Commit Graph

1932 Commits

Author SHA1 Message Date
Simon Butcher
d812fa69d9 Introduce a CMAC specific test suite 2016-10-05 14:19:18 +01:00
Andres AG
4b76aecaf3 Add check for validity of date in x509_get_time() 2016-09-28 14:32:54 +01:00
Andres AG
93012e8bce Set selftest verbose flag to boost coverage 2016-09-27 17:29:22 +01:00
Simon Butcher
b7f45c54a7 Fixes for entropy test suite for some configurations
Changes to allow the entropy tests to work for configurations without an
entropy seed file (MBEDTLS_ENTROPY_NV_SEED), and with no entropy sources
configured (MBEDTLS_TEST_NULL_ENTROPY).
2016-09-15 18:42:26 +01:00
Simon Butcher
7dda0dd038 Fix typo in dependency in test_suite_debug.data 2016-09-04 15:14:38 +01:00
palaviv
f180df99a9 Added needed ECDSA dependencies to test_suite_x509parse.data 2016-09-04 15:14:38 +01:00
palaviv
00cb9c5c08 Added needed HASH dependencies to tests/suites/test_suite_pkparse.data 2016-09-04 15:14:38 +01:00
palaviv
1472f11608 Added needed HASH dependencies to test_suite_debug.data 2016-09-04 15:14:38 +01:00
palaviv
a07ecda04e Added needed HASH dependencies to test_suite_x509parse.data 2016-09-04 15:14:38 +01:00
Andres AG
e7723ec284 Make entropy bias self test poll multiple times
Instead of polling the hardware entropy source a single time and
comparing the output with itself, the source is polled at least twice
and make sure that the separate outputs are different.
2016-08-30 16:50:48 +01:00
Andres AG
b34e42e69e Add a new self test to entropy module
The self test is a quick way to check at startup whether the entropy
sources are functioning correctly. The self test only polls 8 bytes
from the default entropy source and performs the following checks:

- The bytes are not all 0x00 or 0xFF.
- The hardware does not return an error when polled.
- The entropy does not provide data in a patter. Only check pattern
  at byte, word and long word sizes.
2016-08-30 16:50:48 +01:00
Andres AG
99b257ca19 Fix memory leak in test_suite_md.function 2016-08-26 17:21:14 +01:00
Paul Bakker
50157ff5ab Add new timing test suite that runs the timing self test 2016-08-25 16:36:35 +01:00
Paul Bakker
81c60910e1 Run PKCS#5 selftest in test suites 2016-08-25 16:36:35 +01:00
Simon Butcher
80cd444978 Adds missing dependency to AES special case tests
Added MBEDTLS_AES_C to the AES cipher special behaviours test case.
2016-08-25 15:42:28 +01:00
Paul Bakker
5c57e02b1d Fix style issues in test_suite_md.function 2016-08-25 15:42:28 +01:00
Paul Bakker
6a9c725652 Add Cipher layer corner case test coverage 2016-08-25 15:42:28 +01:00
Paul Bakker
185ccf7070 Add coverage for CTR-DRBG corner case function behaviours 2016-08-25 15:42:28 +01:00
Paul Bakker
ec5ceb65d6 Test invalid bit value in mbedtls_mpi_set_bit() 2016-08-25 15:42:28 +01:00
Paul Bakker
c7d6bd4b5f Add mbedtls_asn1_write_len() support for 3 and 4 byte lengths
As a consequence also adds coverage for reading 3 and 4 byte lengths
(which were not covered before)
2016-08-25 15:42:27 +01:00
Paul Bakker
5e8b77cd8c Test result of mbedtls_asn1_write_len() through mbedtls_asn1_get_len() 2016-08-25 15:42:27 +01:00
Paul Bakker
58bfb83bb0 Add buffer length tests for mbedtls_asn1_write_len() 2016-08-25 15:42:27 +01:00
Paul Bakker
e325db9055 Add explicit test coverage for mbedtls_asn1_write_len() 2016-08-25 15:42:27 +01:00
Paul Bakker
97c53c2867 Add coverage testing of mbedtls_md_clone() (and wraps)
+13 functions, +57 lines
2016-08-25 15:42:27 +01:00
Paul Bakker
e35afa28f7 Update *_multi tests in test_suite_md to do more than 1 step 2016-08-25 15:42:27 +01:00
Simon Butcher
905cef6c2c Changed library version number to 2.3.0 2016-06-27 19:36:45 +01:00
Simon Butcher
ab069c6b46 Merge branch 'development' into development-restricted 2016-06-23 21:42:26 +01:00
Simon Butcher
02c4a38013 Corrects missing dependency for MBEDTLS_CIPHER_MODE_CBC in some tests 2016-06-23 02:41:31 +01:00
Janos Follath
15ab7ed0f3 Merge branch 'development' into development-restricted
Conflicts:
	programs/pkey/rsa_decrypt.c
	programs/pkey/rsa_encrypt.c
	programs/test/selftest.c
2016-06-14 09:20:46 +01:00
Paul Bakker
c568762a5c Fix dependency on MBEDTLS_ENTROPY_SHA512_ACCUMULATOR in test suite 2016-06-07 13:00:43 +01:00
Paul Bakker
b598c293ce Fix dependency guard for test 2016-06-01 16:57:11 +01:00
Paul Bakker
4a6c6fc72d Properly gate NV_SEED additions in test suite 2016-06-01 16:34:50 +01:00
Paul Bakker
ffbfb4c24c Add test cases for NV seed functionality
A standard 'test' that writes a seed file is added so that regular tests
still can succeed. This is in lieu of a 'SUITE_PRE_CODE' kind of
arrangement where a suite can run code before (and after) all other code
runs.

