Commit Graph

2432 Commits

Author SHA1 Message Date
Simon Butcher
54b789aa74 Merge remote-tracking branch 'public/pr/2298' into development 2018-12-19 08:08:14 +00:00
Gilles Peskine
78438e4109 Test parameter validation for pk, pkparse and pkwrite 2018-12-19 00:55:47 +01:00
Hanno Becker
59274d43cb Remove unnecessary call to mbedtls_mpi_free() in MPI tests 2018-12-18 23:27:03 +00:00
Hanno Becker
b48e1aa846 Add separate test for mbedtls_mpi_free() accepting NULL 2018-12-18 23:25:01 +00:00
Jaeden Amero
ee427b26d4 tests: Backup config.h before modifying it
It's good to make a backup of config.h before modifying it, so that when
"cleanup" runs the next test has a clean default config.h to start from.

Fixes 840af0a9ae ("Add tests to all.sh for CHECK_PARAMS edge cases")
2018-12-18 21:14:28 +00:00
Hanno Becker
e118504a5f Numerous minor improvements to bignum documentation 2018-12-18 18:12:13 +00:00
Hanno Becker
56b661cbf8 Add test that mbedtls_mpi_free() accepts NULL parameter 2018-12-18 18:12:13 +00:00
Hanno Becker
afb607b9db Add tests for parameter validation in MPI module 2018-12-18 18:12:13 +00:00
Hanno Becker
d22df58a56 Add missing guards around SHA-1 tests 2018-12-18 17:02:03 +00:00
Hanno Becker
adc9b178ca Minor improvements to DHM module 2018-12-18 16:59:09 +00:00
Hanno Becker
8c8a93c574 Test parameter validation for DHM module 2018-12-18 16:59:09 +00:00
Hanno Becker
4fbd4bf442 Fix guard in SHA-512 tests 2018-12-18 16:37:43 +00:00
Hanno Becker
36beb04fd5 Add tests or SHA-256 parameter validation 2018-12-18 16:31:06 +00:00
Hanno Becker
686c9a0e8d Test SHA-512 parameter validation 2018-12-18 15:33:14 +00:00
Hanno Becker
a994b2379f Test that xxx_free() functions accept NULL parameter 2018-12-18 15:30:30 +00:00
Hanno Becker
ae2ff02ff1 Add tests for ChaChaPoly parameter validation
Parameter validation was previously performed and tested unconditionally
for the ChaCha/Poly modules. This commit therefore only needs go guard the
existing tests accordingly and use the appropriate test macros for parameter
validation.
2018-12-18 15:30:30 +00:00
Hanno Becker
af05a90349 Test parameter validation in ECDSA module 2018-12-18 14:31:50 +00:00
Hanno Becker
491db772c3 Test parameter validation for ECJPAKE module 2018-12-18 14:31:18 +00:00
Hanno Becker
4c818483b2 Test parameter validation for ECDH module 2018-12-18 14:30:39 +00:00
Hanno Becker
b06f193d73 Add missing cases to RSA parameter validation test 2018-12-18 14:05:20 +00:00
Hanno Becker
05cf6dabb8 Add missing test for mbedtls_rsa_pkcs1_sign() 2018-12-18 13:38:05 +00:00
Hanno Becker
f04d923834 Test mbedtls_rsa_gen_key() with NULL ctx/RNG separately 2018-12-18 13:38:05 +00:00
Hanno Becker
71cd6c7ba9 Remove duplicate test in RSA parameter validation test 2018-12-18 13:38:05 +00:00
Hanno Becker
a7ee00225b Test mbedtls_rsa_init() with invalid padding 2018-12-18 13:38:05 +00:00
Hanno Becker
046d2024c5 Test parameter validation for RSA module 2018-12-18 13:38:05 +00:00
Hanno Becker
57b684f9d1 Add separate test for xxx_free() functions in ECP module 2018-12-18 13:00:48 +00:00
Hanno Becker
12dff0352b Test parameter validation for ECP module 2018-12-18 13:00:48 +00:00
Manuel Pégourié-Gonnard
488d9309fc Fix unused param warnings in test function 2018-12-18 13:05:49 +01:00
Hanno Becker
0e24473b94 Test parameter validation in SHA-1 module 2018-12-18 11:37:28 +00:00
Manuel Pégourié-Gonnard
e55e103bfe Fix off-by-one in iv_off check and add tests 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
ab6b9758d6 Improve constant naming in test functions 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
2bc535be86 Add parameter validation for AES-CTR 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
8e41eb7187 Add parameter validation for AES-OFB 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
1677cca54b Add parameter validation for AES-CFB functions 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
191af1313a Add param validation for mbedtls_aes_crypt_xts() 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
3178d1a997 Add param validation for mbedtls_aes_crypt_cbc() 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
1aca260571 Add parameter validation for mbedtls_aes_crypt_ecb() 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
68e3dff3f1 Add parameter validation XTS setkey functions 2018-12-18 12:22:40 +01:00
Manuel Pégourié-Gonnard
af0c6cb9e0 Fix missing guard on XTS function in tests 2018-12-18 12:02:52 +01:00
Hanno Becker
6640b0d9a3 Undo deprecation of MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH 2018-12-18 09:53:14 +00:00
Hanno Becker
938f9e9bdb Undo deprecation of MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
Merging MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH and
MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH is an API break.
2018-12-18 09:50:57 +00:00
Hanno Becker
d2f3a00062 Introduce single BLOWFISH error code for bad input data
Deprecate the old specific error codes
* MBEDTLS_ERR_BLOWFISH_INVALID_KEY_LENGTH
* MBEDTLS_ERR_BLOWFISH_INVALID_INPUT_LENGTH
2018-12-17 13:26:37 +00:00
Hanno Becker
4c029d09be Introduce single CAMELLIA error code for bad input data
Deprecate the old specific error codes
* MBEDTLS_ERR_CAMELLIA_INVALID_KEY_LENGTH
* MBEDTLS_ERR_CAMELLIA_INVALID_INPUT_LENGTH
2018-12-17 13:26:33 +00:00
Manuel Pégourié-Gonnard
e7306d30a9 Improve some documentation and ChangeLog entry 2018-12-13 09:45:49 +01:00
Manuel Pégourié-Gonnard
a4251f4775 Test aes_free( NULL ) unconditionally 2018-12-12 12:04:51 +01:00
Manuel Pégourié-Gonnard
54e7f312d3 Make TEST_VALID_PARAM() available unconditionally 2018-12-12 11:56:09 +01:00
Manuel Pégourié-Gonnard
aae10fa427 Fix some whitespace issues 2018-12-12 10:24:19 +01:00
Manuel Pégourié-Gonnard
cd2b29cd12 Improve wording in documentation and ChangeLog 2018-12-12 10:23:57 +01:00
Manuel Pégourié-Gonnard
9b8ea89ae5 Fix a few style / whitespace issues 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
acfdc623d2 Fix test macro that was too lenient
Previously, one could change the definition of AES_VALIDATE_RET() to return
some other code than MBEDTLS_ERR_AES_BAD_INPUT_DATA, and the test suite
wouldn't notice. Now this modification would make the suite fail as expected.
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
840af0a9ae Add tests to all.sh for CHECK_PARAMS edge cases 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
44c5d58d05 Document AES functions and fix free() functions 2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
a2b0e27378 Skip param validation tests if custom macro used
The test framework for validation of parameters depends on the macro
MBEDTLS_PARAM_FAILED() being set to its default value when building the
library. So far the test framework attempted to define this macro but this was
the wrong place - this definition wouldn't be picked by the library.

