Commit Graph

4561 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
86bc448e75 Merge remote-tracking branch 'public/pr/1118' into mbedtls-2.1
* public/pr/1118:
  Allow comments in test data files
2017-12-19 12:19:52 +01:00
Manuel Pégourié-Gonnard
157393a2f4 Merge remote-tracking branch 'public/pr/1192' into mbedtls-2.1
* public/pr/1192:
  ssl-opt.sh: support fixed seed for random tests
2017-12-19 12:18:54 +01:00
Manuel Pégourié-Gonnard
227692a6b1 Merge remote-tracking branch 'public/pr/1160' into mbedtls-2.1
* public/pr/1160:
  Address PR review comments
  Backport 2.1:Fix crash when calling `mbedtls_ssl_cache_free` twice
2017-12-19 11:42:29 +01:00
Manuel Pégourié-Gonnard
d1ededf4a3 Merge remote-tracking branch 'public/pr/1187' into mbedtls-2.1
* public/pr/1187:
  Fix build error with gcc -Werror=misleading-indentation
2017-12-18 11:46:10 +01:00
Manuel Pégourié-Gonnard
912e4471bb Merge remote-tracking branch 'public/pr/1185' into mbedtls-2.1
* public/pr/1185:
  Fix build without MBEDTLS_FS_IO
2017-12-18 11:44:07 +01:00
Gilles Peskine
a15486a35f Merge branch 'pr_1044' into mbedtls-2.1 2017-12-04 17:29:28 +01:00
Gilles Peskine
45c8f6a38a Added ChangeLog entry 2017-12-04 17:28:09 +01:00
Gilles Peskine
4b36dfb820 Merge remote-tracking branch 'upstream-public/pr/1174' into mbedtls-2.1 2017-12-04 17:20:45 +01:00
Gilles Peskine
bb4aaf1bbc ssl-opt.sh: support fixed seed for random tests
Support --seed and $SEED to set the seed for random tests.

Partial backport of commit 7770ea82d5
(the part applying to all.sh is already present).
2017-12-01 17:23:34 +01:00
Gilles Peskine
14ab4cff9f Fix build error with gcc -Werror=misleading-indentation
Fix misleading indentation. This was just bad indentation, the
behavior was correct. It was detected by gcc 6.
2017-12-01 11:45:21 +01:00
Gilles Peskine
6ddfa37084 Fix build without MBEDTLS_FS_IO
Fix missing definition of mbedtls_zeroize when MBEDTLS_FS_IO is
disabled in the configuration.