A test is added that checks if we can read and write the standard NV
seed file

A test is added that actually checks if the entropy and seed file values
that are the result of just using the NV seed are the same as the manual
calculation.
2016-06-01 16:34:50 +01:00
Janos Follath
04b591ee79 Merge branch 'development' for weekly test report. 2016-05-31 10:18:41 +01:00
Simon Butcher
65b1fa6b07 Fixes warnings found by Clang static analyser
Also removes annotations in the code to avoid warnings which don't appear to
be needed.
2016-05-23 23:18:26 +01:00
Paul Bakker
774180e14e Fix memory-leak in verbose test framework in case of unexpected input 2016-05-23 14:29:31 +01:00
Paul Bakker
26b60bf7d1 Fox verbose test framework not to duplicate strings if not verbose 2016-05-23 14:29:31 +01:00
Paul Bakker
a30a72f80f Fix verbose test framework mote to use unmet_dep_count for index 2016-05-23 14:29:31 +01:00
Simon Butcher
a557cfb9ad Widens test bounds on memory alloc tests 2016-05-23 14:29:30 +01:00
Simon Butcher
4ec1e8193e Widens test parameters in memory alloc tests 2016-05-23 14:29:30 +01:00
SimonB
214f5c0af2 Additional tests to test stack buffer allocator
Adds additional tests to the test suite for
memory_buffer_alloc.c
2016-05-23 14:29:29 +01:00
SimonB
20273ddc4c Adds reporting of file/line no. in failed tests
Tests in tests/suites will now report the file and line number of
failed test assertions.
2016-05-23 14:29:29 +01:00
Nicholas Wilson
b19bac4d82 Allow test suites to be run on Windows
For a start, they don't even compile with Visual Studio due to strcasecmp
being missing.  Secondly, on Windows Perl scripts aren't executable and have
to be run using the Perl interpreter directly; thankfully CMake is able to
find cygwin Perl straight away without problems.
2016-05-23 14:29:28 +01:00
Simon Butcher
94bafdf834 Merge branch 'development' 2016-05-18 18:40:46 +01:00
Simon Butcher
edb7fd9d76 Fixes stdlib.h dependencies in test suites
Moved stdlib.h in test suites, so platforms that don't support
MBEDTLS_PLATFORM_C would build.
2016-05-17 13:35:51 +01:00
Simon Butcher
c21bec8af4 Merge branch 'development' 2016-05-16 16:15:20 +01:00
Paul Bakker
53f01199e2 Fix memory-leak in verbose test framework in case of unexpected input 2016-05-12 15:59:48 +01:00
Paul Bakker
2a259c63e3 Fox verbose test framework not to duplicate strings if not verbose 2016-05-12 15:55:37 +01:00
Paul Bakker
6e51915187 Fix verbose test framework mote to use unmet_dep_count for index 2016-05-12 15:52:48 +01:00
Paul Bakker
324258fdc8 Merge pull request #353 from NWilson/win-tests
Allow test suites to be run on Windows
2016-05-11 20:09:13 +02:00
Simon Butcher
938f65c452 Merge 'development' into development 2016-05-10 20:58:54 +01:00
Simon Butcher
e9f25c8a60 Widens test bounds on memory alloc tests 2016-05-10 20:57:03 +01:00
Simon Butcher
d96924de9c Widens test parameters in memory alloc tests 2016-05-06 00:22:18 +01:00
SimonB
a0ed709f05 Additional tests to test stack buffer allocator
Adds additional tests to the test suite for
memory_buffer_alloc.c
2016-05-05 14:25:03 +01:00
SimonB
31a6c49139 Adds reporting of file/line no. in failed tests
Tests in tests/suites will now report the file and line number of
failed test assertions.
2016-05-05 14:25:03 +01:00
Simon Butcher
e4a46f696f Merge branch 'development' 2016-04-27 18:44:37 +01:00
Simon Butcher
b2d5dd105d Fixes X509 sample app and SSL test suite
Fixes the X.509 cert_app and the SSL test suite for the non-default
configs which don't build with if MBEDTLS_PLATFORM_C isn't defined.
2016-04-27 13:35:37 +01:00
SimonB
1594210a49 Adds better support to debug generated code
The commit adds to the generate_code.pl script support to add #line directives
to generated code to allow build breaks to be more easily found from the
generated code.
2016-04-26 14:46:56 +01:00
Simon Butcher
956420d6e6 Merge branch 'development' 2016-04-19 19:29:09 +01:00
Janos Follath
55abc21521 Fix ci break in builds without platform.h 2016-04-19 15:15:53 +01:00
Simon Butcher
2300776816 Merge branch 'development' 2016-04-19 10:39:36 +01:00
Janos Follath
f5e254a9ff Remove unused code from PKCS1v15 test suite 2016-04-18 10:00:55 +01:00
SimonB
8ca7bc42d0 Adds verbose mode to the test suites
Added a verbose option to the generated test suites which can list the
dependencies not met for skipped test cases.
Also clarifies internal interfaces between the main_test.function and test code,
and fixed a bug on calculating available tests in run-test-suites.pl.
2016-04-17 23:24:50 +01:00
Simon Butcher
3f5c875654 Adds test for odd bit length RSA key size
Also tidy up ChangeLog following review.
2016-04-15 19:06:59 +01:00
Simon Butcher
0914ac47d2 Add missing config dependencies to PKCS1 V15 tests 2016-04-13 14:49:25 +01:00
Janos Follath
e6aef9fa70 Add tests to cover PKCS1 v1.5 signature functions.
The reported memory leak should have been spotted by
make memcheck
But it wasn't. Keeping the tests for better coverage.
2016-04-11 23:32:26 +01:00
Janos Follath
4c5dccf419 Fix the broken pkcs1 v1.5 test.
The random buffer handed over to the test function was too small
and the remaining bytes were generated by the default (platform
dependant) function.
2016-03-30 00:53:44 +01:00
Simon Butcher
184990c1d4 Merge development into development-restricted 2016-03-16 13:56:00 +00:00
Simon Butcher
4b852db299 Merge branch 'iotssl-629-der-trailing-bytes'
Fixes bug in mbedtls_x509_crt_parse that caused trailing extra data in the
buffer following DER certificates to be included in the raw representation.
2016-03-12 23:28:26 +00:00
Janos Follath
8a49a019b0 Add tests for the bug IOTSSL-619.
The main goal with these tests is to test the bug in question and
they are not meant to test the entire PKCS#1 v1.5 behaviour. To
achieve full test coverage, further test cases are needed.
2016-03-09 21:06:19 +00:00
Simon Butcher
fbe85fe4fa Add missing dependencies to X509 Parse test suite for P-384 curve
The test script curves.pl was failing on testing dependencies for the P-384
curve on the new test cases introduced by ede75f0 and 884b4fc.
2016-03-09 19:32:10 +00:00
Janos Follath
df4bca2029 X509: Future CA among trusted: add more tests 2016-03-09 19:32:10 +00:00
Janos Follath
12c868c5d6 X509: Future CA among trusted: add unit tests 2016-03-09 19:32:10 +00:00
SimonB
0269dad5e5 Refactored test suite template code
Restructed test suite helper and main code to support tests suite helper
functions, changed C++ comments to C-style, and made the generated
source code more navigable.
2016-03-09 19:32:10 +00:00
SimonB
152ea18037 Added support for per test suite helper functions
Added to generate_code.pl:
    - support for per test suite helper functions
    - description of the structure of the files the script uses to construct
      the test suite file
    - delimiters through the source code to make the machine generated code
      easier to understand
2016-03-09 19:32:10 +00:00
Simon Butcher
aad787f1c7 Parameterised the test suite applications
All test suites can now take an arbitrary test file.
2016-03-09 19:32:09 +00:00
Janos Follath
e154f95e03 x509: trailing bytes in DER: correct a unit test
One of the unit test was failing, because it was testing behavior
that was part of the bug. Updated the return value to the correct one
2016-02-17 14:24:28 +00:00
Manuel Pégourié-Gonnard
e9c1b1a3bf Merge remote-tracking branch 'yanesca/iss309' into development
* yanesca/iss309:
  Improved on the previous fix and added a test case to cover both types of carries.
  Removed recursion from fix #309.
  Improved on the fix of #309 and extended the test to cover subroutines.
  Tests and fix added for #309 (inplace mpi doubling).
2016-01-07 13:22:27 +01:00
Simon Butcher
bfafadb45d Change version number to 2.2.1
Changed version for library files and yotta module
2016-01-04 22:26:36 +00:00
Manuel Pégourié-Gonnard
8b4331aa56 Add test case for root with max_pathlen=0
This was already working but not tested so far

(Test case from previous commit still failing.)

Test certificates generated with:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key

programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    selfsign=1 max_pathlen=0
programs/x509/cert_write serial=92 output_file=cert92.crt \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK"

mv cert9?.crt tests/data_files/dir4
rm cert9?.key
2015-11-19 11:10:33 +01:00
Manuel Pégourié-Gonnard
a3aa43da5f Add test case for first intermediate max_pathlen=0
!!! This test case is currently failing !!!
(See fix in next-next commit.)

Test certificates generated with the following script:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key

programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
    max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
    issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
    subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"

mv cert8?.crt tests/data_files/dir4
rm cert8?.key
2015-11-19 10:56:30 +01:00
Nicholas Wilson
733676b978 Allow test suites to be run on Windows
For a start, they don't even compile with Visual Studio due to strcasecmp
being missing.  Secondly, on Windows Perl scripts aren't executable and have
to be run using the Perl interpreter directly; thankfully CMake is able to
find cygwin Perl straight away without problems.
2015-11-14 13:09:01 +00:00
Simon Butcher
8254ed2a9f Change version number to 2.2.0
Changed for library and yotta module
2015-11-04 19:55:40 +00:00
Manuel Pégourié-Gonnard
a8838af8e6 Use own implementation of strsep()
Not available on windows, and strtok() is not a good option
2015-11-02 06:44:24 +09:00
Manuel Pégourié-Gonnard
568f1e7cb3 Merge branch 'iotssl-515-max-pathlen' into development
* iotssl-515-max-pathlen:
  Add Changelog entries for this branch
  Fix a style issue
  Fix whitespace at EOL issues
  Use symbolic constants in test data
  Fixed pathlen contraint enforcement.
  Additional corner cases for testing pathlen constrains. Just in case.
  Added test case for pathlen constrains in intermediate certificates
2015-11-02 05:49:08 +09:00
Janos Follath
6c92268093 Improved on the previous fix and added a test case to cover both types
of carries.
2015-10-30 17:50:12 +01:00
Manuel Pégourié-Gonnard
45777c384d Fix a style issue 2015-10-30 09:24:28 +01:00
Manuel Pégourié-Gonnard
e670f90e48 Fix whitespace at EOL issues 2015-10-30 09:23:19 +01:00
Manuel Pégourié-Gonnard
03dde85c3b Use symbolic constants in test data 2015-10-30 09:18:06 +01:00
Simon Butcher
c87747b675 Removed debug code accidentally left in test code
Removed debug code accidentally left in test_suite_x509parse.function.
2015-10-27 15:16:51 +00:00
Simon Butcher
5f7c34b8b0 Merge branch iotssl-521-keylen-check 2015-10-27 15:14:55 +00:00
Janos Follath
6cbacec3b3 Improved on the fix of #309 and extended the test to cover subroutines. 2015-10-25 12:31:27 +01:00
Janos Follath
044a86bde8 Tests and fix added for #309 (inplace mpi doubling). 2015-10-25 10:58:03 +01:00
Manuel Pégourié-Gonnard
65eefc8707 Fix missing check for RSA key length on EE certs
- also adapt tests to use lesser requirement for compatibility with old
  testing material
2015-10-23 16:19:53 +02:00
Manuel Pégourié-Gonnard
fadacb9d0b Merge branch 'development' into iotssl-461-ecjpake-finalization
* development: (73 commits)
  Bump yotta dependencies version
  Fix typo in documentation
  Corrected misleading fn description in ssl_cache.h
  Corrected URL/reference to MPI library
  Fix yotta dependencies
  Fix minor spelling mistake in programs/pkey/gen_key.c
  Bump version to 2.1.2
  Fix CVE number in ChangeLog
  Add 'inline' workaround where needed
  Fix references to non-standard SIZE_T_MAX
  Fix yotta version dependencies again
  Upgrade yotta dependency versions
  Fix compile error in net.c with musl libc
  Add missing warning in doc
  Remove inline workaround when not useful
  Fix macroization of inline in C++
  Changed attribution for Guido Vranken
  Merge of IOTSSL-476 - Random malloc in pem_read()
  Fix for IOTSSL-473 Double free error
  Fix potential overflow in CertificateRequest
  ...