Instead, a different approach is taken: skip those tests when the macro is
defined in config.h, as in that case we have no way to know if it will indeed
end up calling mbedtls_param_failed() as we need it to.

This commit was tested by manually ensuring that aes_invalid_params:

- passes (and is not skipped) in the default configuration
- is skipped when MBEDTLS_PARAM_FAILED() is defined in config.h
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
3ef6a6dc5c Fix const-ness in mbedtls_param_failed()
The previous prototype gave warnings are the strings produced by #cond and
__FILE__ are const, so we shouldn't implicitly cast them to non-const.

While at it modifying most example programs:
- include the header that has the function declaration, so that the definition
  can be checked to match by the compiler
- fix whitespace
- make it work even if PLATFORM_C is not defined:
    - CHECK_PARAMS is not documented as depending on PLATFORM_C and there is
      no reason why it should
    - so, remove the corresponding #if defined in each program...
    - and add missing #defines for mbedtls_exit when needed

The result has been tested (make all test with -Werror) with the following
configurations:

- full with    CHECK_PARAMS with    PLATFORM_C
- full with    CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS without PLATFORM_C
- full without CHECK_PARAMS with    PLATFORM_C

Additionally, it has been manually tested that adding

    mbedtls_aes_init( NULL );

near the normal call to mbedtls_aes_init() in programs/aes/aescrypt2.c has the
expected effect when running the program.
2018-12-11 12:28:56 +01:00
Manuel Pégourié-Gonnard
8e661bf6a8 Fix arity of the PARAM_FAILED() macro and function
It was inconsistent between files: sometimes 3 arguments, sometimes one.

Align to 1 argument for the macro and 3 for the function, because:
- we don't need 3 arguments for the macro, it can add __FILE__ and __LINE__
  in its expansion, while the function needs them as parameters to be correct;
- people who re-defined the macro should have flexibility, and 3 arguments
  can give the impression they they don't have as much as they actually do;
- the design document has the macro with 1 argument, so let's stick to that.
2018-12-11 12:28:56 +01:00
Simon Butcher
249b3d6efe Remove use of the macro TEST_FN from the AES test suite
The TEST_FN macro is now redundant and no longer necessary.
2018-12-11 12:28:56 +01:00
Simon Butcher
6542f6c597 Change the use of setjmp/longjmp in parameter failure callback
Change the use of setjmp and longjmp in signalling parameter validation failures
when using the MBEDTLS_CHECK_PARAMS config.h option. This change allows
all calls which might result in a call to the parameter validation failure
handler to always be caught, even without use of the new macros, by placing a
setjmp() in the outer function which calls the test function, which the handler
can jump to.

This has several benefits:
    * it allows us to remove the clang compiler warning (-Wclobbered) caused
      by local auto variables being in the same function as the call to setjmp.
    * removes the need to wrap all function calls in the test functions with the
      TEST_ASSERT() macro. Now all parameter validation function calls should be
      caught.
2018-12-11 12:28:56 +01:00
Simon Butcher
747f5fe3e2 Add disabling of gcc 'clobbered' warning
With gcc, use of setjmp() was triggering warnings about use of auto variables
being clobbered.
2018-12-11 12:28:56 +01:00
Simon Butcher
a646345e3f Add additional parameter validation tests for the AES module
This adds additional tests to validate the AES module parameter validation
checks which are enabled using the MBEDTLS_CHECK_PARAMS option.
2018-12-11 12:28:56 +01:00
Jaeden Amero
faafcd83a8 Merge remote-tracking branch 'upstream-public/pr/2223' into development 2018-12-07 16:16:24 +00:00
Jaeden Amero
fedb407a3f Merge remote-tracking branch 'upstream-public/pr/2208' into development 2018-12-07 16:16:04 +00:00
Jaeden Amero
52ed0b9030 Merge remote-tracking branch 'upstream-public/pr/2101' into development 2018-12-07 16:15:31 +00:00
Jaeden Amero
d07ef47150 Merge remote-tracking branch 'upstream-public/pr/2061' into development 2018-12-07 16:07:21 +00:00
Jaeden Amero
60ca6e58b6 test: Make basic-build-test.sh see summary statuses
We've changed the behavior of "-v" to no longer output test summary
statuses. Update basic-build-test.sh to use the test runner's verbosity
option "-v 2", so that the basic-build-test.sh script can get the summary
statuses it needs.
2018-12-07 13:06:24 +00:00
Jaeden Amero
8ef1f48a52 Merge remote-tracking branch 'upstream-public/pr/2219' into development 2018-12-06 16:16:36 +00:00
Jaeden Amero
3c0941ec64 Merge remote-tracking branch 'upstream-public/pr/2172' into development 2018-12-06 16:09:08 +00:00
Jaeden Amero
41722ec29e Merge remote-tracking branch 'upstream-public/pr/1958' into development 2018-12-06 15:53:56 +00:00
Jaeden Amero
643e0027d6 Merge remote-tracking branch 'upstream-public/pr/1548' into development 2018-12-06 15:51:29 +00:00
Janos Follath
36c5f7fe9b ECDH: Hide context from tests
The tests for the ECDH key exchange that use the context accessed it
directly. This can't work with the new context, where we can't make any
assumptions about the implementation of the context. This commit works
around this problem and comes with the cost of allocating an extra
structures on the stack when executing the test.

