mbedtls

mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-24 00:45:50 +01:00

Author	SHA1	Message	Date
Gilles Peskine	c4cb493174	Cleaned up negative test predicate for test case The test infrastructure does support negative predicates for test cases, thanks to Andreas for letting me know.	2017-06-06 19:09:04 +02:00
Gilles Peskine	7344e1bd05	SHA-1 deprecation: allow it in key exchange By default, keep allowing SHA-1 in key exchange signatures. Disabling it causes compatibility issues, especially with clients that use TLS1.2 but don't send the signature_algorithms extension. SHA-1 is forbidden in certificates by default, since it's vulnerable to offline collision-based attacks.	2017-06-06 19:09:02 +02:00
Gilles Peskine	e7375ef314	X.509 tests: obey compile-time SHA-1 support option There is now one test case to validate that SHA-1 is rejected in certificates by default, and one test case to validate that SHA-1 is supported if MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 is #defined.	2017-06-06 19:08:23 +02:00
Gilles Peskine	559674ce48	Test that X.509 verification rejects SHA-256 by default	2017-06-06 19:08:23 +02:00
Gilles Peskine	dd57d75dfa	Allow SHA-1 in X.509 and TLS tests SHA-1 is now disabled by default in the X.509 layer. Explicitly enable it in our tests for now. Updating all the test data to SHA-256 should be done over time.	2017-06-06 19:08:23 +02:00
Janos Follath	a841d75aad	Add unit tests for X509 certificate date parsing	2017-02-28 14:17:32 +00:00
Simon Butcher	d352e6dfcc	Merge branch 'mbedtls-2.1-iotssl-1071-ca-flags' Fixes a regression introduced by an earlier commit that modified x509_crt_verify_top() to ensure that valid certificates that are after past or future valid in the chain are processed. However the change introduced a change in behaviour that caused the verification flags MBEDTLS_X509_BADCERT_EXPIRED and MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in the verification regardless of the cause. The fix maintains both behaviours: * Ensure that valid certificates after future and past are verified * Ensure that the correct verification flags are set.	2017-02-27 20:24:55 +00:00
Andres AG	3da3b6eccb	Add tests for out flags from x509_crt_verify_top() The tests load certificate chains from files. The CA chains contain a past or future certificate and an invalid certificate. The test then checks that the flags set are MBEDTLS_X509_BADCERT_EXPIRED or MBEDTLS_X509_BADCERT_FUTURE.	2017-01-20 16:38:25 +00:00
Andres AG	978bdf9575	Add test for infinite loop in CRL parse	2017-01-19 17:13:36 +00:00
Andres AG	53d77130fc	Add check for validity of date in x509_get_time()	2016-10-13 16:24:12 +01:00
Simon Butcher	8b459923ac	Add missing dependencies to X509 Parse test suite for P-384 curve The test script curves.pl was failing on testing dependencies for the P-384 curve on the new test cases introduced by `ede75f0` and `884b4fc`.	2016-07-15 12:53:25 +01:00
Janos Follath	e223527da0	X509: Future CA among trusted: add more tests	2016-07-14 12:02:56 +01:00
Janos Follath	38921c8837	X509: Future CA among trusted: add unit tests	2016-07-14 12:02:50 +01:00
Janos Follath	f6f5441fd1	x509: trailing bytes in DER: correct a unit test One of the unit test was failing, because it was testing behavior that was part of the bug. Updated the return value to the correct one	2016-03-15 23:48:25 +00:00
Manuel Pégourié-Gonnard	3cb2074a82	Add test case for root with max_pathlen=0 This was already working but not tested so far (Test case from previous commit still failing.) Test certificates generated with: programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \ issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \ selfsign=1 max_pathlen=0 programs/x509/cert_write serial=92 output_file=cert92.crt \ issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \ subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK" mv cert9?.crt tests/data_files/dir4 rm cert9?.key	2015-11-19 11:25:30 +01:00
Manuel Pégourié-Gonnard	922cd9ba36	Add test case for first intermediate max_pathlen=0 !!! This test case is currently failing !!! (See fix in next-next commit.) Test certificates generated with the following script: programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \ issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \ selfsign=1 programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \ issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \ subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \ max_pathlen=0 programs/x509/cert_write serial=83 output_file=cert83.crt \ issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \ subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK" mv cert8?.crt tests/data_files/dir4 rm cert8?.key	2015-11-19 11:25:27 +01:00
Manuel Pégourié-Gonnard	fd1f9e735e	Fix whitespace at EOL issues	2015-11-02 05:55:58 +09:00