Conflicts:
	include/mbedtls/ssl_internal.h
	library/ssl_cli.c
2015-10-20 15:00:29 +02:00
Janos Follath
ef4f2588f3 Additional corner cases for testing pathlen constrains. Just in case. 2015-10-11 16:17:27 +02:00
Janos Follath
822b2c33b9 Added test case for pathlen constrains in intermediate certificates 2015-10-11 10:39:15 +02:00
Manuel Pégourié-Gonnard
c4e7d8a381 Bump version to 2.1.2
Yotta version bumped to 2.1.3, as we had to do one more patch release to the
yotta registry to accommodate for dependencies updates.
2015-10-05 19:13:36 +01:00
Manuel Pégourié-Gonnard
50a739f8c3 Add test for base64 output length 2015-09-30 16:31:10 +02:00
Manuel Pégourié-Gonnard
8cea8ad8b8 Bump version to 2.1.1 2015-09-17 11:58:45 +02:00
Manuel Pégourié-Gonnard
cd345898a0 Fix #ifdef in test suite 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
d9802af1d0 Add tests for round 2
Also move one check earlier as it makes more sense
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
3059095e86 Complete tests for reading round one
Also change the code to forbid public keys being 0
2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
bbe4e52c3b Start adding tests for EC J-PAKE round one 2015-09-07 12:43:11 +02:00
Manuel Pégourié-Gonnard
4d8685b4ff Add skeleton for EC J-PAKE module 2015-09-07 12:43:09 +02:00
Manuel Pégourié-Gonnard
aac5502553 Bump version to 2.1.0 2015-09-04 14:33:31 +02:00
Simon Butcher
52754594b6 Merging iotssl-457-badtail with development branch 2015-09-03 13:06:01 +01:00
Manuel Pégourié-Gonnard
fdbdd72b8b Skip to trusted certs early in the chain
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).

closes #220
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
560fea3767 Add tests for verify callback
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.
2015-09-01 17:24:42 +02:00
Manuel Pégourié-Gonnard
4d04cdcd12 Fix RSA mutex fix
Once the mutex is acquired, we must goto cleanup rather that return.
Since cleanup adjusts the return value, adjust that in test cases.

Also, at cleanup we don't want to overwrite 'ret', or we'll loose track of
errors.

see #257
2015-08-31 09:31:55 +02:00
Manuel Pégourié-Gonnard
38db006e0c Finish test in pkwrite 2015-08-19 10:24:34 +02:00
Manuel Pégourié-Gonnard
04b7eec539 Fix pkwrite test that were failing on mingw32
Apparently fread() writes some junk after the contents of the file. Don't look
at it.
2015-08-18 19:49:40 +02:00
Manuel Pégourié-Gonnard
052d10c9d5 Accept a trailing space at end of PEM lines
With certs being copy-pasted from webmails and all, this will probably become
more and more common.

closes #226
2015-07-31 11:11:26 +02:00
Paul Bakker
4cb87f409d Prepare for 2.0.0 release 2015-07-10 14:09:43 +01:00
Manuel Pégourié-Gonnard
a16e7c468c Rename a debug function 2015-06-29 20:14:19 +02:00
Manuel Pégourié-Gonnard
b74c245a20 Rework debug to not need dynamic alloc
But introduces dependency on variadic macros
2015-06-29 20:08:23 +02:00
Manuel Pégourié-Gonnard
4fd0b256a8 Fix dual use of buffer in test
x509_get_name() does not make defensive copies of strings in its input (which
is OK as usually the caller will have made a copy already), so we shouldn't
reuse its input buffer as an output while "parsed" is still alive.
2015-06-26 14:15:48 +02:00
Manuel Pégourié-Gonnard
4b00f08e20 Fix snprintf test
Our Windows implementation based on vsnprintf_s( ..., _TRUNCATE ) sometimes
writes *two* terminating NULLs. Allow for that, but obviously bytes past the
end of the buffer mustn't be touched.
2015-06-26 14:10:13 +02:00
Manuel Pégourié-Gonnard
ac5361f7dc Fix small issues in tests found by Coverity 2015-06-24 01:08:09 +02:00
Manuel Pégourié-Gonnard
fd474233c8 Change SSL debug API in the library 2015-06-23 18:44:11 +02:00
Manuel Pégourié-Gonnard
d23f593737 Avoid static buffer in debug module
Caused issues in threading situations
2015-06-23 13:09:11 +02:00
Manuel Pégourié-Gonnard
655a964539 Adapt check_key_usage to new weird bits 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
9a702255f4 Add parsing/printing for new X.509 keyUsage flags 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
07894338a0 Rename M255 to Curve25519 2015-06-23 13:09:10 +02:00
Manuel Pégourié-Gonnard
9386664543 Move from inttypes.h to stdint.h
Some toolchains do not have inttypes.h, and we only need stdint.h which is a
subset of it.
2015-06-22 23:41:26 +02:00
Manuel Pégourié-Gonnard
e91e21cf1b Simplify code in test suites
Hopefully makes it easier on static analyzers
2015-06-22 18:47:07 +02:00
Manuel Pégourié-Gonnard
7b6dcbe993 Add tests for snprintf
- Added in each tests program to be sure they are run (putting them in a test
  suite/function specific to the platform layer would cause them to be skipped
when PLATFORM_C is not defined).
- Platforms have already moved from a standard to a broken snprintf in the
  past [1], so make sure to catch that if it ever happens again.

[1]: http://sourceforge.net/p/mingw-w64/mailman/message/31241434/
2015-06-22 14:42:04 +02:00
Manuel Pégourié-Gonnard
d5f38b045d Fix dependencies on time on x509 test suite 2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
7580ba475d Add a concept of entropy source strength.
The main goal is, we want and error if cycle counter is the only source.
2015-06-22 14:40:56 +02:00
Manuel Pégourié-Gonnard
c0696c216b Rename mbedtls_mpi_msb to mbedtls_mpi_bitlen 2015-06-18 16:49:37 +02:00
Manuel Pégourié-Gonnard
097c7bb05b Rename relevant global symbols from size to bitlen
Just applying rename.pl with this file:

mbedtls_cipher_get_key_size mbedtls_cipher_get_key_bitlen
mbedtls_pk_get_size mbedtls_pk_get_bitlen
MBEDTLS_BLOWFISH_MIN_KEY MBEDTLS_BLOWFISH_MIN_KEY_BITS
MBEDTLS_BLOWFISH_MAX_KEY MBEDTLS_BLOWFISH_MAX_KEY_BITS
2015-06-18 16:43:38 +02:00
Manuel Pégourié-Gonnard
797f48ace6 Rename ecp_curve_info.size to bit_size 2015-06-18 15:45:05 +02:00
Manuel Pégourié-Gonnard
b31c5f68b1 Add SSL presets.
No need to use a separate profile as in X.509, everything we need is already
in ssl_config. Just load appropriate values.
2015-06-17 14:59:27 +02:00
Manuel Pégourié-Gonnard
cbb1f6e5cb Implement cert profile checking 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
9505164ef4 Create cert profile API (unimplemented yet) 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
bc7bbbc85a Remove duplicated tests for x509_verify_info() 2015-06-17 14:27:38 +02:00
Manuel Pégourié-Gonnard
ba56136b5c Avoid in-out length in base64 2015-06-02 16:30:35 +01:00
Manuel Pégourié-Gonnard
3335205a21 Avoid in-out length in dhm_calc_secret() 2015-06-02 16:17:08 +01:00
Manuel Pégourié-Gonnard
f79b425226 Avoid in-out length parameter in bignum 2015-06-02 15:41:48 +01:00
Manuel Pégourié-Gonnard
c730ed3f2d Rename boolean functions to be clearer 2015-06-02 10:38:50 +01:00
Manuel Pégourié-Gonnard
d14acbc31a Test assumptions we make about the platform
Things that are not guaranteed by the standard but should be true of all
platforms of interest to us:
- 8-bit chars
- NULL pointers represented by all-bits-zero
2015-05-29 12:25:40 +02:00
Manuel Pégourié-Gonnard
cb46fd8216 Avoid non-standard strcasecmp() 2015-05-29 10:18:09 +02:00
Manuel Pégourié-Gonnard
41b9c2b418 Remove individual mdX_file() and shaX_file() 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
bfffa908a6 Implement md_file in the MD layer 2015-05-28 17:28:38 +02:00
Manuel Pégourié-Gonnard
7551cb9ee9 Replace malloc with calloc
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard
5e94ddebbc Create ssl_internal.h and move some functions 2015-05-26 11:57:05 +02:00
Manuel Pégourié-Gonnard
d9e6a3ac10 Rename pk_init_ctx() -> pk_setup() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
8473f87984 Rename cipher_init_ctx() to cipher_setup() 2015-05-14 21:58:34 +02:00
Manuel Pégourié-Gonnard
e6ef16f98c Change X.509 verify flags to uint32_t 2015-05-11 19:54:43 +02:00
Manuel Pégourié-Gonnard
e3a062ba1f Rename ecp_use_known_dp -> mbedtls_ecp_group_load() 2015-05-11 18:46:47 +02:00
Manuel Pégourié-Gonnard
23ee4d65a3 Rm ecp_small tests (use only named groups) 2015-05-11 18:02:58 +02:00
Manuel Pégourié-Gonnard
6729e79482 Rename ssl_set_xxx() to ssl_conf_xxx() 2015-05-11 14:35:41 +02:00
Manuel Pégourié-Gonnard
d36e33fc07 Move easy ssl_set_xxx() functions to work on conf
mbedtls_ssl_set_alpn_protocols
mbedtls_ssl_set_arc4_support
mbedtls_ssl_set_authmode
mbedtls_ssl_set_ciphersuites
mbedtls_ssl_set_ciphersuites_for_version
mbedtls_ssl_set_curves
mbedtls_ssl_set_dbg
mbedtls_ssl_set_dh_param
mbedtls_ssl_set_dh_param_ctx
mbedtls_ssl_set_dtls_anti_replay
mbedtls_ssl_set_dtls_badmac_limit
mbedtls_ssl_set_dtls_cookies
mbedtls_ssl_set_encrypt_then_mac
mbedtls_ssl_set_endpoint
mbedtls_ssl_set_extended_master_secret
mbedtls_ssl_set_handshake_timeout
mbedtls_ssl_legacy_renegotiation
mbedtls_ssl_set_max_version
mbedtls_ssl_set_min_version
mbedtls_ssl_set_psk_cb
mbedtls_ssl_set_renegotiation
mbedtls_ssl_set_renegotiation_enforced
mbedtls_ssl_set_renegotiation_period
mbedtls_ssl_set_session_cache
mbedtls_ssl_set_session_ticket_lifetime
mbedtls_ssl_set_sni
mbedtls_ssl_set_transport
mbedtls_ssl_set_truncated_hmac
mbedtls_ssl_set_verify
2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
419d5ae419 Make endpoint+transport args of config_defaults() 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
def0bbe3ab Allocate ssl_config out of ssl_setup() 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
d5a9e41296 Adapt test_suite_debug to recent changes 2015-05-07 10:19:13 +01:00
Manuel Pégourié-Gonnard
da61ed3346 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Include changes from the 1.2 branch
  Remove unused headers in o_p_test
  Add countermeasure against cache-based lucky 13
  Make results of (ext)KeyUsage accessible
  Fix missing NULL check in MPI
  Fix detection of getrandom()
  Fix "make install" handling of symlinks
  Fix bugs in programs displaying verify flags

