Commit Graph

5013 Commits

Author SHA1 Message Date
Antonio Quartulli
6ae1fe0c2c tests/pkcs5/pbkdf2_hmac: add unit tests for additional SHA algorithms
Test vectors for SHA224,256,384 and 512 have been
generated using Python's hashlib module by the
following oneliner:

import binascii, hashlib
binascii.hexlify(hashlib.pbkdf2_hmac(ALGO, binascii.unhexlify('PASSWORD'), binascii.unhexlify('SALT'), ITER, KEYLEN)))

where ALGO was 'sha224', 'sha256', 'sha384' and 'sha512'
respectively.

Values for PASSWORD, SALT, ITER and KEYLEN were copied from the
existent test vectors for SHA1.

For SHA256 we also have two test vectors coming from RFC7914 Sec 11.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-14 11:12:58 +01:00
Antonio Quartulli
b9e3c6d9c6 pkcs5v2: add support for additional hmacSHA algorithms
Currently only SHA1 is supported as PRF algorithm for PBKDF2
(PKCS#5 v2.0).
This means that keys encrypted and authenticated using
another algorithm of the SHA family cannot be decrypted.

This deficiency has become particularly incumbent now that
PKIs created with OpenSSL1.1 are encrypting keys using
hmacSHA256 by default (OpenSSL1.0 used PKCS#5 v1.0 by default
and even if v2 was forced, it would still use hmacSHA1).

Enable support for all the digest algorithms of the SHA
family for PKCS#5 v2.0.

Signed-off-by: Antonio Quartulli <antonio@openvpn.net>
2018-02-14 11:12:58 +01:00
Ron Eldor
607033e3df Add some tests for different available profiles
Add tests for suite b profile and for the next profile
2018-02-07 12:10:07 +02:00
Ron Eldor
5a2525c2fd Rephrase Changelog
Rephrase Changelog to be more coherent to users
2018-02-07 12:09:58 +02:00
Ron Eldor
3a3b654027 Fix handshake failure in suite B
Fix handshake failure where PK key is translated as `MBEDTLS_ECKEY`
instead of `MBEDTLS_ECDSA`
2018-02-07 12:09:46 +02:00
Jaeden Amero
4c53d0dcb2 Merge remote-tracking branch 'upstream-restricted/pr/449' into mbedtls-2.1-restricted 2018-02-05 11:38:32 +00:00
Jaeden Amero
f725bea9b2 Merge remote-tracking branch 'upstream-restricted/pr/453' into mbedtls-2.1-restricted 2018-02-05 08:52:29 +00:00
Simon Butcher
bdf548e5d8 Update ChangeLog with language and technical corrections
To clarify and correct the ChangeLog.
2018-02-05 08:43:38 +00:00
Jaeden Amero
f885c81f15 Update version to 2.1.10 2018-02-02 18:10:05 +00:00
Jaeden Amero
4913826aff Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2018-01-30 17:33:25 +00:00
Jaeden Amero
f8edb495fb Merge remote-tracking branch 'upstream-public/pr/1337' into mbedtls-2.1 2018-01-30 17:33:02 +00:00
Hanno Becker
235854503b Adapt ChangeLog 2018-01-30 11:58:16 +00:00
Hanno Becker
15e4951651 Add documentation warnings for weak algorithms
MD2, MD4, MD5, DES and SHA-1 are considered weak and their use
constitutes a security risk. If possible, we recommend avoiding
dependencies on them, and considering stronger message digests and
ciphers instead.
2018-01-30 10:39:32 +00:00
Gilles Peskine
36dde9e67a Added ChangeLog entry for 64-bit ILP32 fix 2018-01-29 21:59:12 +01:00
Andres Amaya Garcia
c2c3432040 Improve test_suite_pk size_t vs unsigned int check 2018-01-29 21:59:12 +01:00
Andres Amaya Garcia
65915438b8 Add ChangeLog entry for 64-bit ILP32 fixes 2018-01-29 21:59:12 +01:00
Andres Amaya Garcia
401441b74d Add test command for 64-bit ILP32 in all.sh 2018-01-29 21:59:12 +01:00
Andres Amaya Garcia
ce37ab7ada Fix test_suite_pk.function to work on 64-bit ILP32
This change fixes a problem in the tests pk_rsa_alt() and
pk_rsa_overflow() from test_suite_pk.function that would cause a
segmentation fault. The problem is that these tests are only designed
to run in computers where the sizeof(size_t) > sizeof(unsigned int).
2018-01-29 21:54:26 +01:00
James Cowgill
ca20ced208 Fix segfault on x32 by using better register constraints in bn_mul.h
On x32, pointers are only 4-bytes wide and need to be loaded using the "movl"
instruction instead of "movq" to avoid loading garbage into the register.