One of the tests is testing an older interface for the sake of backward
compatibility. The new ECDH context is not backward compatible and this
test doesn't make any sense for it, therefore we skip this test in
non-legacy mode.
2018-12-06 12:22:46 +00:00
Janos Follath
fc03e8dfa9 ECDH: Adapt tests for mbedtls_ecdh_setup()
The recently added `mbedtls_ecdh_setup()` function is not used in the
tests yet. This commit adapts the tests to the new workflow.

Having done that, the old lifecycle is not tested anymore, so we add a
new test to ensure backward compatibility.
2018-11-30 14:09:57 +00:00
Simon Butcher
51b8a2fa87 Merge remote-tracking branch 'restricted/pr/512' into development 2018-11-29 16:56:02 +00:00
Simon Butcher
658618b6b2 Merge remote-tracking branch 'restricted/pr/516' into development 2018-11-29 16:53:51 +00:00
Ron Eldor
b9b3813649 Separate REGEX of MACRO to groups
Seperate the REGEX into identifier, condition and value, into groups,
to behandled differently.
2018-11-27 16:37:49 +02:00
Ron Eldor
111ba0e949 Fix parsing error of test data
Fix parsing error that contains special character.
The previous implementation replaced the `:` char with `\n`,
and split on `\n`. Test data containing strings with `\n`
were split as well. Fixes #2193.
The split function caused strings containing `\:` to add
another escape char, resulting in `\\:`. This caused the
tests with the `\:` in the string data to fail.
The fix doesn't replace with `\n`, but splits all `:` that
are not preceded with `\`. After that, removes the preceding `\` char.
2018-11-27 13:48:13 +02:00
Andres Amaya Garcia
687d6739b2 Fix resource leak of file desc in test code 2018-11-26 21:23:28 +00:00
Gilles Peskine
d919993b76 CTR_DRBG: deprecate mbedtls_ctr_drbg_update because it ignores errors
Deprecate mbedtls_ctr_drbg_update (which returns void) in favor of a
new function mbedtls_ctr_drbg_update_ret which reports error.
2018-11-26 19:26:00 +01:00
Ron Eldor
d5062dedeb Add conditional dependency to tests
Add a way to check compile time defionitions values, for determining
whether to skip tests.
2018-11-26 14:23:14 +02:00
Ron Eldor
6dbb9aabf8 Test AD too long only when CCM_ALT not defined
Since the AD too long is a limitation on Mbed TLS,
HW accelerators may support this. Run the test for AD too long,
only if `MBEDTLS_CCM_ALT` is not defined.
Addresses comment in #1996.
2018-11-25 10:31:53 +02:00
Gilles Peskine
c117d5928c check-files: detect merge artifacts
Detect Git merge artifacts. These are lines starting with "<<<<<<",
"|||||||" or ">>>>>>>" followed by a space, or containing just
"=======". For "=======", exempt Markdown files, because this can be
used to underline a title, as a compromise between false negatives and
false positives.
2018-11-23 21:11:52 +01:00
Gilles Peskine
043980585c Factor record_issue into its own method 2018-11-23 21:11:30 +01:00
Jaeden Amero
80a23a5bc4 check-files: Don't check same-named files
The check-files script contains the strings "TODO" and "todo" in order to
search for files that contain TODO items. So, any check-files script would
need to be excluded from the list of files that gets checked for "TODO".
Normally, the script excludes itself from checks, but with the addition of
the crypto submodule, there is another copy of the script present from the
project root. We must avoid checking check-files scripts for TODO items.
This also helps if you run check-files from another working tree in your
working tree.
2018-11-23 13:14:38 +00:00
Ron Eldor
8672cb7909 Set result to False on Failure
Add a member for holding a failed result,
and notify_complete with this member value, when finished.
2018-11-21 14:02:12 +02:00
Simon Butcher
c1b9892177 Update library version number to 2.14.0 2018-11-19 18:31:40 +00:00
Manuel Pégourié-Gonnard
f560a2d6fc Disable test that trigger bug in old GnuTLS
This is temporary until we fix the GnuTLS version available in our CI.
2018-11-19 13:24:23 +01:00
Ron Eldor
7a977881b4 Change buf size to a valid size
Change the size of `buf` to a valid hash size, in `ecdsa_prim_random()`
2018-11-19 13:51:00 +02:00
Simon Butcher
cdd1a6c872 Merge remote-tracking branch 'restricted/pr/510' into development-restricted-proposed 2018-11-12 14:29:14 +00:00
Simon Butcher
53b45ec881 Merge remote-tracking branch 'public/pr/2079' into development-restricted-proposed 2018-11-07 12:58:44 +00:00
Simon Butcher
241823aab8 Merge remote-tracking branch 'public/pr/1641' into development-restricted-proposed 2018-11-07 12:55:47 +00:00
Simon Butcher
42ab4ae033 Merge remote-tracking branch 'public/pr/2167' into development-restricted-proposed 2018-11-07 12:54:45 +00:00
Ron Eldor
c242eea732 Change data file suffix for ott
Change the suffix of the data files searched in `mbedtls_test.py`
to `datax` as the generated files have this suffix.
2018-11-05 16:22:36 +02:00
Manuel Pégourié-Gonnard
79bf327a95 Add ARIA and ChachaPoly to basic-build-test
The invocation of `compat.sh` that runs those tests was added in all.sh but
not here, resulting in our reported coverage figures being slightly lower than
what we actually test. Fixing that omission change the figures reported from:

Lines Tested       : 19105 of 22623 84.4%
Functions Tested   : 1392 of 1460 95.3%

to:

Lines Tested       : 19126 of 22623 84.5%
Functions Tested   : 1399 of 1460 95.8%

It requires `$OPENSSL_NEXT` to be set and point to an OpenSSL version in the
1.1.1 line or later.
2018-11-05 14:27:09 +01:00
Hanno Becker
a8b13d79bf Add tests for relaxed CRL-CA name comparison
This commit introduces variants test-ca_utf8.crt,
test-ca_printablestring.crt and test-ca_uppercase.crt
of tests/data_files/test-ca.crt which differ from
test-ca.crt in their choice of string encoding and
upper and lower case letters in the DN field. These
changes should be immaterial to the recovation check,
and three tests are added that crl.pem, which applies
to test-ca.crt, is also considered as applying to
test-ca_*.crt.

