Commit Graph

1344 Commits

Author SHA1 Message Date
Simon Butcher
64d60da4f6 Fix typos and add copyright statement to generate_code.pl 2016-03-09 19:32:10 +00:00
SimonB
0269dad5e5 Refactored test suite template code
Restructed test suite helper and main code to support tests suite helper
functions, changed C++ comments to C-style, and made the generated
source code more navigable.
2016-03-09 19:32:10 +00:00
SimonB
152ea18037 Added support for per test suite helper functions
Added to generate_code.pl:
    - support for per test suite helper functions
    - description of the structure of the files the script uses to construct
      the test suite file
    - delimiters through the source code to make the machine generated code
      easier to understand
2016-03-09 19:32:10 +00:00
SimonB
3ddf35526a Clarified purpose and usage of generate_code.pl
Added comments to explain purpose and usage of generate_code.pl
2016-03-09 19:32:09 +00:00
Simon Butcher
ef50c0da6e Added script to split the test case data files
Script generate-afl-tests.sh will split the test suite data files into
individual test case files, suitable for fuzzing.
2016-03-09 19:32:09 +00:00
Simon Butcher
aad787f1c7 Parameterised the test suite applications
All test suites can now take an arbitrary test file.
2016-03-09 19:32:09 +00:00
Janos Follath
e154f95e03 x509: trailing bytes in DER: correct a unit test
One of the unit test was failing, because it was testing behavior
that was part of the bug. Updated the return value to the correct one
2016-02-17 14:24:28 +00:00
Janos Follath
0b2423403c x509: trailing bytes in DER: add integration tests 2016-02-17 10:11:21 +00:00
Simon Butcher
9a3ee57c84 Merge branch 'fixes' into development 2016-01-13 02:08:02 +00:00
Manuel Pégourié-Gonnard
d091ed1911 Add scripts/apidoc_full.sh
This re-introduces the apidoc with full config.h, but hopefully with the race
conditions and other issues that the previous implementation had.

Adapt doxygen test script to use that new script, and also check for errors
in addition to warnings while at it.
2016-01-12 14:48:03 +00:00
Manuel Pégourié-Gonnard
de7ae7b2e9 Exclude some warnings from the doxygen test
Apparently travis has an old version of doxygen that doesn't know all tags in
our config. That's not something we care about, we only want to know about
warnings in our doxygen content
2016-01-08 17:01:59 +01:00
Manuel Pégourié-Gonnard
259b08a5d2 Add -s (short) option to all.sh
On my machine, that reduces running time from about 30 minutes to less than 10
minutes, while maintaining a good probability of catching the most likely
issues in practice.
2016-01-08 16:49:17 +01:00
Manuel Pégourié-Gonnard
1d552e7583 Add test script for doxygen warnings 2016-01-08 16:49:17 +01:00
Manuel Pégourié-Gonnard
d2655ac2dc Add test for yotta debug build 2016-01-08 15:05:11 +01:00
Manuel Pégourié-Gonnard
3551901cd1 Make ar invocation more portable
armar doesn't understand the syntax without dash. OTOH, the syntax with dash
is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as
bundled with OS X) and armar, so it looks like the most portable syntax.

fixes #386
2016-01-07 13:55:05 +01:00
Manuel Pégourié-Gonnard
e9c1b1a3bf Merge remote-tracking branch 'yanesca/iss309' into development
* yanesca/iss309:
  Improved on the previous fix and added a test case to cover both types of carries.
  Removed recursion from fix #309.
  Improved on the fix of #309 and extended the test to cover subroutines.
  Tests and fix added for #309 (inplace mpi doubling).
2016-01-07 13:22:27 +01:00
Simon Butcher
bfafadb45d Change version number to 2.2.1
Changed version for library files and yotta module
2016-01-04 22:26:36 +00:00
Manuel Pégourié-Gonnard
8b4331aa56 Add test case for root with max_pathlen=0
This was already working but not tested so far

(Test case from previous commit still failing.)

Test certificates generated with:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key

programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    selfsign=1 max_pathlen=0
programs/x509/cert_write serial=92 output_file=cert92.crt \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK"

mv cert9?.crt tests/data_files/dir4
rm cert9?.key
2015-11-19 11:10:33 +01:00
Manuel Pégourié-Gonnard
a3aa43da5f Add test case for first intermediate max_pathlen=0
!!! This test case is currently failing !!!
(See fix in next-next commit.)