The MULADDC routines for x86-64 are adjusted to work on x32 as well by getting
gcc to load all the registers for us in advance (and storing them later) by
using better register constraints. The b, c, D and S constraints correspond to
the rbx, rcx, rdi and rsi registers respectively.
2018-01-29 21:54:26 +01:00
James Cowgill
a5f8b42056 Fix build errors on x32 by using the generic 'add' instruction
On x32 systems, pointers are 4-bytes wide and are therefore stored in %e?x
registers (instead of %r?x registers). These registers must be accessed using
"addl" instead of "addq", however the GNU assembler will acccept the generic
"add" instruction and determine the correct opcode based on the registers
passed to it.
2018-01-29 21:54:26 +01:00
Jaeden Amero
035f6ea288 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2018-01-29 12:53:07 +00:00
Jaeden Amero
6138cb3cf3 Merge remote-tracking branch 'upstream-public/pr/1329' into mbedtls-2.1 2018-01-29 12:53:00 +00:00
Jaeden Amero
e34e324017 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2018-01-29 12:52:33 +00:00
Jaeden Amero
16499b5cbb Merge remote-tracking branch 'upstream-public/pr/1290' into mbedtls-2.1 2018-01-29 12:52:27 +00:00
Jaeden Amero
2b72742e3f Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2018-01-29 12:52:10 +00:00
Jaeden Amero
9442121200 Merge remote-tracking branch 'upstream-public/pr/1288' into mbedtls-2.1 2018-01-29 12:52:01 +00:00
Manuel Pégourié-Gonnard
3e6222dacb Fix alarm(0) failure on mingw32
A new test for mbedtls_timing_alarm(0) was introduced in PR 1136, which also
fixed it on Unix. Apparently test results on MinGW were not checked at that
point, so we missed that this new test was also failing on this platform.
2018-01-29 13:23:40 +01:00
Jaeden Amero
bfafd12789 Merge remote-tracking branch 'upstream-restricted/pr/414' into mbedtls-2.1-restricted 2018-01-26 18:09:14 +00:00
Jaeden Amero
3b8d82a1aa Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2018-01-26 15:07:16 +00:00
Jaeden Amero
200966824d Merge remote-tracking branch 'upstream-public/pr/1054' into mbedtls-2.1 2018-01-26 15:07:11 +00:00
Jaeden Amero
4af592178e Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2018-01-26 15:06:48 +00:00
Jaeden Amero
f216a3c20b Merge remote-tracking branch 'upstream-public/pr/1310' into mbedtls-2.1 2018-01-26 15:01:30 +00:00
Ron Eldor
35836bfd37 Support verbose output of the test suites
generate add ctest test-suites, with the --verbose argument to be given
to the test suites.
The verbose output will be shown **only** if ctest is run with `-v` parameter
The verbose argument is to the test-suites, only when run through `ctest`
2018-01-25 18:25:44 +00:00
Manuel Pégourié-Gonnard
e56c77eeb2 Fix race condition in error printing in ssl_server2.c
The race goes this way:
1. ssl_recv() succeeds (ie no signal received yet)
2. processing the message leads to aborting handshake with ret != 0
3. reset ret if we were signaled
4. print error if ret is still non-zero
5. go back to net_accept() which can be interrupted by a signal
We print the error message only if the signal is received between steps 3 and
5, not when it arrives between steps 1 and 3.