The test files were generated using PR #1641 which
- adds a build instruction for test-ca.crt to
  tests/data_files/Makefile which allows easy
  change of the subject DN.
- changes the default string format from `PrintableString`
  to `UTF8String`.

Specifically:
- `test-ca_utf8.crt` was generated by running
      `rm test-ca.crt && make test-ca.crt`
   on PR #1641.
- `test-ca_uppercase.crt`, too, was generated by running
      `rm test-ca.crt && make test-ca.crt`
   on PR #1641, after modifying the subject DN line in the build
   instruction for `test-ca.crt` in `tests/data_files/Makefile`.
-  `test-ca_printable.crt` is a copy of `test-ca.crt`
   because at the time of this commit, `PrintableString` is
   still the default string format.
2018-11-05 11:47:49 +00:00
Simon Butcher
06f88e9c42 Merge remote-tracking branch 'public/pr/2007' into development-proposed 2018-11-04 19:12:57 +00:00
Jaeden Amero
8396a71449 test: Enable multiple levels of verbosity
Enable passing a number to "-v" in order to set the level of verbosity.
Print detailed test failure information at verbosity level 1 or higher.
Display summary messages at the verbosity level 2 or higher. Print
detailed test information at verbosity level 3 or higher, whether the
test failed or not. This enables a more readable output style that
includes detailed failure information when a failure occurs.
2018-11-02 13:25:16 +00:00
Jaeden Amero
f4b521dd10 test: Use GetOpt::Long for argument parsing
Simplify argument parsing by using a core perl library for parsing
arguments.
2018-11-02 13:25:16 +00:00
Jaeden Amero
79e4f4e933 test: Print verbosely on failures in verbose mode
Update the test runner to print detail about why the test failed when it
fails, if the runner is running in verbose mode.
2018-11-02 13:25:16 +00:00
Hanno Becker
710f203541 Merge branch 'iotssl-1770' into development_thomas_dee 2018-11-02 10:52:49 +00:00
Hanno Becker
6e1adee42b Regenerate test files
Previous commits have added or modified build instructions for
server1*, server2*, server5*, test-ca*, cli-rsa* in the Makefile
tests/data_files/Makefile, or the apps they invoke have been changed.

This commit regenerates those files to make sure they are in match with
the build instructions.
2018-11-02 10:52:38 +00:00
Hanno Becker
381c77c0c4 Change serial in test-ca.crt from 0 to 3 to circumvent ASN.1 bug
As of 2.13.1, mbedtls_asn1_write_mpi() doesn't write 0 correctly. #2166.
2018-11-02 10:52:35 +00:00
Hanno Becker
52acdb5926 Add tests for relaxed CRL-CA name comparison
This commit introduces variants test-ca_utf8.crt,
test-ca_printablestring.crt and test-ca_uppercase.crt
of tests/data_files/test-ca.crt which differ from
test-ca.crt in their choice of string encoding and
upper and lower case letters in the DN field. These
changes should be immaterial to the recovation check,
and three tests are added that crl.pem, which applies
to test-ca.crt, is also considered as applying to
test-ca_*.crt.
2018-11-02 10:49:05 +00:00
Hanno Becker
b963081df1 Generate tests/data_files/test-ca_cat[12|21].crt from Makefile 2018-11-02 09:01:52 +00:00
Hanno Becker
386f99c65c Generate cli-rsa* CSRs and CRTs through Mbed TLS applications 2018-11-02 09:01:52 +00:00
Hanno Becker
0dd11396d4 Generate server5.req.ku.sha1 through Mbed TLS application 2018-11-02 09:01:52 +00:00
Hanno Becker
ebc1f40aa0 Generate server2* CSRs and CRTs through Mbed TLS applications 2018-11-02 09:01:52 +00:00
Hanno Becker
b83777532a Generate test-ca* CSRs and CRTs through Mbed TLS applications 2018-11-02 09:01:52 +00:00
Hanno Becker
50cb93a04c Generate server1* CRTs and CSRs through Mbed TLS applications
Previously, CSRs and CRTs from the server1* family in testa/data_files
were generated through OpenSSL. This commit changes the build instructions
to use Mbed TLS' example applications programs/x509/cert_write and
programs/x509/cert_req instead.
2018-11-02 09:01:49 +00:00
Simon Butcher
7904f94550 Merge remote-tracking branch 'public/pr/1099' into development-proposed 2018-10-28 18:10:37 +00:00
Simon Butcher
02ef525a7b Merge remote-tracking branch 'public/pr/2107' into development-proposed 2018-10-28 16:16:58 +00:00
Simon Butcher
a07d86e8af Merge remote-tracking branch 'public/pr/1902' into development 2018-10-27 18:36:55 +01:00
Simon Butcher
3869384ddb Merge remote-tracking branch 'public/pr/2031' into development 2018-10-27 18:34:18 +01:00
Simon Butcher
78dd2e55bf Merge remote-tracking branch 'public/pr/1806' into development 2018-10-27 17:59:17 +01:00
Simon Butcher
e783f4a767 Merge remote-tracking branch 'public/pr/1609' into development 2018-10-27 17:35:25 +01:00
Simon Butcher
76cf60beb3 Remove merge conflict marker in ssl-opt.sh
Commit 6346a75dfb introduced a merge conflict marker into ssl-opt.sh
by accident. This commit removes it.
2018-10-25 21:51:32 +01:00
Simon Butcher
169712e15a Merge remote-tracking branch 'restricted/pr/390' into development 2018-10-24 18:34:30 +01:00
Simon Butcher
c774e32939 Merge remote-tracking branch 'restricted/pr/517' into development 2018-10-22 14:23:29 +01:00
Simon Butcher
837f821bc2 Merge remote-tracking branch 'public/pr/1990' into development 2018-10-22 14:22:56 +01:00
Manuel Pégourié-Gonnard
bcedb92e7b Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
* development:
  Add Jenkinsfile for PR job
2018-10-22 09:52:46 +02:00
Darryl Green
b51e267bee Add Jenkinsfile for PR job 2018-10-19 15:25:10 +01:00
Hanno Becker
198611db32 Add missing return value check in ECDSA test suite
The test case `ecdsa_det_test_vectors` from the ECDSA test suite
called `mbedtls_md()` without checking its return value.
2018-10-17 13:58:19 +01:00
Hanno Becker
0fbbc64fee Add dependency of mbedtls_asn1_write_len() test on ASN.1 parsing 2018-10-16 13:48:23 +01:00
Hanno Becker
19d858e8e6 Add dependency of pkwrite test suite on pkparse module 2018-10-16 13:46:25 +01:00
Gilles Peskine
96f3b4ee42 Remove yotta support from check-files.py
Complements "Remove Yotta support from the docs, tests and build scripts".
2018-10-16 14:10:21 +02:00
Manuel Pégourié-Gonnard
7a28e99fa0 Expand test to ensure no assumption on output
The functions don't require the caller to preserve the content of the output
parameter - let's ensure that they don't assume that.
2018-10-16 11:22:45 +02:00
Manuel Pégourié-Gonnard
6346a75dfb Merge branch 'development' into iotssl-1260-non-blocking-ecc-restricted
* development:
  ssl-opt.sh: change expected output for large srv packet test with SSLv3
  Adapt ChangeLog
  Fix bug in SSL ticket implementation removing keys of age < 1s
  ssl-opt.sh: Add DTLS session resumption tests
  Add ChangeLog entry
  Fix typo
  Fix hmac_drbg failure in benchmark, with threading
  Remove trailing whitespace
  Remove trailing whitespace
  ssl_server2: add buffer overhead for a termination character
  Add missing large and small packet tests for ssl_server2
  Added buffer_size and response_size options for ssl-server2. Added appropriate tests.