Test certificates generated with the following script:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key

programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
    max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
    issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
    subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"

mv cert8?.crt tests/data_files/dir4
rm cert8?.key
2015-11-19 10:56:30 +01:00
Nicholas Wilson
733676b978 Allow test suites to be run on Windows
For a start, they don't even compile with Visual Studio due to strcasecmp
being missing.  Secondly, on Windows Perl scripts aren't executable and have
to be run using the Perl interpreter directly; thankfully CMake is able to
find cygwin Perl straight away without problems.
2015-11-14 13:09:01 +00:00
Simon Butcher
8254ed2a9f Change version number to 2.2.0
Changed for library and yotta module
2015-11-04 19:55:40 +00:00
Manuel Pégourié-Gonnard
a8838af8e6 Use own implementation of strsep()
Not available on windows, and strtok() is not a good option
2015-11-02 06:44:24 +09:00
Manuel Pégourié-Gonnard
0a543a8bc5 Merge pull request #320 from Inikup/fix-issue-318
Fix boolean values according to DER specs
2015-11-02 05:52:42 +09:00
Manuel Pégourié-Gonnard
568f1e7cb3 Merge branch 'iotssl-515-max-pathlen' into development
* iotssl-515-max-pathlen:
  Add Changelog entries for this branch
  Fix a style issue
  Fix whitespace at EOL issues
  Use symbolic constants in test data
  Fixed pathlen contraint enforcement.
  Additional corner cases for testing pathlen constrains. Just in case.
  Added test case for pathlen constrains in intermediate certificates
2015-11-02 05:49:08 +09:00
Janos Follath
6c92268093 Improved on the previous fix and added a test case to cover both types
of carries.
2015-10-30 17:50:12 +01:00
Manuel Pégourié-Gonnard
067523ef98 Small improvement to test script 2015-10-30 11:15:40 +01:00
Manuel Pégourié-Gonnard
45777c384d Fix a style issue 2015-10-30 09:24:28 +01:00
Manuel Pégourié-Gonnard
e670f90e48 Fix whitespace at EOL issues 2015-10-30 09:23:19 +01:00
Manuel Pégourié-Gonnard
03dde85c3b Use symbolic constants in test data 2015-10-30 09:18:06 +01:00
Simon Butcher
204606238c Merge branch 'development' into misc 2015-10-27 16:57:34 +00:00
Simon Butcher
c87747b675 Removed debug code accidentally left in test code
Removed debug code accidentally left in test_suite_x509parse.function.
2015-10-27 15:16:51 +00:00
Simon Butcher
5f7c34b8b0 Merge branch iotssl-521-keylen-check 2015-10-27 15:14:55 +00:00
Simon Butcher
e357a64355 Merge pull request #328 from ARMmbed/iotssl-461-ecjpake-finalization
Iotssl 461 ecjpake finalization
2015-10-27 00:08:31 +00:00
Janos Follath
8483e28e21 Merge remote-tracking branch 'upstream/development' into iss309 2015-10-25 12:36:03 +01:00
Janos Follath
6cbacec3b3 Improved on the fix of #309 and extended the test to cover subroutines. 2015-10-25 12:31:27 +01:00
Janos Follath
044a86bde8 Tests and fix added for #309 (inplace mpi doubling). 2015-10-25 10:58:03 +01:00
Manuel Pégourié-Gonnard
65eefc8707 Fix missing check for RSA key length on EE certs
- also adapt tests to use lesser requirement for compatibility with old
  testing material
2015-10-23 16:19:53 +02:00
Manuel Pégourié-Gonnard
503a5efef1 Add key-exchanges.pl to test list 2015-10-23 09:04:45 +02:00
Manuel Pégourié-Gonnard
50bd2607b8 Add -Werror to reduced configs test scripts 2015-10-23 08:53:34 +02:00
Manuel Pégourié-Gonnard
5df9216c9e Add script to test configs with single key exchanges 2015-10-22 16:11:39 +02:00
Manuel Pégourié-Gonnard
c8cd2c6577 Small fix to 'make test' script
When the tests fail they don't display the number of skipped and run test
2015-10-20 17:01:10 +02:00
Manuel Pégourié-Gonnard
8a7a189220 Fix curves.pl for ECJPAKE disabled by default 2015-10-20 16:56:12 +02:00
Manuel Pégourié-Gonnard
12ca6f5b9c Update ssl-opt.sh for EC J-PAKE disabled by default 2015-10-20 15:24:51 +02:00
Manuel Pégourié-Gonnard
fadacb9d0b Merge branch 'development' into iotssl-461-ecjpake-finalization
* development: (73 commits)
  Bump yotta dependencies version
  Fix typo in documentation
  Corrected misleading fn description in ssl_cache.h
  Corrected URL/reference to MPI library
  Fix yotta dependencies
  Fix minor spelling mistake in programs/pkey/gen_key.c
  Bump version to 2.1.2
  Fix CVE number in ChangeLog
  Add 'inline' workaround where needed
  Fix references to non-standard SIZE_T_MAX
  Fix yotta version dependencies again
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
  Remove inline workaround when not useful
  Fix macroization of inline in C++
  Changed attribution for Guido Vranken
  Merge of IOTSSL-476 - Random malloc in pem_read()
  Fix for IOTSSL-473 Double free error
  Fix potential overflow in CertificateRequest
  ...