This can cause failures in ssl-opt.sh where we check for the presence of "Last
error was..." in the server's output: if we perform step 2, the client will be
notified and exit, then ssl-opt.sh will send SIGTERM to the server, but if it
didn't get a chance to run and pass step 3 in the meantime, we're in trouble.

The purpose of step 3 was to avoid spurious "Last error" messages in the
output so that ssl-opt.sh can check for a successful run by the absence of
that message. However, it is enough to suppress that message when the last
error we get is the one we expect from being interrupted by a signal - doing
more could hide real errors.

Also, improve the messages printed when interrupted to make it easier to
distinguish the two cases - this could be used in a testing script wanted to
check that the server doesn't see the client as disconnecting unexpectedly.
2018-01-25 11:43:36 +01:00
Jaeden Amero
e5b443e2d6 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2018-01-24 15:24:42 +00:00
Jaeden Amero
0295634b21 Merge remote-tracking branch 'upstream-public/pr/1278' into mbedtls-2.1 2018-01-24 10:55:56 +00:00
Andres Amaya Garcia
133ab2c8ee Ensure that mbedtls_pk_parse_key() does not allocate 0 bytes 2018-01-23 21:21:49 +00:00
Andres Amaya Garcia
af77213b72 Change formatting of allocation check in x509_crl 2018-01-23 21:21:00 +00:00
Andres Amaya Garcia
fb023c18da Ensure memcpy is not called with NULL and 0 args in x509 module 2018-01-23 21:21:00 +00:00
Simon Butcher
60411a8b7f Fix typos and add copyright statement to generate_code.pl 2018-01-23 21:21:00 +00:00
SimonB
8bcd549a3a Refactored test suite template code
Restructed test suite helper and main code to support tests suite helper
functions, changed C++ comments to C-style, and made the generated
source code more navigable.
2018-01-23 21:21:00 +00:00
SimonB
0284f58234 Added support for per test suite helper functions
Added to generate_code.pl:
    - support for per test suite helper functions
    - description of the structure of the files the script uses to construct
      the test suite file
    - delimiters through the source code to make the machine generated code
      easier to understand
2018-01-23 21:17:27 +00:00
SimonB
e39088a62b Clarified purpose and usage of generate_code.pl
Added comments to explain purpose and usage of generate_code.pl
2018-01-23 21:07:10 +00:00
Andres AG
9b9ae0d897 Test corner case uses of memory_buffer_alloc.c 2018-01-23 21:03:49 +00:00
Simon Butcher
e9cfe146b5 Widens test bounds on memory alloc tests 2018-01-23 21:03:49 +00:00
SimonB
aff799231e Additional tests to test stack buffer allocator
Adds additional tests to the test suite for
memory_buffer_alloc.c
2018-01-23 21:03:49 +00:00
Andres Amaya Garcia
5dc2fe7467 Style fixes in pem, x509_crl and buf_alloc 2018-01-23 21:03:49 +00:00
Andres AG
8ad5acd6da Fix corner case uses of memory_buffer_alloc.c
The corner cases fixed include:
    * Allocating a buffer of size 0. With this change, the allocator now
      returns a NULL pointer in this case. Note that changes in pem.c and
      x509_crl.c were required to fix tests that did not work under this
      assumption.
    * Initialising the allocator with less memory than required for headers.
    * Fix header chain checks for uninitialised allocator.
2018-01-23 21:03:49 +00:00
Gilles Peskine
a2ef78d50c Merge remote-tracking branch 'upstream-restricted/pr/442' into mbedtls-2.1-restricted 2018-01-23 00:47:43 +01:00
Gilles Peskine
b9088ee537 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted 2018-01-23 00:47:32 +01:00