Commit Graph

1841 Commits

Author SHA1 Message Date
Jaeden Amero
8385110ae8 Update version to 2.7.5 2018-07-25 15:43:21 +01:00
Simon Butcher
d7126d7009 Merge remote-tracking branch 'public/pr/779' into mbedtls-2.7 2018-07-24 13:38:44 +01:00
Simon Butcher
d5a3ed36b8 Merge remote-tracking branch 'public/pr/1863' into mbedtls-2.7 2018-07-24 12:57:15 +01:00
Simon Butcher
bd40916dfa Merge remote-tracking branch 'public/pr/1872' into mbedtls-2.7 2018-07-24 12:12:43 +01:00
Simon Butcher
66e2b654a8 Merge remote-tracking branch 'public/pr/1877' into mbedtls-2.7 2018-07-24 08:26:26 +01:00
Simon Butcher
948f264302 Add additional i386 tests to all.sh
Added an additional i386 test to all.sh, to allow one test with -O0 which
compiles out inline assembly, and one to test with -01 which includes the inline
assembly.
2018-07-23 13:41:25 +01:00
Jaeden Amero
5113bdec6e all.sh: Return error on keep-going failure
When calling all.sh from a script and using "--keep-going", errors were
sometimes missed due to all.sh always returning 0 "success" return code.
Return 1 if there is any failure encountered during a "keep-going" run.
2018-07-23 10:24:31 +01:00
Simon Butcher
7c6b84102d Expand i386 all.sh tests to full config ASan builds
The i386 test builds were only building the default configuration and had
no address sanitisation. This commit expands the test configuration to the full
configuration in all.sh and builds with ASan for when the test suites are
executed.
2018-07-20 21:34:04 +01:00
Simon Butcher
e9aa8c1d6d Merge remote-tracking branch 'public/pr/1838' into mbedtls-2.7 2018-07-19 20:01:33 +01:00
Andres Amaya Garcia
14783c47e7 Add test for empty app data records to ssl-opt.sh 2018-07-16 20:14:54 +01:00
Jaeden Amero
fc2c4d025a tests: dhm: Rename Hallman to Hellman
Fix typo of Diffie-Hallman to Diffie-Hellman.
2018-07-06 14:28:45 +01:00
Gilles Peskine
7163a6ad91 Fix ssl-opt.sh not starting when lsof is not available
$START_DELAY was used before it was defined.
2018-06-29 16:03:22 +02:00
Ron Eldor
94226d8e61 Update ssl-opt.sh test to run condition
1. Update the test script to un the ECC tests only if the relevant
configurations are defined in `config.h` file
2. Change the HASH of the ciphersuite from SHA1 based to SHA256
for better example
2018-06-28 16:19:14 +03:00
Ron Eldor
c7f1523a9e Add ECC extensions test in ssl-opts.sh
Add test to verify if an ecc based extension exists
or not if an ecc based ciphersuite is used or not.
2018-06-28 15:53:22 +03:00
Simon Butcher
0e342f77fc Merge remote-tracking branch 'public/pr/1390' into mbedtls-2.7 2018-06-27 11:11:34 +01:00
Simon Butcher
f15cfd5d04 Merge remote-tracking branch 'public/pr/1557' into mbedtls-2.7 2018-06-27 11:07:50 +01:00
Ron Eldor
de881c0173 Resolve PR review comments
Address review comments:
1. add `mbedtls_cipher_init()` after freeing context, in test code
2. style comments
3. set `ctx->iv_size = 0` in case `IV == NULL && iv_len == 0`
2018-06-21 14:03:37 +03:00
Ron Eldor
cf330e8910 Fix CI failure
Test IV special cases only if `MBEDTLS_CIPHER_MODE_CBC` is defined
2018-06-21 14:03:24 +03:00
Ron Eldor
efba4b077b Fix after PR comments
1. Don't set IV onECB
2. Fix style issues
3. reduce number of tests
2018-06-21 14:03:14 +03:00