Conflicts:
	include/mbedtls/ssl_internal.h
	library/ssl_cli.c
2015-10-20 15:00:29 +02:00
Manuel Pégourié-Gonnard
ca700b2371 Add config-thread.h to test-ref-configs.pl 2015-10-20 14:56:04 +02:00
Manuel Pégourié-Gonnard
eb47b870b1 Rework test-ref-configs.pl to also use ssl-opt.sh 2015-10-20 14:56:04 +02:00
Jonathan Leroy
00ee6eee54
Test certificate "Server1 SHA1, key_usage" reissued. 2015-10-14 13:15:22 +02:00
Janos Follath
ef4f2588f3 Additional corner cases for testing pathlen constrains. Just in case. 2015-10-11 16:17:27 +02:00
Janos Follath
822b2c33b9 Added test case for pathlen constrains in intermediate certificates 2015-10-11 10:39:15 +02:00
Manuel Pégourié-Gonnard
c4e7d8a381 Bump version to 2.1.2
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
50a739f8c3 Add test for base64 output length 2015-09-30 16:31:10 +02:00
Manuel Pégourié-Gonnard
2f056a0aee Try to run yotta update for yotta build test
But accept failures in case we're offline
2015-09-18 14:37:54 +02:00
Manuel Pégourié-Gonnard
d0d8cb36a4 Cache ClientHello extension
This extension is quite costly to generate, and we don't want to re-do it
again when the server performs a DTLS HelloVerify. So, cache the result the
first time and re-use if/when we build a new ClientHello.

Note: re-send due to timeouts are different, as the whole message is cached
already, so they don't need any special support.
2015-09-17 14:16:30 +02:00
Manuel Pégourié-Gonnard
6657b8da3b Fix curve-dependency test 2015-09-17 13:46:21 +02:00
Manuel Pégourié-Gonnard
8cea8ad8b8 Bump version to 2.1.1 2015-09-17 11:58:45 +02:00
Manuel Pégourié-Gonnard
921f2d02cf Add test cases with DTLS and/or password mismatch 2015-09-16 22:58:30 +02:00
Manuel Pégourié-Gonnard
0f1660ab4f Implement key exchange messages and PMS derivation
This completes the first working version. No interop testing done yet.
2015-09-16 22:58:30 +02:00
Manuel Pégourié-Gonnard
0a1324aaa1 Add client-side extension parsing 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
55c7f99112 Add server writing of the extension 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
bf57be690e Add server extension parsing
Only accept EC J-PAKE ciphersuite if extension was present and OK (single flag
for both), and ignore extension if we have no password.
2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
e511b4e7cb Ignore ECJPAKE suite if not configured on server 2015-09-16 22:58:29 +02:00
Manuel Pégourié-Gonnard
6ad23b9855 Make failing test more robust
Let the client retry longer, to make sure the server will time out before the
client gives up. Make it really longer to get a deterministic client exit
status (make sure it has time to reconnect after the server timeout).
2015-09-15 12:57:46 +02:00
Manuel Pégourié-Gonnard
259db91023 Add test without cookies
Tune existing tests while at it
2015-09-09 11:48:45 +02:00
Manuel Pégourié-Gonnard
d745a1a9b7 Add tests for hard reconnect 2015-09-08 12:40:43 +02:00
Manuel Pégourié-Gonnard
cd345898a0 Fix #ifdef in test suite 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
d9802af1d0 Add tests for round 2
Also move one check earlier as it makes more sense
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
3059095e86 Complete tests for reading round one
Also change the code to forbid public keys being 0
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
bbe4e52c3b Start adding tests for EC J-PAKE round one 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
4d8685b4ff Add skeleton for EC J-PAKE module 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Simon Butcher
52754594b6 Merging iotssl-457-badtail with development branch 2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard
fdbdd72b8b Skip to trusted certs early in the chain
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).

closes #220
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
560fea3767 Add tests for verify callback
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
d68434efba Disable some tests with valgrind
Tends to cause spurious failures on buildbots due to peer timing out.
Anyway, those tests are mainly for interop, any memory error is most likely
catched by some earlier self-op test. (Also, we'll run these tests with ASan
anyway.)
2015-08-31 12:48:22 +02:00
Manuel Pégourié-Gonnard
4d04cdcd12 Fix RSA mutex fix
Once the mutex is acquired, we must goto cleanup rather that return.
Since cleanup adjusts the return value, adjust that in test cases.