Solving a conflict in tests/ssl-opt.sh: two set of tests were added at the
same place (just after large packets):
- restartable ECC tests (in this branch)
- server-side large packets (in development)

Resolution was to move the ECC tests after the newly added server large packet
ones.
2018-10-15 11:26:17 +02:00
Andrzej Kurek
9580528248 ssl-opt.sh: fix typo in mtu settings 2018-10-11 08:55:37 -04:00
Andrzej Kurek
b459346f67 ssl-opt.sh: add a check for i686 targets
Run DTLS fragmenting tests on non-i686 targets only.
Remove reduntant gnutls requirements.
2018-10-11 08:43:30 -04:00
Andrzej Kurek
7782605491 ssl-opt.sh: add comments regarding ciphersuite forcing 2018-10-11 07:34:08 -04:00
Andrzej Kurek
7c6df832ed ssl-opt.sh: revert unnecessary "autoreduction" checks
return to the initial check for "resend"
2018-10-11 07:06:12 -04:00
Andrzej Kurek
7311c78074 ssl-opt.sh: force ciphersuites to reduce mtu size 2018-10-11 06:49:41 -04:00
Hanno Becker
e5fecec7bf Add test for MBEDTLS_PLATFORM_{CALLOC/FREE}_MACRO to all.sh
This commit adds a test to tests/scripts/all.sh exercising an
ASan build of the default configuration with

MBEDTLS_PLATFORM_MEMORY enabled,
MBEDTLS_PLATFORM_CALLOC_MACRO set to std calloc
MBEDTLS_PLATFORM_FREE_MACRO   set to std free

(This should functionally be indistinguishable from a default build)
2018-10-11 11:04:20 +01:00
Darryl Green
ac2ead0e68 Improve deterministic test for prime testing
Extend the mbedtls_mpi_is_prime_det test to check that it reports
the number as prime when testing rounds-1 rounds, then reports the
number as composite when testing the full number of rounds.
2018-10-09 16:36:53 +01:00
Janos Follath
a0b67c2f3e Bignum: Deprecate mbedtls_mpi_is_prime()
When using a primality testing function the tolerable error rate depends
on the scheme in question, the required security strength and wether it
is used for key generation or parameter validation. To support all use
cases we need more flexibility than what the old API provides.
2018-10-09 16:36:53 +01:00
Janos Follath
64eca05ec2 Bignum: Add tests for primality testing
Primality tests have to deal with different distribution when generating
primes and when validating primes.
These new tests are testing if mbedtls_mpi_is_prime() is working
properly in the latter setting.

The new tests involve pseudoprimes with maximum number of
non-witnesses. The non-witnesses were generated by printing them
from mpi_miller_rabin(). The pseudoprimes were generated by the
following function:

void gen_monier( mbedtls_mpi* res, int nbits )
{
    mbedtls_mpi p_2x_plus_1, p_4x_plus_1, x, tmp;

    mbedtls_mpi_init( &p_2x_plus_1 );
    mbedtls_mpi_init( &p_4x_plus_1 );
    mbedtls_mpi_init( &x ); mbedtls_mpi_init( &tmp );

    do
    {
        mbedtls_mpi_gen_prime( &p_2x_plus_1, nbits >> 1, 0,
                               rnd_std_rand, NULL );
        mbedtls_mpi_sub_int( &x, &p_2x_plus_1, 1 );
        mbedtls_mpi_div_int( &x, &tmp, &x, 2 );

        if( mbedtls_mpi_get_bit( &x, 0 ) == 0 )
            continue;

        mbedtls_mpi_mul_int( &p_4x_plus_1, &x, 4 );
        mbedtls_mpi_add_int( &p_4x_plus_1, &p_4x_plus_1, 1 );

        if( mbedtls_mpi_is_prime( &p_4x_plus_1, rnd_std_rand,
                                  NULL ) == 0 )
            break;

    } while( 1 );

    mbedtls_mpi_mul_mpi( res, &p_2x_plus_1, &p_4x_plus_1 );
}
2018-10-09 16:36:53 +01:00
Janos Follath
a3cb7eb8ad Bignum: Add test for improved prime generation 2018-10-09 16:33:27 +01:00
Andrzej Kurek
35f2f300ca ssl-opt.sh: change expected pattern from 'resend' to 'autoreduction' 2018-10-09 08:52:14 -04:00
Andrzej Kurek
0fc9cf40cf ssl-opt.sh: increase proxy mtu sizes to contain entire datagrams 2018-10-09 03:09:41 -04:00
Gilles Peskine
695a34654a Add tests for PKCS#1 v1.5 decoding
Functional tests for various payload sizes and output buffer sizes.

When the padding is bad or the plaintext is too large for the output
buffer, verify that function writes some outputs. This doesn't
validate that the implementation is time-constant, but it at least
validates that it doesn't just return early without outputting anything.
2018-10-08 11:13:21 +02:00
Simon Butcher
03de21059d Add additional test case for alternative CSR headers
Add a test case for alternative headers possible for CSR's, as defined in
RFC7468.
2018-10-06 17:19:31 +01:00
Andrzej Kurek
948fe80f42 ssl-opt.sh: adjust test timeouts to fit slower targets 2018-10-06 05:07:47 -04:00
Andrzej Kurek
52f8491dc2 ssl-opt.sh: adjust tests to fit slower targets
Adjust mtu sizes to be able to pass tests using a full configuration
2018-10-05 07:53:40 -04:00
Gilles Peskine
95c5575e12 check-files: exclude .git and third-party files
Exclude ".git" directories anywhere. This avoids spurious errors in git
checkouts that contain branch names that look like a file
check-files.py would check. Fix #1713

Exclude "mbed-os" anywhere and "examples" from the root. Switch to the
new mechanism to exclude "yotta/module". These are directories where
we store third-party files that do not need to match our preferences.