Ron Eldor
cf2305e513 Add tests for mbedtls_cipher_crypt API
1. Add tests for 'mbedtls_cipher_crypt()' API
2. Resolves #1091, by ignoring IV when the cipher mode is MBEDTLS_MODE_ECB
2018-06-21 14:02:23 +03:00
Simon Butcher
662ae9eaae Change the library version to 2.7.4 2018-06-18 14:42:14 +01:00
Simon Butcher
0623cce53e Merge remote-tracking branch 'public/pr/1664' into mbedtls-2.7 2018-06-15 13:03:22 +01:00
Simon Butcher
8c83673eb2 Merge remote-tracking branch 'public/pr/1708' into mbedtls-2.7 2018-06-12 17:26:55 +01:00
Simon Butcher
856870952a Merge remote-tracking branch 'public/pr/1709' into mbedtls-2.7 2018-06-12 17:25:19 +01:00
Simon Butcher
ee3a3d4a72 Merge remote-tracking branch 'public/pr/1470' into mbedtls-2.7 2018-06-11 11:30:33 +01:00
Simon Butcher
bb5e1c3973 Fix multiple quality issues in the source
This PR fixes multiple issues in the source code to address issues raised by
tests/scripts/check-files.py. Specifically:
 * incorrect file permissions
 * missing newline at the end of files
 * trailing whitespace
 * Tabs present
 * TODOs in the souce code
2018-06-08 11:14:43 +01:00
Darryl Green
38e4c68a9e Add check-files.py to pre-push.sh 2018-06-05 11:57:21 +01:00
Darryl Green
bd38c3b89f Add check-files.py to all.sh 2018-06-05 11:57:12 +01:00
Darryl Green
da02eb310c Add script for source integrity checking 2018-06-05 11:57:01 +01:00
Simon Butcher
e83b1ae201 Merge remote-tracking branch 'public/pr/1606' into mbedtls-2.7 2018-06-01 19:34:44 +01:00
Andres Amaya Garcia
f9519bfa60 Add more SNI/DTLS tests
Run the normal SNI/TLS tests over DTLS in ssl-opt.sh for greater
coverage.
2018-05-30 08:21:26 +01:00
Andres Amaya Garcia
914eea44e7 Rename SNI/DTLS tests in ssl-opt.sh script 2018-05-30 08:21:25 +01:00
Andres AG
e8b0774392 Add SNI with DTLS tests to ssl-opt.sh script 2018-05-30 08:21:22 +01:00
Jaeden Amero
11d5551d0a Merge remote-tracking branch 'upstream-public/pr/1487' into mbedtls-2.7-proposed 2018-05-04 11:06:21 +01:00
Andres AG
b7b420b51c Fix uninitialized var in check-generated-files.sh 2018-05-01 21:01:22 +01:00
Andres Amaya Garcia
7dae108fe8 Check generated-visualc-files in check-generated-files 2018-05-01 21:01:18 +01:00
Jaeden Amero
1fc4d33f5f Update version to 2.7.3 2018-04-27 13:15:45 +01:00
fbrosson
3a7457136e Backport 2.7: Use "#!/usr/bin/env perl" as shebang line. 2018-04-04 22:26:56 +00:00
Azim Khan
03da121663 Enable SSL test scripts to dump logs on stdout 2018-04-03 17:58:35 +01:00
Gilles Peskine
595c84a7b1 Merge remote-tracking branch 'upstream-public/pr/1500' into mbedtls-2.7-proposed 2018-04-01 12:41:29 +02:00
Gilles Peskine
a0e03a81a7 Merge branch 'pr_1538' into mbedtls-2.7-proposed 2018-04-01 12:35:50 +02:00
Andrzej Kurek
a24adde168 Add tests for "return plaintext data faster on unpadded decryption" 2018-03-29 08:43:30 -04:00
Jaeden Amero
38e37bdd56 Merge remote-tracking branch 'upstream-public/pr/1529' into mbedtls-2.7-proposed 2018-03-29 11:00:09 +01:00
Jaeden Amero
0d891042d1 Merge remote-tracking branch 'upstream-public/pr/1524' into mbedtls-2.7-proposed 2018-03-28 15:33:45 +01:00
Jethro Beekman
004e37117c Fix parsing of PKCS#8 encoded Elliptic Curve keys.
The relevant ASN.1 definitions for a PKCS#8 encoded Elliptic Curve key are:

PrivateKeyInfo ::= SEQUENCE {
  version                   Version,
  privateKeyAlgorithm       PrivateKeyAlgorithmIdentifier,
  privateKey                PrivateKey,
  attributes           [0]  IMPLICIT Attributes OPTIONAL
}

AlgorithmIdentifier  ::=  SEQUENCE  {
  algorithm   OBJECT IDENTIFIER,
  parameters  ANY DEFINED BY algorithm OPTIONAL
}

ECParameters ::= CHOICE {
  namedCurve         OBJECT IDENTIFIER
  -- implicitCurve   NULL
  -- specifiedCurve  SpecifiedECDomain
}

ECPrivateKey ::= SEQUENCE {
  version        INTEGER { ecPrivkeyVer1(1) } (ecPrivkeyVer1),
  privateKey     OCTET STRING,
  parameters [0] ECParameters {{ NamedCurve }} OPTIONAL,
  publicKey  [1] BIT STRING OPTIONAL
}

Because of the two optional fields, there are 4 possible variants that need to
be parsed: no optional fields, only parameters, only public key, and both
optional fields. Previously mbedTLS was unable to parse keys with "only
parameters". Also, only "only public key" was tested. There was a test for "no
optional fields", but it was labelled incorrectly as SEC.1 and not run because
of a great renaming mixup.
2018-03-28 11:29:21 +02:00
Deomid Ryabkov
980fa5839e Fix some test deps
* Cert revocation tests require `MBEDTLS_HAVE_TIME_DATE`.
 * Verison features tests require... well, `MBEDTLS_VERSION_FEATURES`, actually.

Fixes https://github.com/ARMmbed/mbedtls/issues/1475
2018-03-27 23:18:13 +02:00
Andres Amaya Garcia
e9ff785db9 Fix test dependencies of pkcs5 pbs2 on asn1 parse 2018-03-27 21:25:55 +01:00
Andres Amaya Garcia
28d97e1dfc Fix shared library lookup on Mac OS X when running tests 2018-03-27 20:04:20 +01:00
Andres Amaya Garcia
504ac5c884 Make DLEXT var configurable in programs and tests makefiles 2018-03-27 20:04:18 +01:00
Gilles Peskine
79d441c64f Add missing dependencies in test_suite_x509parse
Found by depends-hashes.pl and depends-pkgalgs.pl.
2018-03-23 02:18:36 +01:00
Gilles Peskine
763da6e550 all.sh --keep-going: properly handle multiple-builds scripts
In keep-going mode, if a multiple-builds script fails, record its
status and keep going.
2018-03-23 02:18:33 +01:00
Gilles Peskine
2cfeb887b4 Merge tag 'mbedtls-2.7.2' into iotssl-1381-x509-verify-refactor-2.7-restricted
Conflict resolution:

* ChangeLog
* tests/data_files/Makefile: concurrent additions, order irrelevant
* tests/data_files/test-ca.opensslconf: concurrent additions, order irrelevant
* tests/scripts/all.sh: one comment change conflicted with a code
  addition. In addition some of the additions in the
  iotssl-1381-x509-verify-refactor-restricted branch need support for
  keep-going mode, this will be added in a subsequent commit.
2018-03-23 02:12:44 +01:00
Gilles Peskine
0114ffc76b all.sh: Verify out-of-tree testing with CMake
Run a test case in ssl-opt.sh to validate that testing works in an
out-of-tree CMake build.
2018-03-21 12:29:20 +01:00
Gilles Peskine
a71d64c74f all.sh: fix cleanup happening during an out-of-tree build 2018-03-21 12:29:15 +01:00
Gilles Peskine
31b07e2833 all.sh: be more conservative when cleaning up CMake artefacts
Only delete things that we expect to find, to avoid deleting other
things that people might have lying around in their build tree.
Explicitly skip .git to avoid e.g. accidentally matching a branch
name.
2018-03-21 12:29:08 +01:00
Gilles Peskine
8405257035 Support out-of-tree testing with CMake
Create extra symbolic links with CMake so that SSL testing (ssl-opt.sh
and compat.sh) works in out-of-tree builds.
2018-03-21 12:28:59 +01:00
Gilles Peskine
19ceb7104c all.sh: add opposites to all boolean options
All options can now be overridden by a subsequent option, e.g.
"all.sh --foo --no-foo" is equivalent to "all.sh --no-foo". This
allows making wrapper scripts with default options and occasionally
overriding those options when running the wrapper script.
2018-03-21 08:48:40 +01:00
Gilles Peskine
54933e95bd all.sh: option parsing: reduce vertical spread
Only whitespace changes.
2018-03-21 08:48:33 +01:00
Gilles Peskine
53038ebecc all.sh: with --no-armcc, don't call armcc from output_env.sh
When not running armcc, don't try to invoke armcc at all, not even to
report its version.
2018-03-21 08:48:26 +01:00
Jaeden Amero
9ae1fba869 Update version to 2.7.2 2018-03-16 16:30:17 +00:00
Jaeden Amero
e0b1a73c56 Merge remote-tracking branch 'upstream-restricted/pr/464' into mbedtls-2.7-restricted-proposed 2018-03-15 14:36:47 +00:00
Jaeden Amero
73923e1575 Merge remote-tracking branch 'upstream-restricted/pr/459' into mbedtls-2.7-restricted-proposed 2018-03-15 14:36:22 +00:00
Manuel Pégourié-Gonnard
c3901d4cd3 fixup previous commit: add forgotten file 2018-03-14 14:10:19 +01:00
Manuel Pégourié-Gonnard
dae3fc3fe0 x509: CRL: add tests for non-critical extension
The 'critical' boolean can be set to false in two ways:
- by leaving it implicit (test data generated by openssl)
- by explicitly setting it to false (generated by hand)
2018-03-14 12:46:54 +01:00
Manuel Pégourié-Gonnard
282159c318 x509: CRL: add tests for malformed extensions
This covers all lines added in the previous commit. Coverage was tested using:

    make CFLAGS='--coverage -g3 -O0'
    (cd tests && ./test_suite_x509parse)
    make lcov
    firefox Coverage/index.html # then visual check

Test data was generated by taking a copy of tests/data_files/crl-idp.pem,
encoding it as hex, and then manually changing the values of some bytes to
achieve the desired errors, using https://lapo.it/asn1js/ for help in locating
the desired bytes.
2018-03-14 12:46:53 +01:00
Manuel Pégourié-Gonnard
5a9f46e57c x509: CRL: reject unsupported critical extensions 2018-03-14 09:24:12 +01:00
Gilles Peskine
64540d9577 Merge remote-tracking branch 'upstream-restricted/pr/458' into mbedtls-2.7-restricted-proposed 2018-03-13 17:24:46 +01:00
Gilles Peskine
955d70459d Merge remote-tracking branch 'upstream-restricted/pr/460' into mbedtls-2.7-restricted-proposed 2018-03-13 17:24:33 +01:00
Manuel Pégourié-Gonnard
b0ba5bccff Yet another dependency issue (PKCS1_V15)
Found by running:

CC=clang cmake -D CMAKE_BUILD_TYPE="Check"
tests/scripts/depend-pkalgs.pl

(Also tested with same command but CC=gcc)

Another PR will address improving all.sh and/or the depend-xxx.pl scripts
themselves to catch this kind of thing.
2018-03-13 13:44:45 +01:00
Gilles Peskine
427ff4836c Merge remote-tracking branch 'upstream-public/pr/1219' into mbedtls-2.7-proposed 2018-03-12 23:52:24 +01:00
Gilles Peskine
c5671bdcf4 Merge remote-tracking branch 'upstream-public/pr/778' into mbedtls-2.7-proposed 2018-03-12 23:44:56 +01:00
Manuel Pégourié-Gonnard
a3c5ad5db0 Fix remaining issues found by depend-hashes 2018-03-12 15:51:32 +01:00
Manuel Pégourié-Gonnard
b314ece10b Fix remaining issues found by depend-pkalgs 2018-03-12 15:51:30 +01:00
Gilles Peskine
8eda5ec8b4 Merge branch 'pr_1408' into mbedtls-2.7-proposed 2018-03-11 00:48:18 +01:00
Gilles Peskine
4848b97bc7 Merge remote-tracking branch 'upstream-public/pr/1249' into mbedtls-2.7-proposed 2018-03-11 00:48:17 +01:00
Hanno Becker
930ec7dfe5 Minor fixes 2018-03-09 10:48:12 +00:00
Hanno Becker
69d45cce5d Add a run with RSA_NO_CRT to all.sh 2018-03-09 10:46:23 +00:00
Sanne Wouda
22797fcc57 Remove redundant dependency 2018-03-06 23:35:14 +01:00
Sanne Wouda
bb50113123 Rename test and update dependencies 2018-03-06 23:35:14 +01:00
Sanne Wouda
90da97d587 Add test case found through fuzzing to pkparse test suite 2018-03-06 23:31:12 +01:00
Andres Amaya Garcia
19f33a800b Add regression test for parsing subjectAltNames 2018-03-06 19:26:20 +00:00
Manuel Pégourié-Gonnard
fa973e022a Document choice of script exit code 2018-03-05 13:23:27 +01:00
Gert van Dijk
ab41f04554 Tests: depends-pkalgs.pl - disable less options
Rather than disabling SSL & Key exchanges as a whole, only disable those
options required by reverse dependencies.

GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040
See also discussion in PR #1074.
https://github.com/ARMmbed/mbedtls/pull/1074#issuecomment-327096303
2018-03-05 13:20:36 +01:00
Gert van Dijk
b8e40efee3 Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug
GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040
2018-03-05 13:20:31 +01:00
Manuel Pégourié-Gonnard
7c28b56f65 Fix test that didn't check full value of flags 2018-03-05 13:20:26 +01:00
Manuel Pégourié-Gonnard
fcc4348ee2 Improve some comments 2018-03-05 13:20:21 +01:00
Manuel Pégourié-Gonnard
aefd2dcd5b Unify name of default profile in X.509 tests 2018-03-05 13:20:14 +01:00
Manuel Pégourié-Gonnard
d9184f2f08 Add missing dependency in test-certs Makefile 2018-03-05 13:20:08 +01:00
Manuel Pégourié-Gonnard
2f1633e002 Improve some comments, fix some typos 2018-03-05 13:19:41 +01:00
Manuel Pégourié-Gonnard
650780c462 Fix some whitespace 2018-03-05 13:16:28 +01:00
Manuel Pégourié-Gonnard
b26b28a7e4 Make some perl scripts usable with git bisect run
For that they need to return between 0 and 124 on error, while die returns
255, causing bisect-run to abort.
2018-03-05 13:16:15 +01:00
Manuel Pégourié-Gonnard
b0add2e2ad Add test for callback and bad signatures
Our current behaviour is a bit inconsistent here:
- when the bad signature is made by a trusted CA, we stop here and don't
  include the trusted CA in the chain (don't call vrfy on it)
- otherwise, we just add NOT_TRUSTED to the flags but keep building the chain
  and call vrfy on the upper certs
2018-03-05 13:05:17 +01:00
Manuel Pégourié-Gonnard
50fc51a9f7 Add test for bad name and callback
This ensures that the callback can actually clear that flag, and that it is
seen by the callback at the right level. This flag is not set at the same
place than others, and this difference will get bigger in the upcoming
refactor, so let's ensure we don't break anything here.
2018-03-05 13:05:03 +01:00
Manuel Pégourié-Gonnard
166b1e0b60 Add test for same CA with different keys
When a trusted CA is rolling its root keys, it could happen that for some
users the list of trusted roots contains two versions of the same CA with the
same name but different keys. Currently this is supported but wasn't tested.

Note: the intermediate file test-ca-alt.csr is commited on purpose, as not
commiting intermediate files causes make to regenerate files that we don't
want it to touch.
2018-03-05 13:03:40 +01:00
Manuel Pégourié-Gonnard
37a560cc6d Add test for CA forgery attempt
As we accept EE certs that are explicitly trusted (in the list of trusted
roots) and usually look for parent by subject, and in the future we might want
to avoid checking the self-signature on trusted certs, there could a risk that we
incorrectly accept a cert that looks like a trusted root except it doesn't
have the same key. This test ensures this will never happen.
2018-03-05 13:02:27 +01:00
Manuel Pégourié-Gonnard
5bc9738139 Add test for profile on trusted EE cert 2018-03-05 13:01:11 +01:00
Manuel Pégourié-Gonnard
cd2118f67b Add tests for flags passed to f_vrfy
The tests cover chains of length 0, 1 and 2, with one error, located at any of
the available levels in the chain. This exercises all three call sites of
f_vrfy (two in verify_top, one in verify_child). Chains of greater length
would not cover any new code path or behaviour that I can see.
2018-03-05 13:01:02 +01:00
Manuel Pégourié-Gonnard
ae6d7103cc Add ability to test flags value in vrfy callback
So far there was no test ensuring that the flags passed to the vrfy callback
are correct (ie the flags for the current certificate, not including those of
the parent).

Actual tests case making use of that test function will be added in the next
commit.
2018-03-05 13:00:43 +01:00
Manuel Pégourié-Gonnard
4d9e7cb66b Fix usage of CFLAGS with cmake in all.sh
With cmake, CFLAGS has to be set when invoking cmake, not make (which totally
ignores the value of CFLAGS when it runs and only keeps the one from cmake).

Also, in that case the flags were either redundant (-Werror etc) or wrong
(-std=c99 -pedantic) as some parts of the library will not build with
-pedantic (see the other -pedantic tests, which are correct, for what needs to
be disabled).
2018-03-05 13:00:03 +01:00
Manuel Pégourié-Gonnard
1ddd682843 Fix depends_on:pk_alg in test suites 2018-03-05 12:58:51 +01:00