Conflicts:
	Makefile
	include/polarssl/ssl.h
	library/entropy_poll.c
	library/ssl_srv.c
	library/ssl_tls.c
	programs/test/o_p_test.c
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
2015-04-30 10:38:44 +02:00
Manuel Pégourié-Gonnard
770b5e1e9e Fix missing NULL check in MPI 2015-04-29 17:02:01 +02:00
Manuel Pégourié-Gonnard
41d479e7df Split ssl_init() -> ssl_setup() 2015-04-29 02:08:34 +02:00
Manuel Pégourié-Gonnard
8d128efd48 Split mbedtls_ctr_drbg_init() -> seed() 2015-04-28 22:38:08 +02:00
Manuel Pégourié-Gonnard
f9e9481bc5 Split mbedtls_hmac_drbg_init() -> seed{,_buf}() 2015-04-28 22:07:14 +02:00
Manuel Pégourié-Gonnard
c34e8dd265 Split mbedtls_gcm_init() -> gcm_setkey() 2015-04-28 21:42:17 +02:00
Manuel Pégourié-Gonnard
6963ff0969 Split mbedtls_ccm_init() -> setkey() 2015-04-28 18:02:54 +02:00
Manuel Pégourié-Gonnard
e6028c93f5 Fix some X509 macro names
For some reason, during the great renaming, some names that should have been
prefixed with MBEDTLS_X509_ have only been prefixed with MBEDTLS_
2015-04-20 12:19:02 +01:00
Manuel Pégourié-Gonnard
e75fa70b36 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Make results of (ext)KeyUsage accessible
  Use x509_crt_verify_info() in programs
  Add x509_crt_verify_info()

Conflicts:
	ChangeLog
	include/mbedtls/x509_crt.h
	include/polarssl/ssl.h
	include/polarssl/x509.h
	library/ssl_srv.c
	library/ssl_tls.c
	library/x509_crt.c
	programs/ssl/ssl_client1.c
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_mail_client.c
	programs/ssl/ssl_server2.c
	programs/test/ssl_cert_test.c
	programs/x509/cert_app.c
	tests/ssl-opt.sh
	tests/suites/test_suite_x509parse.function
2015-04-20 11:51:34 +01:00
Manuel Pégourié-Gonnard
b5f48ad82f manually merge 39a183a add x509_crt_verify_info() 2015-04-20 11:22:57 +01:00
Manuel Pégourié-Gonnard
de9b363fbd Merge branch mbedtls-1.3 into development
* commit '95f0089':
  Update Changelog for DH params
  Add test case for dh params with privateValueLength
  accept PKCS#3 DH parameters with privateValueLength included

Conflicts:
	library/dhm.c
2015-04-17 20:07:22 +02:00
Manuel Pégourié-Gonnard
39a183a629 Add x509_crt_verify_info() 2015-04-17 17:24:25 +02:00
Manuel Pégourié-Gonnard
5119df2022 Add test case for dh params with privateValueLength 2015-04-15 13:50:29 +02:00
Manuel Pégourié-Gonnard
e6c8366b46 Fix bug in pk_parse_key() 2015-04-15 11:21:24 +02:00
Manuel Pégourié-Gonnard
e1e5871a55 Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Fix bug in pk_parse_key()
  Update generated file

Conflicts:
	library/pkparse.c
	library/version_features.c
2015-04-15 10:50:34 +02:00
Manuel Pégourié-Gonnard
924cd100a6 Fix bug in pk_parse_key() 2015-04-14 11:18:04 +02:00
Manuel Pégourié-Gonnard
2cf5a7c98e The Great Renaming
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
6c7af4c200 Fix a few internal name choices 2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard
932e3934bd Fix typos & Co 2015-04-03 18:46:55 +02:00
Manuel Pégourié-Gonnard
26c9f90cae Merge branch 'mbedtls-1.3' into development
* mbedtls-1.3:
  Add missing depends in x509 programs
  Simplify ifdef checks in programs/x509
  Fix thread safety issue in RSA operations
  Add test certificate for bitstring in DN
  Add support for X.520 uniqueIdentifier
  Accept bitstrings in X.509 names
2015-03-31 17:56:15 +02:00
Manuel Pégourié-Gonnard
348bcb3694 Make RSA_ALT support optionnal 2015-03-31 14:01:33 +02:00
Manuel Pégourié-Gonnard
dfdcac9d51 Merge ecdsa_write_signature{,_det}() together 2015-03-31 11:41:42 +02:00
Manuel Pégourié-Gonnard
b8cfe3f0d9 pk_sign() now requires non-NONE md_alg for ECDSA 2015-03-31 11:14:41 +02:00
Manuel Pégourié-Gonnard
39ead3ef2f Add test certificate for bitstring in DN 2015-03-27 13:11:33 +01:00
Manuel Pégourié-Gonnard
19d644b7d1 Add more tests for MD utility functions 2015-03-26 12:42:35 +01:00
Manuel Pégourié-Gonnard
abb674467b Rename md_init_ctx() to md_setup() 2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
4063ceb281 Make hmac_ctx optional
Note from future self: actually md_init_ctx will be re-introduced with the
same signature later, and a new function with the additional argument will be
added.
2015-03-25 21:55:56 +01:00
Manuel Pégourié-Gonnard
ec4a339c2a Remove tests for xxx_hmac() 2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard
40fc4155d3 Add generic HMAC tests from mdx.data
In preparation of moving HMAC to the MD layer, this ensures all tests that are
present in a specific MDx/SHAx suite are now present in the MD suite too.
2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard
a115def330 Fix tests and programs to use md_get_xxx() 2015-03-25 21:37:15 +01:00
Manuel Pégourié-Gonnard
e46c6c38c9 Fix tests to work with DEPRECATED_REMOVED 2015-03-23 14:11:11 +01:00
Manuel Pégourié-Gonnard
079333bf77 Fix use of deprecated function in test 2015-03-20 18:23:56 +00:00
Manuel Pégourié-Gonnard
48d3cef31a Fix use of deprecated function in test 2015-03-20 18:21:12 +00:00
Manuel Pégourié-Gonnard
240b092a6c Drop dummy self_test functions 2015-03-19 15:30:28 +00:00
Manuel Pégourié-Gonnard
b6b16bddc3 Drop pbkdf2 module (superseded by pkcs5) 2015-03-11 11:31:51 +00:00
Manuel Pégourié-Gonnard
f9c1387b9d Drop POLARSSL_ERROR_STRERROR_BC 2015-03-11 10:59:38 +00:00
Manuel Pégourié-Gonnard
7f8099773e Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard
d901d17817 Merge branch 'development' into dtls
* development: (100 commits)
  Update Changelog for the mem-measure branch
  Fix issues introduced when rebasing
  Fix compile error in memory_buffer_alloc_selftest
  Code cosmetics
  Add curve25519 to ecc-heap.sh
  Add curve25519 to the benchmark program
  Fix compile issue when buffer_alloc not available
  New script ecc-heap.sh
  Fix unused variable issue in some configs
  Rm usunused member in private struct
  Add heap usage for PK in benchmark
  Use memory_buffer_alloc() in benchmark if available
  Only define mode_func if mode is enabled (CBC etc)
  PKCS8 encrypted key depend on PKCS5 or PKCS12
  Disable SRV_C for client measurement
  Output stack+heap usage with massif
  Enable NIST_OPTIM by default for config-suite-b
  Refactor memory.sh
  Adapt memory.sh to config-suite-b
  Adapt mini-client for config-suite-b.h
  ...