Exclude "cov-int" from the root. Fix #1691
2018-10-02 13:13:24 +02:00
Simon Butcher
6e3606e4f6 Fix run-test-suites.pl to screen for files
Changes run-test-suites.pl to filter out directories, and select only files
as on OSX, test coverage tests create .dSYM directories which were being
accidentally selected to execute.
2018-09-30 21:53:16 +01:00
Gilles Peskine
427df37f84 Don't try to disable ASLR
We don't need to disable ASLR, so don't try. If gdb tries but fails,
the test runs normally, but all.sh then trips up because it sees
`warning: Error disabling address space randomization: Operation not permitted`
and interprets it as an error that indicates a test failure.
2018-09-28 14:31:16 +02:00
Gilles Peskine
5c39d7a972 Remove redundant check in all.sh
test -s can't fail if the subsequent grep succeeds.
2018-09-28 14:31:16 +02:00
Gilles Peskine
bd90a8c002 In keep-going mode, don't hard-fail on some tests
Add if_build_succeeded in front of the invocation of some test runs
where it was missing.
2018-09-28 14:31:16 +02:00
Jaeden Amero
65593d2ddd rsa: pss: Add no possible salt size tests
Add signing tests with 528-bit and 520-bit RSA keys with SHA-512. These
selections of key and hash size should lead to an error returned, as
there is not enough room for our chosen minimum salt size of two bytes
less than the hash size. These test the boundary around an available
salt length of 0 or -1 bytes.

The RSA keys were generated with OpenSSL 1.1.1-pre8.

    $ openssl genrsa 520
    Generating RSA private key, 520 bit long modulus (2 primes)
    .............++++++++++++
    .................++++++++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIIBPwIBAAJCANWgb4bludh0KFQBZcqWb6iJOmLipZ0L/XYXeAuwOfkWWjc6jhGd
    B2b43lVnEPM/ZwGRU7rYIjd155fUUdSCBvO/AgMBAAECQgDOMq+zy6XZEjWi8D5q
    j05zpRGgRRiKP/qEtB6BWbZ7gUV9DDgZhD4FFsqfanwjWNG52LkM9D1OQmUOtGGq
    a9COwQIhD+6l9iIPrCkblQjsK6jtKB6zmu5NXcaTJUEGgW68cA7PAiENaJGHhcOq
    /jHqqi2NgVbc5kWUD/dzSkVzN6Ub0AvIiBECIQIeL2Gw1XSFYm1Fal/DbQNQUX/e
    /dnhc94X7s118wbScQIhAMPVgbDc//VurZ+155vYc9PjZlYe3QIAwlkLX3HYKkGx
    AiEND8ndKyhkc8jLGlh8aRP8r03zpDIiZNKqCKiijMWVRYQ=
    -----END RSA PRIVATE KEY-----

    $ openssl genrsa 528
    Generating RSA private key, 528 bit long modulus (2 primes)
    .........++++++++++++
    ....++++++++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIIBQgIBAAJDAKJVTrpxW/ZuXs3z1tcY4+XZB+hmbnv1p2tBUQbgTrgn7EyyGZz/
    ZkkdRUGQggWapbVLDPXu9EQ0AvMEfAsObwJQgQIDAQABAkJhHVXvFjglElxnK7Rg
    lERq0k73yqfYQts4wCegTHrrkv3HzqWQVVi29mGLSXTqoQ45gzWZ5Ru5NKjkTjko
    YtWWIVECIgDScqoo7SCFrG3zwFxnGe7V3rYYr6LkykpvczC0MK1IZy0CIgDFeINr
    qycUXbndZvF0cLYtSmEA+MoN7fRX7jY5w7lZYyUCIUxyiOurEDhe5eY5B5gQbJlW
    ePHIw7S244lO3+9lC12U1QIhWgzQ8YKFObZcEejl5xGXIiQvBEBv89Y1fPu2YrUs
    iuS5AiFE64NJs8iI+zZxp72esKHPXq/chJ1BvhHsXI0y1OBK8m8=
    -----END RSA PRIVATE KEY-----
2018-09-27 18:23:08 +01:00
Jaeden Amero
80d99ea038 rsa: pss: Extend tests for variable salt length
Since we wish to generate RSASSA-PSS signatures even when hashes are
relatively large for the chosen RSA key size, we need some tests. Our
main focus will be on 1024-bit keys and the couple key sizes larger than
it. For example, we test for a signature generated using a salt length
of 63 when a 1032-bit key is used. Other tests check the boundary
conditions around other key sizes. We want to make sure we don't use a
salt length larger than the hash length (because FIPS 186-4 requires
this). We also want to make sure we don't use a salt that is too small
(no smaller than 2 bytes away from the hash length).

Test RSASSA-PSS signatures with:
 - 1024-bit key and SHA-512 (slen 62)
 - 1032-bit key and SHA-512 (slen 63)
 - 1040-bit key and SHA-512 (slen 64)
 - 1048-bit key and SHA-512 (slen 64)

The tests also verify that we can properly verify the RSASSA-PSS
signatures we've generated.

We've manually verified that OpenSSL 1.1.1-pre8 can verify the
RSASSA-PSS signatures we've generated.

    $ openssl rsa -in rsa1024.pem -pubout -out pub1024.pem
    writing RSA key
    $ openssl rsa -in rsa1032.pem -pubout -out pub1032.pem
    writing RSA key
    $ openssl rsa -in rsa1040.pem -pubout -out pub1040.pem
    writing RSA key
    $ openssl rsa -in rsa1048.pem -pubout -out pub1048.pem
    writing RSA key
    $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:62 -verify pub1024.pem -signature valid1024.bin
    Verified OK
    $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -verify pub1032.pem -signature valid1032.bin
    Verified OK
    $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1040.pem -signature valid1040.bin
    Verified OK
    $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:64 -verify pub1048.pem -signature valid1048.bin
    Verified OK

We've also added a new test that ensures we can properly validate a
RSASSA-PSS 1032-bit signature with SHA-512 generated by OpenSSL. This
has been added as the "RSASSA-PSS Verify OpenSSL-generated Signature
1032-bit w/SHA-512" test. The signature to verify was generated with the
following command line.

