix to 'make test' script
...
When the tests fail they don't display the number of skipped and run test
2015-10-27 10:29:26 +01:00
Manuel Pégourié-Gonnard
c4e7d8a381
Bump version to 2.1.2
...
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
50a739f8c3
Add test for base64 output length
2015-09-30 16:31:10 +02:00
Manuel Pégourié-Gonnard
2f056a0aee
Try to run yotta update for yotta build test
...
But accept failures in case we're offline
2015-09-18 14:37:54 +02:00
Manuel Pégourié-Gonnard
8cea8ad8b8
Bump version to 2.1.1
2015-09-17 11:58:45 +02:00
Manuel Pégourié-Gonnard
6ad23b9855
Make failing test more robust
...
Let the client retry longer, to make sure the server will time out before the
client gives up. Make it really longer to get a deterministic client exit
status (make sure it has time to reconnect after the server timeout).
2015-09-15 12:57:46 +02:00
Manuel Pégourié-Gonnard
259db91023
Add test without cookies
...
Tune existing tests while at it
2015-09-09 11:48:45 +02:00