Commit Graph

1223 Commits

Author SHA1 Message Date
Simon Butcher
fbb9837ad5 Update the version number to 2.1.8 2017-06-20 23:31:06 +01:00
Manuel Pégourié-Gonnard
1defa8fd6d Merge remote-tracking branch 'restricted/iotssl-1138-rsa-padding-check-2.1-restricted' into mbedtls-2.1-restricted
* restricted/iotssl-1138-rsa-padding-check-2.1-restricted:
  RSA PKCS1v1.5 verification: check padding length
2017-06-08 20:33:53 +02:00
Manuel Pégourié-Gonnard
ebe391d1cd Merge remote-tracking branch 'hanno/sliding_exponentiation_backport-2.1' into mbedtls-2.1
* hanno/sliding_exponentiation_backport-2.1:
  Adapt ChangeLog
  Abort modular inversion when modulus is one.
  Correct sign in modular exponentiation algorithm.
2017-06-08 19:49:50 +02:00
Manuel Pégourié-Gonnard
55393666a1 Fix issue in testing SHA-1 compile-time option 2017-06-08 18:11:57 +02:00
Hanno Becker
61c0c70418 Add tests for missing CA chains and bad curves.
This commit adds four tests to tests/ssl-opt.sh:
(1) & (2): Check behaviour of optional/required verification when the
trusted CA chain is empty.
(3) & (4): Check behaviour of optional/required verification when the
client receives a server certificate with an unsupported curve.
2017-06-07 11:36:12 +01:00
Manuel Pégourié-Gonnard
b55f613601 Merge remote-tracking branch 'gilles/iotssl-1223/mbedtls-2.1' into mbedtls-2.1
* gilles/iotssl-1223/mbedtls-2.1:
  Fix FALLBACK_SCSV parsing
2017-06-06 20:12:51 +02:00
Manuel Pégourié-Gonnard
5e0144f2ef Fix bug in backport from SHA-1 blacklisting 2017-06-06 19:35:34 +02:00
Gilles Peskine
c4cb493174 Cleaned up negative test predicate for test case
The test infrastructure does support negative predicates for test
cases, thanks to Andreas for letting me know.
2017-06-06 19:09:04 +02:00
Gilles Peskine
b49351d1aa all.sh: test with SHA-1 enabled
Enabling SHA-1 for certificates is deprecated but we still want it to work.

Thanks to @andresag01
2017-06-06 19:09:04 +02:00
Gilles Peskine
7344e1bd05 SHA-1 deprecation: allow it in key exchange
By default, keep allowing SHA-1 in key exchange signatures. Disabling
it causes compatibility issues, especially with clients that use
TLS1.2 but don't send the signature_algorithms extension.

SHA-1 is forbidden in certificates by default, since it's vulnerable
to offline collision-based attacks.
2017-06-06 19:09:02 +02:00
Gilles Peskine
9bb4f2835c Document test data makefile 2017-06-06 19:08:23 +02:00
Gilles Peskine
e7375ef314 X.509 tests: obey compile-time SHA-1 support option
There is now one test case to validate that SHA-1 is rejected in
certificates by default, and one test case to validate that SHA-1 is
supported if MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 is #defined.
2017-06-06 19:08:23 +02:00
Gilles Peskine
35db5bae2c Allow SHA-1 in test scripts 2017-06-06 19:08:23 +02:00
Gilles Peskine
ae76599686 Test that SHA-1 defaults off
Added tests to validate that certificates signed using SHA-1 are
rejected by default, but accepted if SHA-1 is explicitly enabled.
2017-06-06 19:08:23 +02:00
Gilles Peskine
559674ce48 Test that X.509 verification rejects SHA-256 by default 2017-06-06 19:08:23 +02:00
Gilles Peskine
dd57d75dfa Allow SHA-1 in X.509 and TLS tests
SHA-1 is now disabled by default in the X.509 layer. Explicitly enable
it in our tests for now. Updating all the test data to SHA-256 should
be done over time.
2017-06-06 19:08:23 +02:00
Gilles Peskine
83ed596d62 Added SHA256 test certificates
With SHA-1 deprecation, we need a few certificates using algorithms in
the default support list. Most tests still use SHA-1 though.