Conflicts:
	ChangeLog
	include/polarssl/net.h
	library/Makefile
	library/error.c
	library/ssl_tls.c
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	tests/Makefile
2015-02-16 18:44:39 +00:00
Manuel Pégourié-Gonnard
ab025803ed Merge remote-tracking branch 'rich/platform' into development
* rich/platform:
  modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit
  modify programs/*.c to use polarssl_snprintf
2015-02-16 16:10:51 +00:00
Manuel Pégourié-Gonnard
e43187d59d Fix possible fd leak in test file 2015-02-16 09:13:40 +00:00
Rich Evans
012acfc20f modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit 2015-02-13 16:52:49 +00:00
Rich Evans
3d62e72648 fix bug introduced by the addition of snprintf and assert macro which caused tests to fail without polarssl_platform_c defined 2015-02-13 13:50:26 +00:00
Rich Evans
4c09114c32 add macro definition of assert using polarssl_exit 2015-02-13 13:50:26 +00:00
Rich Evans
77d3638497 modify library/memory_buffer_alloc.c, benchmark.c and the tests main code to use polarssl_exit 2015-02-13 13:50:26 +00:00
Rich Evans
6aa04bcd85 modify scripts/* and tests/* to use polarssl_snprintf 2015-02-13 13:50:26 +00:00
Rich Evans
63adb49062 Fix compile warning in tests/
where result_len at tests/suites/test_suite_ccm.function:165 is
potentially uninitialized using gcc-4.8.2.
2015-02-10 14:37:49 +00:00
Rich Evans
ce2f237697 change test function includes to use one convention 2015-02-10 11:28:46 +00:00
Rich Evans
00ab47026b cleanup library and some basic tests. Includes, add guards to includes 2015-02-10 11:28:46 +00:00
Rich Evans
4291445377 fix style issues with tests/suites/helpers.function 2015-02-10 10:14:15 +00:00
Rich Evans
1fef5ff5ec fix always true assertion 2015-02-10 10:14:15 +00:00
Paul Bakker
daae3b749b Prepare for mbed TLS 1.3.10 release 2015-02-08 15:49:54 +01:00
Manuel Pégourié-Gonnard
4eaf8f02bb Merge branch 'development' into dtls
* development:
  Support composite RDNs in X.509 certs parsing
2015-02-05 11:01:37 +00:00
Manuel Pégourié-Gonnard
555fbf8758 Support composite RDNs in X.509 certs parsing 2015-02-04 17:11:55 +00:00
Manuel Pégourié-Gonnard
2a0718d947 Merge branch 'development' into dtls
* development: (46 commits)
  Fix url again
  Fix small bug in base64_encode()
  Fix depend that was checked but not documented
  Fix dependency that was not checked
  Minor gitginore fixes
  Move some ignore patterns to subdirectories
  Ignore CMake/MSVC-related build files.
  Re-categorize changelog entry
  Fix misattribution
  Minor nits with stdout/stderr.
  Add cmake compatibility targets
  Add script for polarssl symlink creation
  Fix more stdio inclusion issues
  Add debug info for cert/suite selection
  Fix possible portability issue
  Fix bug in ssl_get_verify_result()
  aescrypt2.c local char array not initial
  Update Changelog
  Fix mips64 bignum implementation
  Fix usage string of ssl_client2
  ...

Conflicts:
	include/polarssl/ssl.h
	library/CMakeLists.txt
	library/Makefile
	programs/Makefile
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	visualc/VS2010/PolarSSL.sln
	visualc/VS2010/mbedTLS.vcxproj
	visualc/VS6/mbedtls.dsp
	visualc/VS6/mbedtls.dsw
2015-01-29 11:29:12 +00:00
Manuel Pégourié-Gonnard
9ad7b6ebde Rm spurious printf from test function 2015-01-28 15:28:28 +01:00
Rich Evans
920aa9c8ee change more references to (f)printf to polarssl_(f)printf to allow overriding 2015-01-28 15:28:28 +01:00
Rich Evans
3d536ba30c fix main_test.function to use polarssl (f)printf functions 2015-01-28 15:28:27 +01:00
Manuel Pégourié-Gonnard
0ac1d2d5ca Fix error while removing memory.h usage 2015-01-26 16:44:37 +00:00
Manuel Pégourié-Gonnard
d43ccb66fb Quit using deprecated header. 2015-01-23 17:38:09 +00:00
Manuel Pégourié-Gonnard
eab72e2ced Merge branch 'development' into dtls
* development:
  Update copyright
  Fix issue in compat.sh
  Rename doxyfile
  Rename to mbed TLS in tests/
  Rename to mbed TLS in examples
  Remove old test certificates.
  Rename to mbed TLS in the documentation/comments
  Change name to mbed TLS in the copyright notice

Conflicts:
	doxygen/input/doc_mainpage.h
	doxygen/mbedtls.doxyfile
	include/polarssl/version.h
	tests/compat.sh
2015-01-23 10:23:17 +00:00
Manuel Pégourié-Gonnard
e4f6edcda1 Rename to mbed TLS in tests/ 2015-01-22 16:43:54 +00:00
Manuel Pégourié-Gonnard
edb7ed3a43 Merge commit 'd7e2483' into dtls
* commit 'd7e2483': (57 commits)
  Skip signature_algorithms ext if PSK only
  Fix bug in ssl_client2 reconnect option
  Cosmetics in ssl_server2
  Improve debugging message.
  Fix net_usleep for durations greater than 1 second
  Use pk_load_file() in X509
  Create ticket keys only if enabled
  Fix typo in #ifdef
  Clarify documentation a bit
  Fix comment on resumption
  Update comment from draft to RFC
  Use more #ifdef's on CLI_C and SRV_C in ssl_tls.c
  Add recursion.pl to all.sh
  Allow x509_crt_verify_child() in recursion.pl
  Set a compile-time limit to X.509 chain length
  Fix 3DES -> DES in all.sh (+ time estimates)
  Add curves.pl to all.sh
  Rework all.sh to use MSan instead of valgrind
  Fix depends on individual curves in tests
  Add script to test depends on individual curves
  ...

Conflicts:
	CMakeLists.txt
	programs/ssl/ssl_client2.c
2015-01-20 16:52:28 +00:00
Manuel Pégourié-Gonnard
f9c8a606b5 Merge commit '8b9bcec' into dtls
* commit '8b9bcec':
  Stop assuming chars are signed
  Fix len miscalculation in buffer-based allocator
  Fix NULL dereference in buffer-based allocator
  Add test_suite_memory_buffer_alloc
  Add memory_buffer_alloc_self_test()
  Fix missing bound check
  Add test for ctr_drbg_update() input sanitizing
  Refactor for clearer correctness/security
  Stop assuming chars are signed