Also, at cleanup we don't want to overwrite 'ret', or we'll loose track of
errors.

see #257
2015-08-31 09:31:55 +02:00
Manuel Pégourié-Gonnard
38db006e0c Finish test in pkwrite 2015-08-19 10:24:34 +02:00
Manuel Pégourié-Gonnard
04b7eec539 Fix pkwrite test that were failing on mingw32
Apparently fread() writes some junk after the contents of the file. Don't look
at it.
2015-08-18 19:49:40 +02:00
Manuel Pégourié-Gonnard
4b7027a8da Avoid race condition in test
Apparently openssl s_server does not flush stdout, anyway sometimes the client
receives the reply and exits, thus terminating the test, before is request is
visible on the server's stdout. So, just don't check that, checking the
client's output and exit code is already enough.
2015-08-10 13:18:48 +02:00
Manuel Pégourié-Gonnard
e33316c607 Add test build of shared libs for windows 2015-08-07 13:22:37 +02:00
Manuel Pégourié-Gonnard
32da9f66a8 Add support for MBEDTLS_USER_CONFIG_FILE 2015-08-06 09:57:54 +02:00
Manuel Pégourié-Gonnard
77d56bb6c2 Add yotta test builds to all.sh 2015-08-06 09:57:53 +02:00
Manuel Pégourié-Gonnard
ab5f7b40e0 Fix indentation 2015-08-04 21:01:37 +02:00
Manuel Pégourié-Gonnard
a365addc0a Make ssl-opt.sh more robust against client timeout
Retry one time in case we have a client timeout. These should be fairly rare
but still happen from time to time with udp_proxy tests which is annoying, and
until now has never indicated an actual issue.
2015-08-04 20:59:36 +02:00
Manuel Pégourié-Gonnard
74681fa2e6 Make ssl-opt.sh more tolerant to start timeouts
Rather than flat-out die when we can't see the server started with lsof, just
stop waiting and try to go ahead with the test. Maybe it'll work if there was
a problem with lsof, most probably it will fail, but at least we'll have the
log, and the results of the following tests.

Note: date +%s isn't POSIX, but it works at least on Linux, Darwin/FreeBSD and
OpenBSD, which should be good enough for a test script.
2015-08-04 20:34:39 +02:00
Manuel Pégourié-Gonnard
bf6ed08aaa Fix list-symbols.sh
- make it work on Linux
- use all three libraries
2015-08-04 17:46:21 +02:00
Manuel Pégourié-Gonnard
9afdc83d77 Fix bashisms in test scripts 2015-08-04 17:15:13 +02:00
Manuel Pégourié-Gonnard
39e2ca9194 Use OpenSSL in compat.sh on Travis, except DTLS
Less heavy-handed than skipping all OpenSSL interop
2015-08-04 16:43:37 +02:00
Manuel Pégourié-Gonnard
d55bc20e43 Fix missing gnutls guard in ssl-opt.sh 2015-08-04 16:22:30 +02:00
Manuel Pégourié-Gonnard
4268ae046b Fix test for new debug message level
The issue was introduced in cb0d212c when a debug message that was incorrectly
set at level 0 was moved to level 2: now the tests need debug_level=2.
2015-08-04 12:44:10 +02:00
Manuel Pégourié-Gonnard
0a8857435c DTLS: treat bad MAC on Finished as an error
This is not required nor recommended by the protocol, and it's a layering
violation, but it's a know flaw in the protocol that you can't detect a PSK
auth error in any other way, so it is probably the right thing to do.

closes #227
2015-08-04 12:11:17 +02:00
Manuel Pégourié-Gonnard
052d10c9d5 Accept a trailing space at end of PEM lines
With certs being copy-pasted from webmails and all, this will probably become
more and more common.

