Commit Graph

4561 Commits

Author SHA1 Message Date
Hanno Becker
82027c1cd9 Don't use all_final as a target in tests/data_files/Makefile
The `neat` target in that Makefile assumes all_final to be a concatenation of
file names.
2017-10-06 14:05:13 +01:00
Hanno Becker
734b6d4527 Add suffix for 1024-bit RSA key files
Previously, 2048-bit and 4096-bit RSA key files had their bitsize indicated in their filename, while the original
1024-bit keys hadn't. This commit unifies the naming scheme by always indicating the bitsize in the filename.
2017-10-06 14:05:04 +01:00
Hanno Becker
f5b1ea3707 Correct Makefile in tests/data_files
The documentation of the target `all_final` was no longer accurate, and numerous non-file targets were missing in the
.PHONY section.
2017-10-06 14:04:54 +01:00
Hanno Becker
f700a71acb Add further tests for DER-encoded PKCS8-v2-DES encrypted RSA keys
For uniformity, this commit adds tests for DER encoded PKCS8-v2-DES encrypted RSA keys that were already present for
PKCS8-v2-3DES encrypted RSA keys.
2017-10-06 14:04:22 +01:00
Hanno Becker
5e568e225a Add further tests for new RSA keys
For uniformity, this commit adds tests for DER encoded, SHA1-2DES and SHA1-RC4-128-encrypted RSA keys; for SHA1-3DES encrypted keys, these were already present.
2017-10-06 14:04:15 +01:00
Hanno Becker
dca50813e9 Update keyfiles
This commit replaces the previous keyfiles with those generated by the commands added in the previous commit.
2017-10-06 14:04:02 +01:00
Hanno Becker
9c22f5904a Add RSA key generation commands to test Makefile
This commit adds the commands used to generate the various RSA keys to tests/Makefile so that they can be easily
regenerated or modified, e.g. if larger key sizes or other encryption algorithms need to be tested in the future.
2017-10-06 14:03:53 +01:00
Hanno Becker
570238e008 Fix typo in pkparse.c 2017-10-06 14:03:45 +01:00
Hanno Becker
0642ed4e45 Add tests for encrypted 2048 and 4096-bit RSA keys 2017-10-06 14:03:24 +01:00
Hanno Becker
ffa7a33ee4 Adapt ChangeLog 2017-10-05 09:08:06 +01:00
Hanno Becker
cdba5cdcb9 Improve output on bad cmd line args in programs/x509/cert_write 2017-10-04 14:54:17 +01:00
Hanno Becker
bc7cbbacd8 Use X509 CRT version macros for version checks in x509write_crt_der 2017-10-04 14:52:21 +01:00
Hanno Becker
37de7755fb Fix error code printing in cert_write
Error codes can consume up to two bytes, but only one was printed so far.
2017-10-04 14:52:13 +01:00
Hanno Becker
54d6c5bea2 Use X509 CRT version macros in cert_write program 2017-10-04 14:51:55 +01:00
Hanno Becker
4f4864a245 Fix senseless comment 2017-10-04 14:51:47 +01:00
Hanno Becker
7de3ff36df Minor style and typo corrections 2017-10-04 14:51:32 +01:00
Hanno Becker
2b6c3f655a Extend tests/data_files/Makefile to include CRT's for CRT write test 2017-10-04 14:36:38 +01:00
Hanno Becker
781af0d60c Extend cert_write example program by multiple cmd line options
This commit adds the following command line options to programs/x509/cert_write:
- version (val 1, 2, 3): Set the certificate's version (v1, v2, v3)
- authority_identifier (val 0, 1): Enable or disable the addition of the
                                   authority identifier extension.
- subject_identifier (val 0, 1): Enable or disable the addition of the
                                 subject identifier extension.
- basic_constraints (val 0, 1): Enable or disable the addition of the
                                basic constraints extension.
- md (val MD5, SHA1, SHA256, SHA512): Set the hash function used
                                      when creating the CRT.
2017-10-04 14:35:34 +01:00
Hanno Becker
c4cd8c64cd Don't add extensions for X.509 non-v3 certificates
This commit removes extension-writing code for X.509 non-v3 certificates from
mbedtls_x509write_crt_der. Previously, even if no extensions were present an
empty sequence would have been added.
2017-10-04 14:34:14 +01:00
Hanno Becker
e3af3afd5a Omit version from X.509 v1 certificates
The version field in an X.509 certificate is optional and defaults to v1, so it
may be omitted in this case.
2017-10-04 14:34:02 +01:00
Simon Butcher
5d39aceb04 Fix changelog for ssl_server2.c usage fix 2017-10-02 19:17:57 +01:00
Ron Eldor
bd25784474 Fix ssl_server2 sample application prompt
FIx the type of server_addr parameter from %d to %s.
Issue reported by Email by Bei Jin
2017-10-02 19:17:48 +01:00
Gilles Peskine
e38900b1a1 Allow comments in test data files 2017-10-02 11:26:09 +02:00
Simon Butcher
72e9ba2ce3 Update ChangeLog for fix to #836 2017-09-30 23:51:44 +01:00
Hanno Becker
c7845e51f3 Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
Add a reference to the relevant RFC, adapt ChangeLog.
2017-09-30 23:49:01 +01:00
Hanno Becker
7891da28ea Enhance documentation of mbedtls_ssl_set_hostname
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure
2017-09-30 23:48:01 +01:00
Hanno Becker
b974e98b12 Add test case calling ssl_set_hostname twice
Add a test case calling ssl_set_hostname twice to test_suite_ssl.
When run in CMake build mode ASan, this catches the current leak,
but will hopefully be fine with the new version.
2017-09-30 23:47:44 +01:00
Hanno Becker
593b0d33f6 Make mbedtls_ssl_set_hostname safe to be called multiple times
Zeroize and free previously set hostnames before overwriting
them. Also, allow clearance of hostname by providing NULL parameter.
2017-09-30 23:47:34 +01:00
Ron Eldor
2823fad6cb Fix typo in configs/README.txt file
Fix typo in Readme file: ajust->adjust
2017-09-30 21:51:11 +01:00
Hanno Becker
69f00bfbe1 Correct parsing checks in mbedtls_pk_parse_key
Two code-paths in `mbedtls_pk_parse_key` returned success on a failure in `mbedtls_pk_setup`.
2017-09-28 16:26:19 +01:00
Hanno Becker
380aa64d65 Adapt ChangeLog 2017-09-28 16:26:17 +01:00
Hanno Becker
da8e163020 Remove unreachable branches in pkparse.c 2017-09-28 15:54:21 +01:00
Hanno Becker
e5d5b9098a Mention in-place decryption in pk_parse_key_pkcs8_encrypted_der
Also fixes a typo.
2017-09-28 15:54:11 +01:00
Hanno Becker
ff532958bf Remove unnecessary cast 2017-09-28 15:53:48 +01:00
Hanno Becker
a1d5856c25 Add missing calls to mbedtls_pem_free in mbedtls_pk_parse 2017-09-28 15:52:38 +01:00
Hanno Becker
9f2b60bc83 Use in-place decryption in pk_parse_pkcs8_encrypted_der
The stack buffer used to hold the decrypted key in pk_parse_pkcs8_encrypted_der
was statically sized to 2048 bytes, which is not enough for DER encoded 4096bit
RSA keys.