Conflicts:
	library/ssl_tls.c
2015-01-20 16:38:39 +00:00
Paul Bakker
d7e2483bfc Merge miscellaneous fixes into development 2015-01-13 16:04:38 +01:00
Manuel Pégourié-Gonnard
765bb31d24 Add test_suite_memory_buffer_alloc 2015-01-13 14:58:00 +01:00
Manuel Pégourié-Gonnard
f5f25b3a0d Add test for ctr_drbg_update() input sanitizing 2015-01-13 14:56:59 +01:00
Manuel Pégourié-Gonnard
cf4de32f58 Fix depends on individual curves in tests 2014-11-20 16:36:08 +01:00
Manuel Pégourié-Gonnard
5c2aa10c15 Fix curve dependency issues in X.509 test suite 2014-11-20 16:36:07 +01:00
Manuel Pégourié-Gonnard
57a5d60abb Add tests for concatenated CRLs 2014-11-19 16:08:34 +01:00
Manuel Pégourié-Gonnard
8c9223df84 Add text view to debug_print_buf() 2014-11-19 13:21:38 +01:00
Manuel Pégourié-Gonnard
8a5e3d4a40 Forbid repeated X.509 extensions 2014-11-12 18:13:58 +01:00
Manuel Pégourié-Gonnard
b134060f90 Fix memory leak with crafted X.509 certs 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
0369a5291b Fix uninitialised pointer dereference 2014-11-12 00:01:52 +01:00
Manuel Pégourié-Gonnard
7c13d69cb5 Fix dependency issues 2014-11-12 00:01:34 +01:00
Manuel Pégourié-Gonnard
a1efcb084f Implement pk_check_pair() for RSA-alt 2014-11-08 18:00:22 +01:00
Manuel Pégourié-Gonnard
70bdadf54b Add pk_check_pair() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
30668d688d Add ecp_check_pub_priv() 2014-11-06 18:25:51 +01:00
Manuel Pégourié-Gonnard
2f8d1f9fc3 Add rsa_check_pub_priv() 2014-11-06 18:25:51 +01:00
Paul Bakker
f2a459df05 Preparation for PolarSSL 1.4.0 2014-10-21 16:40:54 +02:00
Manuel Pégourié-Gonnard
4956fd7437 Test and fix anti-replay functions 2014-10-21 16:32:34 +02:00
Paul Bakker
9eac4f7c4e Prepare for release 1.3.9 2014-10-20 13:56:15 +02:00
Manuel Pégourié-Gonnard
9c911da68f Add tests for X.509 name encoding mismatch 2014-10-17 12:42:31 +02:00
Manuel Pégourié-Gonnard
5d8618539f Fix memory leak while parsing some X.509 certs 2014-10-17 12:41:41 +02:00
Manuel Pégourié-Gonnard
64938c63f0 Accept spaces at end of line/buffer in base64 2014-10-15 23:53:33 +02:00
Manuel Pégourié-Gonnard
da1b4de0e4 Increase MPI_MAX_BYTES to allow RSA 8192 2014-10-15 22:06:46 +02:00
Paul Bakker
5a5fa92bfe x509_crt_parse() did not increase total_failed on PEM error
Result was that PEM errors in files with multiple certificates were not
detectable by the user.
2014-10-03 15:47:13 +02:00
Paul Bakker
d153ef335f Missing dependencies on POLARSSL_ECP_C fixed 2014-08-18 12:00:28 +02:00
Manuel Pégourié-Gonnard
192253aaa9 Fix buffer size in pk_write_*_pem() 2014-08-14 11:34:35 +02:00
Paul Bakker
8dcb2d7d7e Support escaping of commas in x509_string_to_names() 2014-08-11 11:59:52 +02:00
Paul Bakker
bd51b262d1 Add 'exit' label and variable initialization to relevant test suite functions 2014-07-10 16:37:50 +02:00
Paul Bakker
318d0fe844 Auto add 'exit' label in every test function. Failed assert now goes there 2014-07-10 15:27:11 +02:00
Paul Bakker
4d0cfe80ea Split assert() with side effects in test suite helper 2014-07-10 15:27:11 +02:00
Paul Bakker
6c343d7d9a Fix mpi_write_string() to write "00" as hex output for empty MPI 2014-07-10 15:27:10 +02:00
Paul Bakker
5b11d026cd Fix dependencies and includes without FS_IO and PLATFORM_C 2014-07-10 15:27:10 +02:00
Paul Bakker
ec3a617d40 Make ready for release of 1.3.8 and soversion 7 2014-07-09 10:21:28 +02:00
Paul Bakker
d2a2d61a68 Adapt programs / test suites 2014-07-09 10:19:24 +02:00
Paul Bakker
a317a98221 Adapt programs / test suites 2014-07-09 10:19:24 +02:00
Paul Bakker
14e8be4d33 Adapted programs / test suites to _init() and _free() 2014-07-09 10:19:23 +02:00
Paul Bakker
8cfd9d8c59 Adapt programs / test suites to _init() and _free() 2014-07-09 10:19:23 +02:00
Paul Bakker
6697b6c13b Properly free memory in new base64 tests 2014-07-04 18:35:50 +02:00
Paul Bakker
d598318661 Fix base64_decode() to return and check length correctly 2014-07-04 15:01:00 +02:00
Paul Bakker
237a847f1c Fix typos in comments 2014-06-25 14:45:24 +02:00
Paul Bakker
2a45d1c8bb Merge changes to config examples and configuration issues 2014-06-25 11:27:00 +02:00
Manuel Pégourié-Gonnard
d249b7ab9a Restore ability to trust non-CA selfsigned EE cert 2014-06-25 11:26:13 +02:00
Manuel Pégourié-Gonnard
c4eff16516 Restore ability to use v1 CA if trusted locally 2014-06-25 11:26:12 +02:00
Manuel Pégourié-Gonnard
f87cad9397 Fix some curve-specific depends in tests 2014-06-24 16:55:17 +02:00
Manuel Pégourié-Gonnard
8f625632bb Fix dependencies: GCM != AEAD != CCM 2014-06-24 15:26:28 +02:00
Manuel Pégourié-Gonnard
f9378d8f11 Fix dependencies on PEM in tests and programs 2014-06-24 13:11:25 +02:00
Manuel Pégourié-Gonnard
0f7b619875 Fix tests dependencies in X509_USE_C 2014-06-24 12:54:46 +02:00
Manuel Pégourié-Gonnard
fea3102dcb Fix dependencies on X509_CRT_C in tests 2014-06-24 12:54:46 +02:00
Paul Bakker
1c98ff96b5 Merge more test improvements and tests
Conflicts:
	tests/suites/test_suite_cipher.blowfish.data
2014-06-24 11:12:00 +02:00
Manuel Pégourié-Gonnard
398c57b0b3 Blowfish accepts variable key len in cipher layer 2014-06-24 11:01:33 +02:00
Manuel Pégourié-Gonnard
ed5c03ff1d Add tests for Blowfish-ECB via the cipher layer 2014-06-23 12:05:11 +02:00
Manuel Pégourié-Gonnard
f3b47243df Split x509_csr_parse_der() out of x509_csr_parse() 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
15f58a86f7 Add test for mpi_gen_prime() 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
0dc5e0d80b Add helper function zero_malloc for tests 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
b25f81665f Add test for bad arguments to MD functions 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
5e7693f6ba Add tests for bad arguments to cipher functions 2014-06-23 11:54:57 +02:00
Manuel Pégourié-Gonnard
6deaac0e62 Add tests vectors for (3)DES via cipher layer 2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
255fe4b10e Add tests for Blowfish-ECB via the cipher layer 2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
d77cd5d0c3 Add tests for x509_csr_parse 2014-06-23 11:52:59 +02:00
Manuel Pégourié-Gonnard
66aca931bc Add tests for pkcs5_pbes2 2014-06-23 11:52:59 +02:00
Paul Bakker
3461772559 Introduce polarssl_zeroize() instead of memset() for zeroization 2014-06-14 16:46:03 +02:00
Paul Bakker
c2ff2083ee Merge parsing and verification of RSASSA-PSS in X.509 modules 2014-06-12 22:02:47 +02:00
Manuel Pégourié-Gonnard
c7c56b2e82 Add more tests for the entropy module 2014-06-10 15:38:44 +02:00
Manuel Pégourié-Gonnard
2c25eb0b0a Add test_suite_entropy 2014-06-10 15:38:44 +02:00
Manuel Pégourié-Gonnard
7b4919c399 Add test vectors for XTEA CBC
Generate using an independent implementation found at:
https://code.google.com/p/zzt-code-base/source/browse/trunk/src/python/xtea.py
2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard
c22bb4994c Add tests for asn1_write_ia5_string() 2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard
36178ffb87 Add tests for asn1_write_octet_string() 2014-06-10 15:38:43 +02:00
Manuel Pégourié-Gonnard
5873b00b7f Add pathological RSASSA-PSS test certificates
Certificates announcing different PSS options than the ones actually used for
the signature. Makes sure the options are correctly passed to the verification
function.
2014-06-07 11:21:52 +02:00
Manuel Pégourié-Gonnard
97049c26d8 Add forgotten depends in test 2014-06-06 17:00:03 +02:00
Manuel Pégourié-Gonnard
d1539b1e88 Rename RSASSA_PSS_CERTIFICATES to X509_RSASSA_PSS_SUPPORT 2014-06-06 16:42:37 +02:00
Manuel Pégourié-Gonnard
854036956d Add tests for x509 rsassa_pss params parsing 2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard
3d49b9d220 Add test helper function unhexify_alloc() 2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard
b29a7ba3f2 Fix missing depends in test_suite_pk 2014-06-06 16:32:22 +02:00
Manuel Pégourié-Gonnard
eacccb7fb9 Add RSASSA-PSS certificate with all defaults 2014-06-05 18:00:08 +02:00
Manuel Pégourié-Gonnard
53882023e7 Also verify CRLs signed with RSASSA-PSS 2014-06-05 17:59:55 +02:00
Manuel Pégourié-Gonnard
20422e9a3a Add pk_verify_ext() 2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard
3a6a95d67c Cleanup depends in PKCS#1 v2.1 test suite 2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard
5ec628a2b9 Add rsa_rsassa_pss_verify_ext() 2014-06-05 14:02:05 +02:00
Manuel Pégourié-Gonnard
920e1cd5e2 Add basic PSS cert verification
Still todo:
- handle MGF-hash != sign-hash
- check effective salt len == announced salt len
- add support in the PK layer so that we don't have to bypass it here
2014-06-04 12:09:08 +02:00
Manuel Pégourié-Gonnard
78117d57b0 Consider trailerField a constant 2014-06-02 16:12:46 +02:00
Manuel Pégourié-Gonnard
39868ee301 Parse CSRs signed with RSASSA-PSS 2014-06-02 16:10:30 +02:00
Manuel Pégourié-Gonnard
2a8d7fd76e Add tests for parsing CSRs 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
8e42ff6bde Parse CRLs signed with RSASSA-PSS 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