closes #226
2015-07-31 11:11:26 +02:00
Manuel Pégourié-Gonnard
4cc8c63226 Add test for extensionless ClientHello 2015-07-23 12:24:03 +02:00
Manuel Pégourié-Gonnard
e88b49323e Fix run-test-suite.pl with coverage 2015-07-15 12:31:12 +02:00
Paul Bakker
4cb87f409d Prepare for 2.0.0 release 2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard
78ec2b049c Cosmetics in Makefiles 2015-07-08 22:12:06 +01:00
Manuel Pégourié-Gonnard
1780f89ecf Some more scripts simplified
make now has an alias test = check
2015-07-08 22:08:02 +01:00
Manuel Pégourié-Gonnard
3d404b4763 Simplify some scripts
ssl-opt.sh and compat.sh can now be run from root too
2015-07-08 21:59:16 +01:00
Manuel Pégourié-Gonnard
89eb1970e9 mklink needs /d for directories 2015-07-08 21:39:43 +01:00
Manuel Pégourié-Gonnard
85113848bd Use Perl to run tests suites with make
- works on Windows too!
- we need Perl to generate/build the test suites anyway
- easier & more flexible (eg, now count total number of tests run)
2015-07-08 21:36:06 +01:00
Manuel Pégourié-Gonnard
6cacde2d57 Invoke perl directly in Makefile
mingw32-make doesn't look too happy with #!/usr/bin/env perl
2015-07-08 16:04:00 +02:00
Manuel Pégourié-Gonnard
7eb58cbae8 Rm obsolete hack in ssl-opt.sh 2015-07-07 11:54:14 +02:00
Manuel Pégourié-Gonnard
31cafa33d8 Rm obsolete test in ssl-opt.sh 2015-07-06 17:12:27 +02:00
Manuel Pégourié-Gonnard
ae738c29eb Fix warning from Perl 5.21 in helper script 2015-07-01 19:32:00 +02:00
Manuel Pégourié-Gonnard
3083053dd2 More cmake for windows tune-ups 2015-07-01 17:06:28 +02:00
Manuel Pégourié-Gonnard
7e2d68c1b2 cmake: -W flags only for GCC and Clang 2015-07-01 13:41:35 +02:00
Manuel Pégourié-Gonnard
a16e7c468c Rename a debug function 2015-06-29 20:14:19 +02:00
Manuel Pégourié-Gonnard
b74c245a20 Rework debug to not need dynamic alloc
But introduces dependency on variadic macros
2015-06-29 20:08:23 +02:00
Manuel Pégourié-Gonnard
fc36708697 Use $(MAKE), not make
For the sake of systems where we want gmake.
2015-06-26 16:50:24 +02:00
Manuel Pégourié-Gonnard
03db6b0da1 Cosmetics in test scripts
Some versions of "which" print on stderr.
2015-06-26 15:45:30 +02:00
Manuel Pégourié-Gonnard
4fd0b256a8 Fix dual use of buffer in test
x509_get_name() does not make defensive copies of strings in its input (which
is OK as usually the caller will have made a copy already), so we shouldn't
reuse its input buffer as an output while "parsed" is still alive.
2015-06-26 14:15:48 +02:00
Manuel Pégourié-Gonnard
4b00f08e20 Fix snprintf test
Our Windows implementation based on vsnprintf_s( ..., _TRUNCATE ) sometimes
writes *two* terminating NULLs. Allow for that, but obviously bytes past the
end of the buffer mustn't be touched.
2015-06-26 14:10:13 +02:00
Manuel Pégourié-Gonnard
ea9556a76e Fix mistaken changes in Makefile's clean target
I was a bit too trigger-happy with copy-pasting in a previous commit...
2015-06-25 14:19:25 +02:00
Manuel Pégourié-Gonnard
6dc2651f02 Cosmetics 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
c84d0e1ec1 Use LD_LIBRARY_PATH to run test with SHARED=1
In my tests on Linux, LD_PRELOAD does not seem to work, but LD_LIBRARY_PATH
does.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
9b06abe1d1 Add a shared build with make on Linux to all.sh 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
216a1831de Fix whitespace in CMakeLists.txt
- all spaces no tabs
- indent with 4 spaces everywhere
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
e058ea2ed8 More consistent toolchains in all.sh 2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
21e1ac205e Fix linking order with make
GNU ld cares about the order in which static libs are mentioned on the command
line: if A depends on B then A must com first.
2015-06-25 10:59:57 +02:00
Manuel Pégourié-Gonnard
5c59a4fea5 Split libs with make + general make cleanups 2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard
8d4a613cc5 Small Makefile improvements
- fix old build commands still using OFLAGS
- make everything work with --warn-undefined-variables, which can be useful
  for debugging typos
2015-06-25 10:59:56 +02:00
Manuel Pégourié-Gonnard
ac5361f7dc Fix small issues in tests found by Coverity 2015-06-24 01:08:09 +02:00
Manuel Pégourié-Gonnard
fd474233c8 Change SSL debug API in the library 2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard
52fa38a214 Better cleanup in all.sh 2015-06-23 18:44:10 +02:00
Manuel Pégourié-Gonnard
d23f593737 Avoid static buffer in debug module
Caused issues in threading situations
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
655a964539 Adapt check_key_usage to new weird bits 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
9a702255f4 Add parsing/printing for new X.509 keyUsage flags 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
07894338a0 Rename M255 to Curve25519 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
9386664543 Move from inttypes.h to stdint.h
Some toolchains do not have inttypes.h, and we only need stdint.h which is a
subset of it.
2015-06-22 23:41:26 +02:00
Manuel Pégourié-Gonnard
e91e21cf1b Simplify code in test suites
Hopefully makes it easier on static analyzers
2015-06-22 18:47:07 +02:00
Manuel Pégourié-Gonnard
bcf13bab5d Fix issue with MemSan and entropy
Due to the recent change about entropy sources strength, it is no longer
acceptable to just disable the platform source. So, instead "fix" it so that
it is clear to MemSan that memory is initialized.