Manuel Pégourié-Gonnard	841caf1b74	Use symbolic constants in test data	2015-11-02 05:55:39 +09:00
Janos Follath	36f1234d96	Additional corner cases for testing pathlen constrains. Just in case.	2015-11-02 05:55:15 +09:00
Janos Follath	c7bea3158a	Added test case for pathlen constrains in intermediate certificates	2015-11-02 05:55:02 +09:00
Manuel Pégourié-Gonnard	93080dfacf	Fix missing check for RSA key length on EE certs - also adapt tests to use lesser requirement for compatibility with old testing material	2015-10-28 13:22:32 +01:00
Manuel Pégourié-Gonnard	fdbdd72b8b	Skip to trusted certs early in the chain This helps in the case where an intermediate certificate is directly trusted. In that case we want to ignore what comes after it in the chain, not only for performance but also to avoid false negatives (eg an old root being no longer trusted while the newer intermediate is directly trusted). closes #220	2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard	560fea3767	Add tests for verify callback As we're about to change the chain construction logic, we want to make sure the callback will still be called exactly when it should, and not on the (upcoming) ignored certs in the chain.	2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard	052d10c9d5	Accept a trailing space at end of PEM lines With certs being copy-pasted from webmails and all, this will probably become more and more common. closes #226	2015-07-31 11:11:26 +02:00
Manuel Pégourié-Gonnard	655a964539	Adapt check_key_usage to new weird bits	2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard	9a702255f4	Add parsing/printing for new X.509 keyUsage flags	2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard	d5f38b045d	Fix dependencies on time on x509 test suite	2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard	cbb1f6e5cb	Implement cert profile checking	2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard	9505164ef4	Create cert profile API (unimplemented yet)	2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard	bc7bbbc85a	Remove duplicated tests for x509_verify_info()	2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard	c730ed3f2d	Rename boolean functions to be clearer	2015-06-02 10:38:50 +01:00
Manuel Pégourié-Gonnard	e6028c93f5	Fix some X509 macro names For some reason, during the great renaming, some names that should have been prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_	2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard	e75fa70b36	Merge branch 'mbedtls-1.3' into development * mbedtls-1.3: Make results of (ext)KeyUsage accessible Use x509_crt_verify_info() in programs Add x509_crt_verify_info() Conflicts: ChangeLog include/mbedtls/x509_crt.h include/polarssl/ssl.h include/polarssl/x509.h library/ssl_srv.c library/ssl_tls.c library/x509_crt.c programs/ssl/ssl_client1.c programs/ssl/ssl_client2.c programs/ssl/ssl_mail_client.c programs/ssl/ssl_server2.c programs/test/ssl_cert_test.c programs/x509/cert_app.c tests/ssl-opt.sh tests/suites/test_suite_x509parse.function	2015-04-20 11:51:34 +01:00
Manuel Pégourié-Gonnard	b5f48ad82f	manually merge `39a183a` add x509_crt_verify_info()	2015-04-20 11:22:57 +01:00
Manuel Pégourié-Gonnard	39a183a629	Add x509_crt_verify_info()	2015-04-17 17:24:25 +02:00
Manuel Pégourié-Gonnard	2cf5a7c98e	The Great Renaming A simple execution of tmp/invoke-rename.pl	2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard	932e3934bd	Fix typos & Co	2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard	39ead3ef2f	Add test certificate for bitstring in DN	2015-03-27 13:11:33 +01:00
Manuel Pégourié-Gonnard	555fbf8758	Support composite RDNs in X.509 certs parsing	2015-02-04 17:11:55 +00:00
Manuel Pégourié-Gonnard	5c2aa10c15	Fix curve dependency issues in X.509 test suite	2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard	57a5d60abb	Add tests for concatenated CRLs	2014-11-19 16:08:34 +01:00
Manuel Pégourié-Gonnard	8a5e3d4a40	Forbid repeated X.509 extensions	2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard	b134060f90	Fix memory leak with crafted X.509 certs	2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard	0369a5291b	Fix uninitialised pointer dereference	2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard	9c911da68f	Add tests for X.509 name encoding mismatch	2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard	5d8618539f	Fix memory leak while parsing some X.509 certs	2014-10-17 12:41:41 +02:00
Paul Bakker	5a5fa92bfe	x509_crt_parse() did not increase total_failed on PEM error Result was that PEM errors in files with multiple certificates were not detectable by the user.	2014-10-03 15:47:13 +02:00
Paul Bakker	d153ef335f	Missing dependencies on POLARSSL_ECP_C fixed	2014-08-18 12:00:28 +02:00
Paul Bakker	237a847f1c	Fix typos in comments	2014-06-25 14:45:24 +02:00
Manuel Pégourié-Gonnard	d249b7ab9a	Restore ability to trust non-CA selfsigned EE cert	2014-06-25 11:26:13 +02:00

1 2 3 4

165 Commits