This commit resolves the problem by performing the key-decryption in-place,
circumventing the introduction of another stack or heap copy of the key.

There are two situations where pk_parse_pkcs8_encrypted_der is invoked:
1. When processing a PEM-encoded encrypted key in mbedtls_pk_parse_key.
   This does not need adaption since the PEM context used to hold the decoded
   key is already constructed and owned by mbedtls_pk_parse_key.
2. When processing a DER-encoded encrypted key in mbedtls_pk_parse_key.
   In this case, mbedtls_pk_parse_key calls pk_parse_pkcs8_encrypted_der with
   the buffer provided by the user, which is declared const. The commit
   therefore adds a small code paths making a copy of the keybuffer before
   calling pk_parse_pkcs8_encrypted_der.
2017-09-28 15:52:27 +01:00
Hanno Becker
a89dbd168e Adapt ChangeLog 2017-09-28 14:38:26 +01:00
Hanno Becker
f581e11881 Fix extraction of signature-type from PK context instance 2017-09-28 14:32:27 +01:00
Andres Amaya Garcia
41a38dfed6 Add ChangeLog entry 2017-09-15 11:01:40 +01:00
Andres Amaya Garcia
1042d8637c Dont send alert on invalid DTLS record type
Do not send fatal alerts when receiving a record with an invalid header
while running DTLS as this is not compliant behaviour.
2017-09-15 10:57:29 +01:00
Hanno Becker
d2cc7ce4cb Correct definition of ENTROPY_HAVE_STRONG
Mbed TLS 2.1 doesn't have MBEDTLS_TEST_NULL_ENTROPY macro.
2017-09-08 10:47:33 +01:00
Hanno Becker
7968ad9c31 Guard some tests by presence of strong entropy 2017-09-08 10:20:40 +01:00
Hanno Becker
66580d284d Add internal macro ENTROPY_HAVE_STRONG indicating strong entropy
This commit adds the macro ENTROPY_HAVE_STRONG to the helper test file tests/suites/helpers.function to be able to make
tests depend on the presence of strong entropy.
2017-09-08 10:13:59 +01:00
Hanno Becker
276d530abe Support negative dependencies in test cases
The entropy test suite uses a negative dependency "depends_on:!CONFIG_FLAG" for one of its tests. This kind of
dependency (running a test only if some configuration flag is not defined) is currently not supported and instead
results in the respective test case being dropped.

This commit adds support for negative dependencies in test cases.
2017-09-08 10:13:57 +01:00
Hanno Becker
7fdabd3c64 Correct typo in entropy test suite data 2017-09-08 09:13:49 +01:00
Hanno Becker
e4875e015f Initialize RSA context in RSA test suite before first potentially failing operation
The function `mbedtls_rsa_gen_key` from `test_suite_rsa.function` initialized a stack allocated RSA context only after
seeding the CTR DRBG. If the latter operation failed, the cleanup code tried to free the uninitialized RSA context,
potentially resulting in a segmentation fault. Fixes one aspect of #1023.
2017-09-08 09:13:38 +01:00
Ron Eldor
00cb3af4ab Backport 2.1:Add configuration file in md.h
include `*config.h*` in md.h as MACROS in the header file get ignored.
Fix for #1001.
2017-09-07 14:42:51 +03:00
Simon Butcher
1fe5e8ab44 Update version number to 2.1.9 2017-08-10 11:51:47 +01:00
Simon Butcher
a30508309e Fix language in Changelog for clarity 2017-08-10 10:48:33 +01:00
Andres Amaya Garcia
93a8789b62 Change PK module preprocessor check on word size
There were preprocessor directives in pk.c and pk_wrap.c that cheked
whether the bit length of size_t was greater than that of unsigned int.
However, the check relied on the MBEDTLS_HAVE_INT64 macro being defined
which is not directly related to size_t. This might result in errors in
some platforms. This change modifies the check to use the macros
SIZE_MAX and UINT_MAX instead making the code more robust.
2017-08-04 13:43:07 +01:00