9df5c96214 Fix dependencies 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
e76b750b69 Finish parsing RSASSA-PSS parameters 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
f346bab139 Start parsing RSASSA-PSS parameters 2014-06-02 16:10:29 +02:00
Manuel Pégourié-Gonnard
59a75d5b9d Basic parsing of certs signed with RSASSA-PSS 2014-06-02 16:10:29 +02:00
Paul Bakker
1ebc0c592c Fix typos 2014-05-22 15:47:58 +02:00
Paul Bakker
b5212b436f Merge CCM cipher mode and ciphersuites
Conflicts:
	library/ssl_tls.c
2014-05-22 15:30:31 +02:00
Paul Bakker
4cdb4d9bb7 X509 time-related tests depend on POLARSSL_HAVE_TIME 2014-05-22 14:22:59 +02:00
Manuel Pégourié-Gonnard
542eac5aba Add tests for CCM via cipher layer 2014-05-20 17:26:16 +02:00
Manuel Pégourié-Gonnard
64bf996fd9 Add test vectors for Camellia-CCM 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard
0f6b66dba1 CCM operations allow input == output 2014-05-14 14:10:35 +02:00
Manuel Pégourié-Gonnard
e8b8d01782 Use tighter buffers in CCM test suite 2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard
87df5ba0a1 Add test for length checks 2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard
ce77d55023 Implement ccm_auth_decrypt() 2014-05-07 12:13:13 +02:00
Manuel Pégourié-Gonnard
002323340a Refactor to prepare for CCM decryption 2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard
9322e49037 Add NIST CAVS 11.0 test vectors for AES-CCM
Since there are 2160 test vectors fro encryption, which is a lot,
only the first one (out of ten) for each length quadruple was kept.
2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard
637eb3d31d Add ccm_encrypt_and_tag() 2014-05-07 12:13:12 +02:00
Manuel Pégourié-Gonnard
9fe0d13e8d Add ccm_init/free() 2014-05-06 12:12:45 +02:00
Manuel Pégourié-Gonnard
a6916fada8 Add (placeholder) CCM module 2014-05-06 11:28:09 +02:00
Paul Bakker
da13016d84 Prepped for 1.3.7 release 2014-05-01 14:27:19 +02:00
Paul Bakker
2a024ac86a Merge dependency fixes 2014-04-30 16:50:59 +02:00
Paul Bakker
f96f7b607a On OpenBSD, use arc4random_buf() instead of rand() to prevent warnings 2014-04-30 16:02:38 +02:00
Paul Bakker
24f37ccaed rsa_check_pubkey() now allows an E up to N 2014-04-30 13:43:51 +02:00
Paul Bakker
0f90d7d2b5 version_check_feature() added to check for compile-time options at run-time 2014-04-30 11:49:44 +02:00
Manuel Pégourié-Gonnard
3d41370645 Fix hash dependencies in X.509 tests 2014-04-29 15:29:41 +02:00
Manuel Pégourié-Gonnard
edc81ff8c2 Fix some more curve depends in X.509 tests 2014-04-29 15:10:40 +02:00
Manuel Pégourié-Gonnard
ec4d27398a Fix curve dependencies in *keyusage tests 2014-04-29 15:06:41 +02:00
Paul Bakker
c73079a78c Add debug_set_threshold() and thresholding of messages 2014-04-25 16:58:16 +02:00
Paul Bakker
92478c37a6 Debug module only outputs full lines instead of parts 2014-04-25 16:58:15 +02:00
Paul Bakker
eaebbd5eaa debug_set_log_mode() added to determine raw or full logging 2014-04-25 16:58:14 +02:00
Paul Bakker
57ffa5570d Add tests for debug_print_ret() and debug_print_buf(). 2014-04-25 16:58:13 +02:00
Paul Bakker
2b34657b39 Updated Debug test suite data 2014-04-25 16:58:12 +02:00
Paul Bakker
8a0c0a9ed9 Check additional return values in some test cases 2014-04-17 17:24:23 +02:00
Paul Bakker
94b916c7b5 Split assignment and assert check into seperate lines in tests 2014-04-17 16:07:20 +02:00
Paul Bakker
dd0aae92e0 Replaced strcpy() with strncpy() in tests suites 2014-04-17 16:06:37 +02:00
Paul Bakker
b6487dade9 Fixed result for test case in test_suite_x509parse 2014-04-17 16:04:33 +02:00
Paul Bakker
784b04ff9a Prepared for version 1.3.6 2014-04-11 15:33:59 +02:00
Paul Bakker
d8b0c5ef01 Fixed typo 2014-04-11 15:31:33 +02:00
Paul Bakker
52c5af7d2d Merge support for verifying the extendedKeyUsage extension in X.509 2014-04-11 13:58:57 +02:00
Paul Bakker
1630058dde Potential buffer overwrite in pem_write_buffer() fixed
Length indication when given a too small buffer was off.
Added regression test in test_suite_pem to detect this.
2014-04-11 13:58:05 +02:00
Manuel Pégourié-Gonnard
add05d7125 Fix some dependency declarations in X.509 tests 2014-04-11 11:12:40 +02:00
Manuel Pégourié-Gonnard
7afb8a0dca Add x509_crt_check_extended_key_usage() 2014-04-11 11:09:00 +02:00
Paul Bakker
5c986f5244 Make test suite checks dependent on POLARSSL_X509_CHECK_KEY_USAGE 2014-04-09 16:58:51 +02:00
Manuel Pégourié-Gonnard
99d4f19111 Add keyUsage checking for CAs 2014-04-09 15:50:58 +02:00
Manuel Pégourié-Gonnard
603116c570 Add x509_crt_check_key_usage() 2014-04-09 15:50:57 +02:00
Manuel Pégourié-Gonnard
0148875cfc Add tests and fix bugs for RSA-alt contexts 2014-04-04 17:46:46 +02:00
Manuel Pégourié-Gonnard
edb242fb2f Minimally test md_process and associated wrappers 2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
f8708ddc95 Also test shax_hmac_reset in test_suite_hmac_shax 2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
9ce7e8414a Add test for des_key_check_weak() 2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
3fec220a33 Add test for dhm_parse_dhmfile 2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
66dfc5a689 Add test for cipher_list() 2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
f3013830cc Tests for MD info functions 2014-04-04 16:42:44 +02:00
Manuel Pégourié-Gonnard
5819db1384 Test RIPEMD160 via MD layer more completely 2014-04-04 16:34:37 +02:00
Manuel Pégourié-Gonnard
59ba4e983b Test generic md_hmac_reset() 2014-04-04 16:34:37 +02:00
Manuel Pégourié-Gonnard
58319e7f5c Test mdX_hmax_reset() functions 2014-04-04 16:34:37 +02:00
Manuel Pégourié-Gonnard
7afdb88216 Test and fix x509_oid functions 2014-04-04 16:34:30 +02:00
Manuel Pégourié-Gonnard
6c1a73e061 Improve x509xrite_csr testing: extensions, version 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
c5ce83a3b8 Improve x509xrite_csr testing: extensions, ECDSA 2014-04-04 16:33:01 +02:00
Manuel Pégourié-Gonnard
52a555cd7d Also test backwards compat strerror() function 2014-04-04 16:33:00 +02:00
Manuel Pégourié-Gonnard
7b30cfc5b0 x509_crt_info() list output cosmectics 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
f6f4ab40d3 Print extended key usage in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
65c2ddc318 Print key_usage in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
bce2b30855 Print subject alt name in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
919f8f5829 Print NS Cert Type in x509_crt_info() 2014-04-04 14:01:39 +02:00
Manuel Pégourié-Gonnard
b28487db1f Start printing extensions in x509_crt_info() 2014-04-04 14:01:39 +02:00
Paul Bakker
96d5265315 Made ready for release 1.3.5 2014-03-26 16:55:50 +01:00
Manuel Pégourié-Gonnard
c042cf0013 Fix broken tests due to changed error code
Introduced in 5246ee5c59
2014-03-26 14:12:20 +01:00
Manuel Pégourié-Gonnard
a11a77f316 Add test for SpecifiedECDomain 2014-03-19 16:50:59 +01:00
Manuel Pégourié-Gonnard
c7a88a960d Fix more depend issues on specific curves 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
9533765b25 Reject certs and CRLs from the future 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
6304f786e0 Add x509_time_future() 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
29dcc0b93c Fix depend issues in test suites for cipher modes 2014-03-13 19:25:06 +01:00
Manuel Pégourié-Gonnard
c9093085ed Revert "Merged RSA-PSS support in Certificate, CSR and CRL"
This reverts commit ab50d8d30c, reversing
changes made to e31b1d992a.
2014-02-12 09:39:59 +01:00
Paul Bakker
ab50d8d30c Merged RSA-PSS support in Certificate, CSR and CRL 2014-02-06 13:14:56 +01:00
Manuel Pégourié-Gonnard
fbf0915404 Fix bug in RSA PKCS#1 v1.5 "reversed" operations 2014-02-05 17:01:24 +01:00
Manuel Pégourié-Gonnard
c4919bc528 Add tests for rsa_copy() 2014-02-05 17:00:39 +01:00
Manuel Pégourié-Gonnard
725afd8b55 Fix the 'error' test suite 2014-02-01 11:54:28 +01:00
Manuel Pégourié-Gonnard
e6cdbbd40b Add tests for th init_buf() variant of HMAC_DRBG 2014-02-01 11:30:03 +01:00
Manuel Pégourié-Gonnard
7575daa1f2 Expand CTR_DRBG test coverage 2014-01-31 12:16:54 +01:00
Manuel Pégourié-Gonnard
b3b205e081 Clean up details in ctr_drbg_selftest() 2014-01-31 12:04:06 +01:00
Manuel Pégourié-Gonnard
79afaa0551 Add hmac_drbg_selftest() 2014-01-31 11:52:14 +01:00
Manuel Pégourié-Gonnard
62273b88ab Add NIST validation tests for HMAC_DRBG pr=true 2014-01-31 10:19:05 +01:00
Manuel Pégourié-Gonnard
24600b7c8a Add NIST validation tests for HMAC_DRBG nopr 2014-01-31 09:58:12 +01:00
Manuel Pégourié-Gonnard
4f880a5dc2 Add misc tests for HMAC_DRBG 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
48bc3e81da Add hmac_drbg_{write,update}_seed_file() 2014-01-30 23:17:33 +01:00
Manuel Pégourié-Gonnard
6801f39397 Add NIST no_reseed validation tests for HMAC_DRBG 2014-01-30 23:17:33 +01:00
Paul Bakker
2aca241425 Ready for release 1.3.4 2014-01-27 11:59:30 +01:00
Paul Bakker
42099c3155 Revert "Add pk_rsa_set_padding() and rsa_set_padding()"
This reverts commit b4fae579e8.