The generation process for the new certificates is recorded in the makefile.
2017-06-06 19:08:23 +02:00
Gilles Peskine
39e2981b22 Fix FALLBACK_SCSV parsing
Fixed a bug in ssl_srv.c when parsing TLS_FALLBACK_SCSV in the
ciphersuite list that caused it to miss it sometimes. Reported by Hugo
Leisink as issue #810. Fix initially by @andreasag01; this commit
isolates the bug fix and adds a non-regression test.
2017-05-16 18:03:02 +02:00
Andres Amaya Garcia
d8fcfe7850 Fix check-doxy-blocks.pl to run from root dir
Modify tests/scripts/check-doxy-blocks.pl to ensure that:
  * It can only be run from the mbed TLS root directory.
  * An error code is returned to the environment when a potential error
    in the source code is found.
2017-05-13 19:22:03 +01:00
Manuel Pégourié-Gonnard
230ee31a54 RSA PKCS1v1.5 verification: check padding length
The test case was generated by modifying our signature code so that it
produces a 7-byte long padding (which also means garbage at the end, so it is
essential to check that the error that is detected first is indeed the
padding rather than the final length check).
2017-05-11 13:33:13 +02:00
Hanno Becker
2938ccbdd8 Abort modular inversion when modulus is one.
The modular inversion function hangs when provided with the modulus 1. This commit refuses this modulus with a BAD_INPUT error code. It also adds a test for this case.
2017-05-11 11:23:48 +01:00
Hanno Becker
2a8d655664 Correct sign in modular exponentiation algorithm.
The modular exponentiation function  handled the sign incorrectly. This commit fixes this and a test case which should have caught it.
2017-05-11 11:23:48 +01:00
Simon Butcher
2323477699 Update version number to 2.1.7 for release 2017-03-08 16:29:31 +00:00
Andres AG
e0545c30dd Fix buffer overflow in mbedtls_mpi_write_string()
Fix a buffer overflow when writting a string representation of an MPI
number to a buffer in hexadecimal. The problem occurs because hex
digits are written in pairs and this is not accounted for in the
calculation of the required buffer size when the number of digits is
odd.
2017-03-02 22:58:05 +00:00
Andres AG
46efbff2c1 Fix failing pkparse test case
The first three test cases from test_suites_pkparse.data failed because
the key file they read requires DES to be read. However, MBEDTLS_DES_C
was missing from the dependency list.
2017-03-02 21:11:16 +00:00
Janos Follath
c7fb230fa4 Add invalid key tests for curve SECP224K1
This curve has special arithmetic on 64 bit platforms and an untested
path lead to trying to free a buffer on the stack.

For the sake of completeness, a test case for a point with non-affine
coordinates has been added as well.
2017-02-28 18:55:25 +00:00
Janos Follath
a841d75aad Add unit tests for X509 certificate date parsing 2017-02-28 14:17:32 +00:00
Simon Butcher
d352e6dfcc Merge branch 'mbedtls-2.1-iotssl-1071-ca-flags'
Fixes a regression introduced by an earlier commit that modified
x509_crt_verify_top() to ensure that valid certificates that are after past or
future valid in the chain are processed. However the change introduced a change
in behaviour that caused the verification flags MBEDTLS_X509_BADCERT_EXPIRED and
MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in the
verification regardless of the cause.

The fix maintains both behaviours:

 * Ensure that valid certificates after future and past are verified
 * Ensure that the correct verification flags are set.
2017-02-27 20:24:55 +00:00
Simon Butcher
f26f0e3d02 Merge branch 'mbedtls-2.1-iotssl-1077-dos-crl'
Modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM
format with trailing characters after the footer does not result in the
execution of an infinite loop.
2017-02-26 01:31:47 +00:00
Andres AG
b8ba86162a Add PK tests to avoid hashlen overflow for RSA 2017-02-25 20:37:43 +00:00
Andres AG
85041738e4 Add DTLS test to check 6 byte record ctr is cmp
Add a test to ssl-opt.sh to ensure that in DTLS a 6 byte record counter
is compared in ssl_check_ctr_renegotiate() instead of a 8 byte one as in
the TLS case. Because currently there are no testing facilities to check
that renegotiation routines are triggered after X number of input/output
messages, the test consists on setting a renegotiation period that
cannot be represented in 6 bytes, but whose least-significant byte is 2.
If the library behaves correctly, the renegotiation routines will be
executed after two exchanged.
2017-02-25 20:07:38 +00:00
Simon B
31ea513dce Remove need for elevated command line in Windows
Changes use of mklink in Windows test builds, to create junctions instead of
directory symbolic links. This removes the need for an elevated command prompt
when running cmake to create the Visual Studio project files.
2017-02-20 21:47:29 +00:00
Simon B
5e20b82395 Fix config of compiler warning flags with MSVC
Compiler warnings were being configured twice and not suppressed on the
test suites with Microsoft Visual Studio.
2017-02-20 21:47:29 +00:00
Nicholas Wilson
0a5ff55537 Allow test suites to be run on Windows
For a start, they don't even compile with Visual Studio due to strcasecmp
being missing.  Secondly, on Windows Perl scripts aren't executable and have
to be run using the Perl interpreter directly; thankfully CMake is able to
find cygwin Perl straight away without problems.
2017-02-20 21:47:29 +00:00
Andres AG
f083b31fb3 Fix generate_code.pl to handle escaped : 2017-02-02 14:43:44 +00:00
Andres AG
3da3b6eccb Add tests for out flags from x509_crt_verify_top()
The tests load certificate chains from files. The CA chains contain a
past or future certificate and an invalid certificate. The test then
checks that the flags set are MBEDTLS_X509_BADCERT_EXPIRED or
MBEDTLS_X509_BADCERT_FUTURE.
2017-01-20 16:38:25 +00:00
Andres AG
978bdf9575 Add test for infinite loop in CRL parse 2017-01-19 17:13:36 +00:00
Andres AG
d5d6a3054b Add tests for overreads in pem_read_buffer() 2016-11-21 11:09:47 +00:00
Simon B
41ce6e6076 Remove need for elevated command line in Windows
Changes use of mklink in Windows test builds, to create junctions instead of
directory symbolic links. This removes the need for an elevated command prompt
when running cmake to create the Visual Studio project files.
2016-11-17 16:05:25 +00:00
Simon B
e2e2db4348 Fix config of compiler warning flags with MSVC
Compiler warnings were being configured twice and not suppressed on the
test suites with Microsoft Visual Studio.
2016-11-10 15:38:52 +00:00
Nicholas Wilson
44ea01110c Allow test suites to be run on Windows
For a start, they don't even compile with Visual Studio due to strcasecmp
being missing.  Secondly, on Windows Perl scripts aren't executable and have
to be run using the Perl interpreter directly; thankfully CMake is able to
find cygwin Perl straight away without problems.
2016-11-10 15:38:52 +00:00
Simon Butcher
016a0d3b6f Update library version number to 2.1.6 2016-10-17 15:44:26 +01:00
Simon Butcher
8bd467c47d Merge branch 'mbedtls-2.1' 2016-10-17 13:51:27 +01:00
Simon Butcher
d7f1902342 Updated test script all.sh
Changes to increase the release test coverage and also allow testing with
two different versions of OpenSSL and GNUTLS for legacy features.
2016-10-14 10:48:17 +01:00
Andres AG
53d77130fc Add check for validity of date in x509_get_time() 2016-10-13 16:24:12 +01:00
Simon Butcher
d9d0cda9fe Merge branch 'mbedtls-2.1' 2016-10-13 10:35:52 +01:00
Janos Follath
6d3e3389e5 Add simple test for repeated IVs when using AEAD
In a USENIX WOOT '16 paper the authors exploit implementation
mistakes that cause Initialisation Vectors (IV) to repeat. This
did not happen in mbed TLS, and this test makes sure that this
won't happen in the future either.

A new test option is introduced to ssl-opt.sh that checks the server
and client logs for a pattern and fails in case there are any
duplicates in the lines following the matching ones. (This is
necessary because of the structure of the logging)

Added a test case as well to utilise the new option. This test forces
the TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 ciphersuite to make the
client and the server use an AEAD cipher.

Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
2016-10-13 10:26:58 +01:00
Janos Follath
95b303648c Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 00:58:09 +01:00
Andres AG
effb5582dd Add test for bounds in X509 DER write funcs 2016-10-11 16:52:06 +01:00
Simon Butcher
8b459923ac Add missing dependencies to X509 Parse test suite for P-384 curve
The test script curves.pl was failing on testing dependencies for the P-384
curve on the new test cases introduced by ede75f0 and 884b4fc.
2016-07-15 12:53:25 +01:00