    $ cat message.bin | openssl dgst -sha512 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:63 -sign rsa1032.pem > valid.bin

The RSA private keys used by these tests were generated with OpenSSL
1.1.1-pre8.

    $ openssl genrsa 1024
    Generating RSA private key, 1024 bit long modulus (2 primes)
    ........................................++++++
    ......++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICWwIBAAKBgQDDyYc1SFQ1kcH5R+QSwz2la50blKWML0EKimIOm08dkZdkPr9S
    f19isgK51noyZU0F8yapth4BBu/fSClnPE89I2VZluJCQFmRarR6pn5AbBKWeeWX
    nKRnCIZmCP+iH2GYQ7lZtEQuQiWYovqrVKjO8fExmSZ30s9byvK1Vk90GQIDAQAB
    AoGAG1BnO4i+rsaJ8DQWXoO8evJ7dZiUS+1fvo+1xGHodLCWFVcnq+O3M/avqKuC
    WruFNlpIv453ux7zogvYMt3YE+ny//kgh5gUh0O1mXPbZtF4gGxsqXdV13lMW9dK
    ZH2ltN94MwynrXl74m2P4uCHWIHLE9+ZyWRzwH/c/o1E4n0CQQDo+VpxbBJ9UUfc
    wkGnwf6NVIez6LbpXkioMzTSHQDHmtCpDimUHAxTBlsgBZ3pXp5AYGFBb3rBLtyh
    mDue4ozDAkEA1yNIspfn5dxDKfarh0sXmCWE4KtDF0Bwqb6YPA8EAyDW+JPEDScX
    yzBEOAyzIwtxM2IescVaPqVtDnzuaUtd8wJAdOP3XwUsWbgYaEkHDBank12gIMJY
    U8q8hbf7fpiStZOVsdyrO+a+wEFmIzDuRBL3L7Gr2lsGqjrK9EEfWN6uZQJAOJml
    1Ka2cfkDCpVFB3EwIe0tClbEbeecPGxSbOqeaZxIMlnd6H/yeJiYOg7NSlkGTThx
    Tt/XIEgxavBfYQBdFQJAMFmLr9DL5lWAZNAHspJ8R5NdoOcsrKV9tb24cu0YapuZ
    rSPwmebskHyinvoBsD2CthUtpSo3NE+xZ6HcfYca9w==
    -----END RSA PRIVATE KEY-----

    $ openssl genrsa 1032
    Generating RSA private key, 1032 bit long modulus (2 primes)
    ....................++++++
    .................................++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICYAIBAAKBggCqlKuRtMJr4lfkaVKCKMSwtrTJnnOoSicrMQGJLAdAaRE3K4Ps
    SnuBkfC6S0y0yztzIHTpbGaCl+EyO4rQgip+FRGC3vA4caZqR7cEuShFxhlBQtTu
    2hmQPgQENYH3qDXcKIEXhj0hlEw67e1RhFjxowpBx2OKpOCYqI/fLCCXJw0CAwEA
    AQKBgWcY+CFWePOvl6OrrHySm16a7uW06P5b4xSNx/naLH/XgNoxaMiVs9P6Gt7d
    x/y1oLbSdRbnt4VSun8b0ah4I6qEyk3MdfiNnhy24LlCuv0TOLbQVibjH+5Q+iP2
    995ssUrkfPa/QAA95nPVaDhcsATSh32JagE0rkItukalyc/IGQJBDfrttwmtohBS
    I+XndkpfMdB656N73HtKVsJJnhFzFHvNyxZbj7AaJSgZDLaHRlapNkkYmPyjMNuK
    9antVBcmjtcCQQwznFZ5epDGQSklYNDvZ19xrCyZ/KumJgw45PFn39F563qeJV+b
    28VJ5BgfmioZsfMKgLKS1e8a11ueZY6qb7C7AkEExSw7mmfOtrbwXNAfwry8qKBn
    TZdD4iW5eM3Zy6ZyxNOxik1vt+0T5Jy3g8igrY1LYqGsAfhFAYRm0raSTNvxPQJB
    AUcOIYfKq4n2nKZLQtUuT7IJQwpEiHx3E2SJpDUqHDbVzxrr8tzQ4BFijpwQekQC
    e94np4r0V3rJ/c/R9mQmGa0CQQrd2veAgj1F7Rma7zE4vYhvCf0XB1rshw972xGo
    BTAU4BagC7/vht1YXhhdz1FC36DrWm3veTwLLuNUQTJWsYIH
    -----END RSA PRIVATE KEY-----

    $ openssl genkey 1040
    Generating RSA private key, 1040 bit long modulus
    ........++++++
    ........++++++
    e is 65537 (0x10001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICZgIBAAKBgwDSNAU4Ix3NWmHt+Dq5Sy5LOnhDlMTtNaQkwFDClBV7diX5rKgl
    jCHi0Keqm3ydtXZATmMJDbpQ2Zj5o+xysaXPKNgyUauTNBx9LBqQQD1w9nvBqeQT
    vGL6zMtSRB4kw/K8n97KGngwEucLlSgXYmBYDE4QJsWCCejcxN478/W+VWXpAgMB
    AAECgYMAutjQ1uCoKhSwPgbLtE92vBoiMvh3v99Ro/VrFDrriY4xHWlzIcUZjfMp
    Rsblk45sqabD85VHS3zQtP8YO69bkvK+r5upGfzLtzX8r5BVuO1+7oO+/jbRHLYJ
    ieBoFZbUc27YcKzR35Iv78d+KjygYIsWgt7W2Yqf6qt98r43WcrYsQJCAPx/S0kL
    TT73Kdsj+1r7tfL8YgpHI0LYuP8xDP3BJL523CKrb0vjWjjd0x8k1/ZNMQ9nqzo3
    XoP04FWeTLXcQ+h1AkIA1R6GgKtx3AHhqKaKKYY2uxZYz6uNc85SimJpdyLUhauQ
    za/F4ndot2GDn/k0IEWK5V8VppRl28DHtSTcmjhf+SUCQT4RVIJaItztiP5zc+BD
    q9BVNgxsvEA8Yg1pE1Z1WgDv2uEy3yL6ej0sWi93sRa8lujAhRjEb5lkYpjpVtYF
    lTPZAkIAlt1yB3nWMxEd5l5mZbi927iZDAF8M+N1aML7t7tvSGTIL+LjKUqwVUhx
    ffhSXxn7lh22XOKmLGcOuHussnt/7QUCQS2GWdSBu7DGZ5uIvZVj+5KPTwv3Pw9+
    uuj12Z3shojl1iVije7nsBK1q3NbrXksEiQ4QJIoK2V2quqD58O2/K8T
    -----END RSA PRIVATE KEY-----