I tried __attribute__((no_sanitize_memory)) and MemSan's blacklist file, but
couldn't seem to get them to work.
2015-06-22 18:25:41 +02:00
Manuel Pégourié-Gonnard
6ea831dcf4 Add tests for mbedtls_set_hs_ca_chain() 2015-06-22 17:30:18 +02:00
Manuel Pégourié-Gonnard
c948a798bd Add tests for mbedtls_ssl_set_hs_authmode() 2015-06-22 16:04:20 +02:00
Manuel Pégourié-Gonnard
4d6f178376 Add support for SNI CA and authmode in ssl_server2 2015-06-22 14:52:40 +02:00
Manuel Pégourié-Gonnard
7b6dcbe993 Add tests for snprintf
- Added in each tests program to be sure they are run (putting them in a test
  suite/function specific to the platform layer would cause them to be skipped
when PLATFORM_C is not defined).
- Platforms have already moved from a standard to a broken snprintf in the
  past [1], so make sure to catch that if it ever happens again.

[1]: http://sourceforge.net/p/mingw-w64/mailman/message/31241434/
2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard
bbc60db221 Adjustments for armcc in all.sh
- no HAVE_TIME -> no HAVE_TIME_DATE
- check if --help works, so that the test is cleanly skipped if license server
  cannot be reached
2015-06-22 14:41:37 +02:00
Manuel Pégourié-Gonnard
d5f38b045d Fix dependencies on time on x509 test suite 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
7580ba475d Add a concept of entropy source strength.
The main goal is, we want and error if cycle counter is the only source.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
6195767554 Fix default of openssl s_server
openssl s_server up to 1.0.2.a included uses a 512-bit prime for DH by
default. Since we now require 1024 bit at least, make s_server use decent
params. (1.0.2b and up use acceptable params by default.)
2015-06-22 14:40:55 +02:00
Manuel Pégourié-Gonnard
c0696c216b Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen 2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard
097c7bb05b Rename relevant global symbols from size to bitlen
Just applying rename.pl with this file:

mbedtls_cipher_get_key_size mbedtls_cipher_get_key_bitlen
mbedtls_pk_get_size mbedtls_pk_get_bitlen
MBEDTLS_BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
MBEDTLS_BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
2015-06-18 16:43:38 +02:00
Manuel Pégourié-Gonnard
797f48ace6 Rename ecp_curve_info.size to bit_size 2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard
b31c5f68b1 Add SSL presets.
No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values.
2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard
cbb1f6e5cb Implement cert profile checking 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
9505164ef4 Create cert profile API (unimplemented yet) 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
bc7bbbc85a Remove duplicated tests for x509_verify_info() 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
7a010aabde Add tests for dhm_min_bitlen 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
3d4755bec4 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Fix all.sh for recent config.pl change