Introduced by d08ae68237
    Merge remote-tracking branch 'upstream-public/pr/1112' into mbedtls-2.1
2017-11-30 12:20:19 +01:00
Gilles Peskine
49349bacb9 Merge remote-tracking branch 'upstream-public/pr/1153' into mbedtls-2.1 2017-11-29 20:53:58 +01:00
Gilles Peskine
f663c22ab7 Merge remote-tracking branch 'upstream-public/pr/916' into mbedtls-2.1 2017-11-29 20:53:44 +01:00
Gilles Peskine
25aa833ac3 Merge branch 'pr_1082' into mbedtls-2.1 2017-11-28 18:33:50 +01:00
Gilles Peskine
026d18aefa Add ChangeLog entry 2017-11-28 18:33:31 +01:00
Gilles Peskine
283a80d51f Merge remote-tracking branch 'upstream-public/pr/1108' into mbedtls-2.1 2017-11-28 18:31:28 +01:00
Gilles Peskine
31dce36364 Merge remote-tracking branch 'upstream-public/pr/1080' into mbedtls-2.1 2017-11-28 18:30:18 +01:00
Gilles Peskine
a6f6947490 Merge remote-tracking branch 'upstream-public/pr/943' into mbedtls-2.1 2017-11-28 18:28:39 +01:00
Gilles Peskine
dc89416ad9 Merge remote-tracking branch 'upstream-public/pr/996' into mbedtls-2.1 2017-11-28 17:10:10 +01:00
Gilles Peskine
d08ae68237 Merge remote-tracking branch 'upstream-public/pr/1112' into mbedtls-2.1 2017-11-24 15:37:29 +01:00
Gilles Peskine
7aa24190b4 Merge remote-tracking branch 'upstream-public/pr/1107' into mbedtls-2.1 2017-11-23 20:09:48 +01:00
Darryl Green
67bfc5b46c Add tests for invalid private parameter in mbedtls_ecdsa_sign 2017-11-20 17:11:42 +00:00
Darryl Green
1b052e80aa Add checks for private parameter in mbedtls_ecdsa_sign() 2017-11-20 17:11:17 +00:00
Manuel Pégourié-Gonnard
ea0aa655f6 Merge branch 'mbedtls-2.1' into mbedtls-2.1-restricted
* mbedtls-2.1:
  Fix typo in asn1.h
  Improve leap year test names in x509parse.data
  Correctly handle leap year in x509_date_is_valid()
  Renegotiation: Add tests for SigAlg ext parsing
  Parse Signature Algorithm ext when renegotiating
  Fix changelog for ssl_server2.c usage fix
  Fix ssl_server2 sample application prompt
  Update ChangeLog for fix to #836
  Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
  Enhance documentation of mbedtls_ssl_set_hostname
  Add test case calling ssl_set_hostname twice
  Make mbedtls_ssl_set_hostname safe to be called multiple times
  Fix typo in configs/README.txt file
2017-11-14 08:38:52 +01:00
Ron Eldor
be17ed59d6 Address PR review comments
set `cache->chain` to NULL,
instead of setting the whole structure to zero.
2017-10-30 18:11:38 +02:00
Ron Eldor
5bd272627b Backport 2.1:Fix crash when calling mbedtls_ssl_cache_free twice
Set `cache` to zero at the end of `mbedtls_ssl_cache_free` #1104
2017-10-30 18:09:40 +02:00
Hanno Becker
489f80cbf5 Adapt ChangeLog 2017-10-24 11:56:58 +01:00
Hanno Becker
4f9973efb9 Add build and ssl-opt.sh run for !SSL_RENEGOTIATION to all.sh 2017-10-24 11:56:28 +01:00
Hanno Becker
7889113075 Add dependency on SSL_RENEGOTIATION to renego tests in ssl-opt.sh 2017-10-24 11:54:55 +01:00
Hanno Becker
3cd07be889 Fix handling of HS msgs in mbedtls_ssl_read if renegotiation unused
Previously, if `MBEDTLS_SSL_RENEGOTIATION` was disabled, incoming handshake
messages in `mbedtls_ssl_read` (expecting application data) lead to the
connection being closed. This commit fixes this, restricting the
`MBEDTLS_SSL_RENEGOTIATION`-guard to the code-paths responsible for accepting
renegotiation requests and aborting renegotiation attempts after too many
unexpected records have been received.
2017-10-24 11:49:19 +01:00
Hanno Becker
e454d73cc0 Swap branches accepting/refusing renegotiation in in ssl_read 2017-10-24 11:47:37 +01:00
Hanno Becker
797c084394 Add tests for disabled MFL-extension to all.sh
This commit adds a build with default config except
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH to all.sh, as well as a run of the MFL-related
tests in ssl-opt.sh.
2017-10-19 15:49:21 +01:00
Hanno Becker
6ed76f74d2 Use a conservative excess of the maximum fragment length in tests
This leads to graceful test failure instead of crash when run on the previous
code.
2017-10-19 15:45:17 +01:00
Hanno Becker
64691dc3fc Let ssl-opt.sh gracefully fail is SSL_MAX_CONTENT_LEN is not 16384
Some tests in ssl-opt.sh require MBEDTLS_SSL_MAX_CONTENT_LEN to be set to its
default value of 16384 to succeed. While ideally such a dependency should not
exist, as a short-term remedy this commit adds a small check that will at least
lead to graceful exit if that assumption is violated.
2017-10-19 15:45:17 +01:00
Hanno Becker
b658ee63c2 Adapt ChangeLog 2017-10-19 15:45:17 +01:00
Florin
a360411e4f Fixed SIGSEGV problem when writing with ssl_write_real a buffer that is over MBEDTLS_SSL_MAX_CONTENT_LEN bytes
Signed-off-by: Florin <petriuc.florin@gmail.com>
2017-10-19 15:44:37 +01:00
Hanno Becker
e298c8b46c Correct typo 2017-10-19 15:44:37 +01:00
Hanno Becker
0d885d3d8c Add expected number of fragments to 16384-byte packet tests 2017-10-19 15:44:37 +01:00
Hanno Becker
2fabe5fb70 Add tests for messages beyond 16384 bytes to ssl-opt.sh
This commit adds four tests to ssl-opt.sh testing the library's behavior when
`mbedtls_ssl_write` is called with messages beyond 16384 bytes. The combinations
tested are TLS vs. DTLS and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH enabled vs. disabled.
2017-10-19 15:44:37 +01:00
Hanno Becker
0560778fb0 Add missing test-dependencies for MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
The tests for the maximum fragment length extension were lacking a dependency on
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH being set in the config.
2017-10-19 15:44:37 +01:00
Hanno Becker
1a662eb928 Allow requests of size larger than 16384 in ssl_client2 2017-10-19 15:44:37 +01:00
Andres Amaya Garcia
fe7fd6e8dc Fix typo in asn1.h 2017-10-12 22:42:04 +01:00
Andres Amaya Garcia
b1d78fcf70 Improve leap year test names in x509parse.data 2017-10-12 21:03:15 +01:00
Andres Amaya Garcia
bc041130b0 Correctly handle leap year in x509_date_is_valid()
This patch ensures that invalid dates on leap years with 100 or 400
years intervals are handled correctly.
2017-10-12 21:03:01 +01:00
Janos Follath
5f1dd80eaf Renegotiation: Add tests for SigAlg ext parsing
This commit adds regression tests for the bug when we didn't parse the
Signature Algorithm extension when renegotiating. (By nature, this bug
affected only the server)

The tests check for the fallback hash (SHA1) in the server log to detect
that the Signature Algorithm extension hasn't been parsed at least in
one of the handshakes.

A more direct way of testing is not possible with the current test
framework, since the Signature Algorithm extension is parsed in the
first handshake and any corresponding debug message is present in the
logs.
2017-10-11 13:58:17 +01:00
Ron Eldor
bac9d4d90f Parse Signature Algorithm ext when renegotiating
Signature algorithm extension was skipped when renegotiation was in
progress, causing the signature algorithm not to be known when
renegotiating, and failing the handshake. Fix removes the renegotiation
step check before parsing the extension.
2017-10-11 13:58:08 +01:00
Hanno Becker
8379554b24 Correct typo: PBDFK -> PBKDF 2017-10-06 14:37:35 +01:00
Hanno Becker
0d0422cbd0 Unify naming schemes for RSA keys 2017-10-06 14:09:58 +01:00
Hanno Becker
59ce0a7635 Improve documentation in pkparse.c
State explicitly that `pk_parse_pkcs8_undencrypted_der` and `pk_parse_key_pkcs8_encrypted_der` are not responsible for
zeroizing and freeing the provided key buffer.
2017-10-06 14:09:47 +01:00
Hanno Becker
0c104b19e4 Fix typo 2017-10-06 14:05:23 +01:00