    $ openssl genrsa 1048
    Generating RSA private key, 1048 bit long modulus (2 primes)
    ...............................++++++
    .++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICaQIBAAKBhADHXQ+foX0dJLk5U3pDQBfzkMZgRETDWhM2DWsfyYa69AFZuEJ1
    03uIMnjfUGTdnrDymw0yWsx5DEtZZyc32786y4j14vLVTJGcr9ByJyxJRZHVLhWJ
    kzFeceLKYLHHT+/489d4QrQV1OcXNKSYIGpc2TFch7I+WD4l60ypcFa0XJaFbQID
    AQABAoGDSqKtUa6sXze7XBnDYN/i151wluOX9qaHIKo/W4Qfu2fUBZm0z9Wfnqp+
    k+PODyX0yq5/b0WM3RhcMRksFn5fBgzYHEmAj8IHhDsjavNtiv8nIl6EF2PfuT1p
    6iEpo8IS15dp6j5AKH4Zmnq6TRYiqdaz/ry/kpQrmeJym83KksujZWUCQg85t5gJ
    UWvswuNIG2tHWEqiKZvSAnq4owO53lsK3LSl04447bjB+sPqHb1+HVC4QyPjYs/0
    3z9aUYLa+pu5IXpz1wJCDRgWT4vQ1Y0BmZjIyxfEwDVOYripRirMowgWiU+YLCrh
    FOc5k+MGmJMEN7TuxErewk0yzLy658xMn4kRseshAGhbAkIBClKPIuPbWfwfB4hI
    FkHkJ5xsNzdQJ1mMIaEd22olNcd0ylMD8s0tocuSbRGXuF9uDlVsHDE85PD43fmN
    tmKhOVUCQgG6H5c2VcEU7BUaNcGzzNudLE2RFaKPmpYWRwKtYODSdwWOyeVbmE8f
    dPrz/lodlewCyqR+cBiKtcCFD7Rr0tp+6QJCALZlz954leZ6UKkdeOiTb+fVFpsq
    DNNALCL4VJ7XcJJMpjgSKYv9sr1C43nifr1M4YDH+B3NFRF+FWdVodaseOKF
    -----END RSA PRIVATE KEY-----
2018-09-27 18:23:08 +01:00
Jaeden Amero
3725bb2d6d rsa: pss: Enable use of big hashes with small keys
It should be valid to RSASSA-PSS sign a SHA-512 hash with a 1024-bit or
1032-bit RSA key, but with the salt size being always equal to the hash
size, this isn't possible: the key is too small.

To enable use of hashes that are relatively large compared to the key
size, allow reducing the salt size to no less than the hash size minus 2
bytes. We don't allow salt sizes smaller than the hash size minus 2
bytes because that too significantly changes the security guarantees the
library provides compared to the previous implementation which always
used a salt size equal to the hash size. The new calculated salt size
remains compliant with FIPS 186-4.

We also need to update the "hash too large" test, since we now reduce
the salt size when certain key sizes are used. We used to not support
1024-bit keys with SHA-512, but now we support this by reducing the salt
size to 62. Update the "hash too large" test to use a 1016-bit RSA key
with SHA-512, which still has too large of a hash because we will not
reduce the salt size further than 2 bytes shorter than the hash size.

The RSA private key used for the test was generated using "openssl
genrsa 1016" using OpenSSL 1.1.1-pre8.

    $ openssl genrsa 1016
    Generating RSA private key, 1016 bit long modulus (2 primes)
    ..............++++++
    ....++++++
    e is 65537 (0x010001)
    -----BEGIN RSA PRIVATE KEY-----
    MIICVwIBAAKBgACu54dKTbLxUQBEQF2ynxTfDze7z2H8vMmUo9McqvhYp0zI8qQK
    yanOeqmgaA9iz52NS4JxFFM/2/hvFvyd/ly/hX2GE1UZpGEf/FnLdHOGFhmnjj7D
    FHFegEz/gtbzLp9X3fOQVjYpiDvTT0Do20EyCbFRzul9gXpdZcfaVHNLAgMBAAEC
    gYAAiWht2ksmnP01B2nF8tGV1RQghhUL90Hd4D/AWFJdX1C4O1qc07jRBd1KLDH0
    fH19WocLCImeSZooGCZn+jveTuaEH14w6I0EfnpKDcpWVAoIP6I8eSdAttrnTyTn
    Y7VgPrcobyq4WkCVCD/jLUbn97CneF7EHNspXGMTvorMeQJADjy2hF5SginhnPsk
    YR5oWawc6n01mStuLnloI8Uq/6A0AOQoMPkGl/CESZw+NYfe/BnnSeckM917cMKL
    DIKAtwJADEj55Frjj9tKUUO+N9eaEM1PH5eC7yakhIpESccs/XEsaDUIGHNjhctK
    mrbbWu+OlsVRA5z8yJFYIa7gae1mDQJABjtQ8JOQreTDGkFbZR84MbgCWClCIq89
    5R3DFZUiAw4OdS1o4ja+Shc+8DFxkWDNm6+C63g/Amy5sVuWHX2p9QI/a69Cxmns
    TxHoXm1w9Azublk7N7DgB26yqxlTfWJo+ysOFmLEk47g0ekoCwLPxkwXlYIEoad2
    JqPh418DwYExAkACcqrd9+rfxtrbCbTXHEizW7aHR+fVOr9lpXXDEZTlDJ57sRkS
    SpjXbAmylqQuKLqH8h/72RbiP36kEm5ptmw2
    -----END RSA PRIVATE KEY-----
2018-09-27 18:23:08 +01:00
Simon Butcher
0592ea772a Merge remote-tracking branch 'public/pr/1140' into development 2018-09-27 11:37:42 +01:00
Simon Butcher
c86993e33c Merge remote-tracking branch 'public/pr/1970' into development 2018-09-27 09:48:54 +01:00