Conflicts:
	tests/scripts/all.sh
2015-06-03 14:03:17 +01:00
Manuel Pégourié-Gonnard
721e6bbf71 Fix all.sh for recent config.pl change 2015-06-03 13:38:20 +01:00
Manuel Pégourié-Gonnard
7ee5ddd798 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Fix compile errors with NO_STD_FUNCTIONS
  Expand config.pl's notion of "full"
  Ack external bugfix in Changelog
  FIx misplaced Changelog entry (oops)
  Fix compile bug: incompatible declaration of polarssl_exit in platform.c
  Fix contributor's name in Changelog
2015-06-03 10:33:55 +01:00
Manuel Pégourié-Gonnard
dccb80b7e5 Fix compile errors with NO_STD_FUNCTIONS 2015-06-03 10:20:33 +01:00
Manuel Pégourié-Gonnard
718593681e Use -std=c99 only for library 2015-06-02 16:39:22 +01:00
Manuel Pégourié-Gonnard
ba56136b5c Avoid in-out length in base64 2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard
3335205a21 Avoid in-out length in dhm_calc_secret() 2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard
f79b425226 Avoid in-out length parameter in bignum 2015-06-02 15:41:48 +01:00
Manuel Pégourié-Gonnard
c730ed3f2d Rename boolean functions to be clearer 2015-06-02 10:38:50 +01:00
Manuel Pégourié-Gonnard
d14acbc31a Test assumptions we make about the platform
Things that are not guaranteed by the standard but should be true of all
platforms of interest to us:
- 8-bit chars
- NULL pointers represented by all-bits-zero
2015-05-29 12:25:40 +02:00
Manuel Pégourié-Gonnard
f78e4de6f4 Fix warnings from -pedantic 2015-05-29 10:52:14 +02:00
Manuel Pégourié-Gonnard
009a2640f6 Add test build with -std=c99 2015-05-29 10:31:13 +02:00
Manuel Pégourié-Gonnard
cb46fd8216 Avoid non-standard strcasecmp() 2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard
6ad5d35ba9 Catch a few more likely typos
I often mistype MBEDLTS for MBEDTLS
2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
41b9c2b418 Remove individual mdX_file() and shaX_file() 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
bfffa908a6 Implement md_file in the MD layer 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
7551cb9ee9 Replace malloc with calloc
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard
5e94ddebbc Create ssl_internal.h and move some functions 2015-05-26 11:57:05 +02:00
Manuel Pégourié-Gonnard
66b8e956bb Add test build with all except ssl_cli/srv.c 2015-05-20 11:14:58 +02:00
Manuel Pégourié-Gonnard
d9e6a3ac10 Rename pk_init_ctx() -> pk_setup() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
8473f87984 Rename cipher_init_ctx() to cipher_setup() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
22404866af Allow more time for DTLS interop tests with proxy
Sometimes see false positives on buildbot, trying to avoid that
2015-05-14 12:11:45 +02:00
Manuel Pégourié-Gonnard
5a8d56d3a3 Rm hard dependency of DTLS on TIMING_C 2015-05-13 10:10:00 +02:00
Manuel Pégourié-Gonnard
e6ef16f98c Change X.509 verify flags to uint32_t 2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard
e3a062ba1f Rename ecp_use_known_dp -> mbedtls_ecp_group_load() 2015-05-11 18:46:47 +02:00
Manuel Pégourié-Gonnard
23ee4d65a3 Rm ecp_small tests (use only named groups) 2015-05-11 18:02:58 +02:00
Manuel Pégourié-Gonnard
6729e79482 Rename ssl_set_xxx() to ssl_conf_xxx() 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
662c6e8cdd Disable truncated HMAC by default 2015-05-11 12:33:27 +02:00
Manuel Pégourié-Gonnard
d36e33fc07 Move easy ssl_set_xxx() functions to work on conf
mbedtls_ssl_set_alpn_protocols
mbedtls_ssl_set_arc4_support
mbedtls_ssl_set_authmode
mbedtls_ssl_set_ciphersuites
mbedtls_ssl_set_ciphersuites_for_version
mbedtls_ssl_set_curves
mbedtls_ssl_set_dbg
mbedtls_ssl_set_dh_param
mbedtls_ssl_set_dh_param_ctx
mbedtls_ssl_set_dtls_anti_replay
mbedtls_ssl_set_dtls_badmac_limit
mbedtls_ssl_set_dtls_cookies
mbedtls_ssl_set_encrypt_then_mac
mbedtls_ssl_set_endpoint
mbedtls_ssl_set_extended_master_secret
mbedtls_ssl_set_handshake_timeout
mbedtls_ssl_legacy_renegotiation
mbedtls_ssl_set_max_version
mbedtls_ssl_set_min_version
mbedtls_ssl_set_psk_cb
mbedtls_ssl_set_renegotiation
mbedtls_ssl_set_renegotiation_enforced
mbedtls_ssl_set_renegotiation_period
mbedtls_ssl_set_session_cache
mbedtls_ssl_set_session_ticket_lifetime
mbedtls_ssl_set_sni
mbedtls_ssl_set_transport
mbedtls_ssl_set_truncated_hmac
mbedtls_ssl_set_verify
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
419d5ae419 Make endpoint+transport args of config_defaults() 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
def0bbe3ab Allocate ssl_config out of ssl_setup() 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
d5a9e41296 Adapt test_suite_debug to recent changes 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
6df3196e7c Fix typo in test name 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
e36d56419e Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  fix bug in ssl_mail_client
  Adapt compat.sh to GnuTLS 3.4
  Fix undefined behaviour in x509

Conflicts:
	programs/ssl/ssl_mail_client.c
	tests/compat.sh
2015-04-30 13:52:25 +02:00
Manuel Pégourié-Gonnard
f52248a959 Adapt compat.sh to GnuTLS 3.4 2015-04-30 12:15:16 +02:00
Manuel Pégourié-Gonnard
da61ed3346 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Include changes from the 1.2 branch
  Remove unused headers in o_p_test
  Add countermeasure against cache-based lucky 13
  Make results of (ext)KeyUsage accessible
  Fix missing NULL check in MPI
  Fix detection of getrandom()
  Fix "make install" handling of symlinks
  Fix bugs in programs displaying verify flags

Conflicts:
	Makefile
	include/polarssl/ssl.h
	library/entropy_poll.c
	library/ssl_srv.c
	library/ssl_tls.c
	programs/test/o_p_test.c
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
2015-04-30 10:38:44 +02:00
Manuel Pégourié-Gonnard
e16b62c3a9 Make results of (ext)KeyUsage accessible 2015-04-29 17:07:31 +02:00
Manuel Pégourié-Gonnard
770b5e1e9e Fix missing NULL check in MPI 2015-04-29 17:02:01 +02:00
Manuel Pégourié-Gonnard
41d479e7df Split ssl_init() -> ssl_setup() 2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
8d128efd48 Split mbedtls_ctr_drbg_init() -> seed() 2015-04-28 22:38:08 +02:00
Manuel Pégourié-Gonnard
f9e9481bc5 Split mbedtls_hmac_drbg_init() -> seed{,_buf}() 2015-04-28 22:07:14 +02:00
Manuel Pégourié-Gonnard
c34e8dd265 Split mbedtls_gcm_init() -> gcm_setkey() 2015-04-28 21:42:17 +02:00
Manuel Pégourié-Gonnard
6963ff0969 Split mbedtls_ccm_init() -> setkey() 2015-04-28 18:02:54 +02:00
Manuel Pégourié-Gonnard
e6028c93f5 Fix some X509 macro names
For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard
e75fa70b36 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Make results of (ext)KeyUsage accessible
  Use x509_crt_verify_info() in programs
  Add x509_crt_verify_info()

Conflicts:
	ChangeLog
	include/mbedtls/x509_crt.h
	include/polarssl/ssl.h
	include/polarssl/x509.h
	library/ssl_srv.c
	library/ssl_tls.c
	library/x509_crt.c
	programs/ssl/ssl_client1.c
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_mail_client.c
	programs/ssl/ssl_server2.c
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
	tests/ssl-opt.sh
	tests/suites/test_suite_x509parse.function
2015-04-20 11:51:34 +01:00
Manuel Pégourié-Gonnard
e6efa6f54e manually merge 9f98251 make extKeyUsage accessible 2015-04-20 11:23:24 +01:00
Manuel Pégourié-Gonnard
89addc43db manually merge 0c6ce2f use x509_crt_verify_info() 2015-04-20 11:23:11 +01:00
Manuel Pégourié-Gonnard
b5f48ad82f manually merge 39a183a add x509_crt_verify_info() 2015-04-20 11:22:57 +01:00
Manuel Pégourié-Gonnard
e2650c8238 Merge branch 'mbedtls-1.3' into development
* commit '23c0608':
  Fix bug in generate_code.pl
  Fix typo in contributor name (oops!)
2015-04-17 20:39:50 +02:00
Manuel Pégourié-Gonnard
de9b363fbd Merge branch mbedtls-1.3 into development
* commit '95f0089':
  Update Changelog for DH params
  Add test case for dh params with privateValueLength
  accept PKCS#3 DH parameters with privateValueLength included

Conflicts:
	library/dhm.c
2015-04-17 20:07:22 +02:00
Manuel Pégourié-Gonnard
0c6ce2f536 Use x509_crt_verify_info() in programs 2015-04-17 19:57:21 +02:00
Manuel Pégourié-Gonnard
9f98251e72 Make results of (ext)KeyUsage accessible 2015-04-17 19:57:21 +02:00
Manuel Pégourié-Gonnard
23c0608e28 Fix bug in generate_code.pl
The following did fail:

Test 1
foo:SOME_CONSTANT:"string"

Test 2
foo:OTHER_CONSTANT:"string"

due to the first string actually including the second "foo" up to (but no
including) the colon.
2015-04-17 17:24:25 +02:00
Manuel Pégourié-Gonnard
39a183a629 Add x509_crt_verify_info() 2015-04-17 17:24:25 +02:00