Conflicts:
	library/pk.c
	tests/suites/test_suite_pk.data
	tests/suites/test_suite_pk.function
2014-01-27 11:59:29 +01:00
Manuel Pégourié-Gonnard
41cae8e1f9 Parse CSRs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
d4fd57dda4 Add tests for parsing CSRs 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
5eeb32b552 Parse CRLs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
ce7c6fd433 Fix dependencies 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
3c1e8b539c Finish parsing RSASSA-PSS parameters 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
d9fd87be33 Start parsing RSASSA-PSS parameters 2014-01-25 12:48:58 +01:00
Manuel Pégourié-Gonnard
b1d4eb16e4 Basic parsing of certs signed with RSASSA-PSS 2014-01-25 12:48:58 +01:00
Paul Bakker
556efba51c Added AES CFB8 mode 2014-01-24 15:38:12 +01:00
Manuel Pégourié-Gonnard
a56d363724 Fix missing dependency declaration in test 2014-01-23 17:50:56 +01:00
Manuel Pégourié-Gonnard
027a7cb800 Rm now useless test helper function 2014-01-23 17:00:33 +01:00
Manuel Pégourié-Gonnard
544416aa99 Fix failing ECDH test (test vectors misuse) 2014-01-23 16:55:18 +01:00
Paul Bakker
bf98c3dd11 Merged deterministic ECDSA
Conflicts:
	library/ecdsa.c
2014-01-23 15:48:01 +01:00
Manuel Pégourié-Gonnard
2d5f142dc6 Fix warning in main_test 2014-01-22 16:01:17 +01:00
Manuel Pégourié-Gonnard
dfab4c1193 Add forgotten #ifdef and depends_on 2014-01-22 16:01:06 +01:00
Manuel Pégourié-Gonnard
e707eb6df3 Fix unused variable in test case 2014-01-22 14:57:36 +01:00
Paul Bakker
5862eee4ca Merged RIPEMD-160 support 2014-01-22 14:18:34 +01:00
Paul Bakker
61b699ed1b Renamed RMD160 to RIPEMD160 2014-01-22 14:17:31 +01:00
Paul Bakker
0ac99ca7bc Merged support for secp224k1, secp192k1 and secp25k1 2014-01-22 13:10:48 +01:00
Manuel Pégourié-Gonnard
b4fae579e8 Add pk_rsa_set_padding() and rsa_set_padding() 2014-01-22 13:03:27 +01:00
Manuel Pégourié-Gonnard
ea499a7321 Add support for secp192k1 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
18e3ec9b4d Add support for secp224k1 2014-01-17 21:41:39 +01:00
Manuel Pégourié-Gonnard
e4d47a655b Add RIPEMD-160 to the generic MD layer 2014-01-17 20:41:32 +01:00
Manuel Pégourié-Gonnard
ff40c3ac34 Add HMAC support to RIPEMD-160 2014-01-17 20:04:59 +01:00
Manuel Pégourié-Gonnard
130fe97055 Tighten sizes in mdx.function 2014-01-17 14:23:48 +01:00
Manuel Pégourié-Gonnard
df2437d156 Rm redundant "depends" in mdx.data 2014-01-17 14:09:46 +01:00
Manuel Pégourié-Gonnard
cab4a8807c Add RIPEMD-160 (core functions) 2014-01-17 14:04:25 +01:00
Manuel Pégourié-Gonnard
f51c8fc353 Add support for secp256k1 arithmetic 2014-01-10 18:17:18 +01:00
Manuel Pégourié-Gonnard
937340bce0 Add ecdsa_write_signature_det() 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
4daaef7e27 Add ecdsa_sign_det() with test vectors 2014-01-06 15:29:03 +01:00
Manuel Pégourié-Gonnard
fae079e4c5 Adapt ECDSA tests to new ecp_gen_keypair() 2014-01-06 11:01:24 +01:00
Manuel Pégourié-Gonnard
217a29c844 Fix bug in rnd_pseudo_rnd() test helper function
Only the first 4 bytes of the output were set, the rest was untouched.
2014-01-03 12:19:19 +01:00
Paul Bakker
5bc07a3d30 Prepped for 1.3.3 2013-12-31 10:57:44 +01:00
Paul Bakker
3a8cb6ff8e Proper const modifier in test_suite_x509_csr_check() 2013-12-30 20:41:54 +01:00
Paul Bakker
a5320904bf Fixed dependency on POLARSSL_GENPRIME in PK tests 2013-12-19 17:29:52 +01:00
Paul Bakker
474c2ce05f Fixed dependencies for some tests 2013-12-19 16:40:30 +01:00
Manuel Pégourié-Gonnard
a60fe8943d Add mpi_safe_cond_swap() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
357ff65a51 Details in ecp_mul_mxz() 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
fe0af405f9 Adapt ecp_gen_keypair() to Curve25519 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
9a4a5ac4de Fix bug in mpi_set_bit 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
a0179b8c4a Change ecp_mul to handle Curve25519 too 2013-12-05 15:58:38 +01:00
Manuel Pégourié-Gonnard
312d2e8ea2 Adapt key checking functions for Curve25519 2013-12-05 15:58:38 +01:00
Paul Bakker
76af736a47 Merged splitting off curves from ecp.c into ecp_curves.c 2013-12-02 22:01:26 +01:00
Paul Bakker
a2ffccd09f Fixed memory leak in new x509parse test 2013-12-02 21:56:37 +01:00
Manuel Pégourié-Gonnard
a0d758b917 Fix typo in test dependency 2013-12-02 16:34:24 +01:00
Paul Bakker
c680405135 Removed test for empty data_files/dir0
dir0 is not in git (empty directories cannot be added to git)
2013-12-02 15:26:02 +01:00
Paul Bakker
014f143c2a Merged EC key generation support 2013-12-02 14:55:09 +01:00
Manuel Pégourié-Gonnard
0267e3dc9b Add ecp_curve_info_from_name() 2013-11-30 15:10:14 +01:00
Manuel Pégourié-Gonnard
104ee1d1f6 Add ecp_genkey(), prettier wrapper 2013-11-30 14:35:07 +01:00
Manuel Pégourié-Gonnard
fbae2a1f53 Add tests for x509_crt_parse_path() 2013-11-28 18:07:39 +01:00
Paul Bakker
3ddfa663a5 Renamed test_offset to prevent clash with one in ctr_drbg.c 2013-11-26 17:45:20 +01:00
Paul Bakker
3209ce3692 Merged ECP improvements 2013-11-26 15:19:17 +01:00
Paul Bakker
e4c71f0e11 Merged Prime generation improvements 2013-11-25 14:27:28 +01:00
Paul Bakker
8fc30b178c Various const fixes 2013-11-25 13:29:43 +01:00
Manuel Pégourié-Gonnard
378fb4b70a Split mpi_is_prime() and make its first arg const 2013-11-22 19:40:32 +01:00
Manuel Pégourié-Gonnard
3e3d2b818c Fix bug in mpi_safe_cond_assign() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
71c2c21601 Add mpi_safe_cond_assign() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
5868163e07 Add mpi_shrink() 2013-11-21 21:56:38 +01:00
Manuel Pégourié-Gonnard
ff27b7c968 Tighten ecp_mul() validity checks 2013-11-21 21:56:38 +01:00
Paul Bakker
f4dc186818 Prep for PolarSSL 1.3.2 2013-11-04 17:29:42 +01:00
Paul Bakker
60b1d10131 Fixed spelling / typos (from PowerDNS:codespell) 2013-10-29 10:02:51 +01:00
Paul Bakker
7bc745b6a1 Merged constant-time padding checks 2013-10-28 14:40:26 +01:00
Paul Bakker
1642122f8b Merged support for Camellia-GCM + ciphersuite and fixes to cipher layer 2013-10-28 14:38:35 +01:00
Paul Bakker
3f917e230d Merged optimizations for MODP NIST curves 2013-10-28 14:18:26 +01:00
Paul Bakker
08bb187bb6 Merged Public Key framwork tests 2013-10-28 14:11:09 +01:00
Manuel Pégourié-Gonnard
3daaf3d21d X509 key identifiers depend on SHA1 2013-10-28 13:58:32 +01:00
Manuel Pégourié-Gonnard
f8669dabf2 Fix error.c test suite relying on old name 2013-10-28 13:58:10 +01:00
Manuel Pégourié-Gonnard
7446833626 Fix endianness issue in test helper function 2013-10-28 13:02:20 +01:00
Manuel Pégourié-Gonnard
f8ab069d6a Make get_pkcs_padding() constant-time 2013-10-27 17:25:57 +01:00
Manuel Pégourié-Gonnard
c2bd7a2f2f Add test vectors for Camellia-GCM via cipher layer 2013-10-24 16:49:51 +02:00
Manuel Pégourié-Gonnard
0684f74023 Add failing test vectors for Camellia-GCM auth 2013-10-24 16:19:30 +02:00
Manuel Pégourié-Gonnard
2009718fbe Add tests for AES-{192,256}-GCM in cipher layer 2013-10-24 16:02:02 +02:00
Manuel Pégourié-Gonnard
87181d1deb Add Camellia-GCM to th cipher layer 2013-10-24 14:02:40 +02:00
Manuel Pégourié-Gonnard
7bd8a99e11 Fix GCM dependencies 2013-10-24 13:39:39 +02:00
Manuel Pégourié-Gonnard
13e0d449f7 Add Camellia-GCM test vectors
https://tools.ietf.org/html/draft-kato-ipsec-camellia-gcm-03#section-4
2013-10-24 13:24:25 +02:00
Manuel Pégourié-Gonnard
083d66821e Make GCM tests accept any cipher, not just AES 2013-10-24 13:21:39 +02:00
Manuel Pégourié-Gonnard
94dd5b4dd4 Rename GCM test suites to AES-GCM 2013-10-24 13:21:39 +02:00
Manuel Pégourié-Gonnard
e783f06f73 Start working on mod_p224
(Prototype, works only on 32-bit and little-endian 64-bit.)
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
cc67aee9c8 Make ecp_mod_p521 a bit faster 2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
d1e7a45fdd Rework ecp_mod_p192()
On x86_64, this makes it 5x faster, and ecp_mul() 17% faster for this curve.
The code is shorter too.
2013-10-23 13:24:55 +02:00
Manuel Pégourié-Gonnard
748190d319 Fix some dependency issues 2013-10-17 13:26:48 +02:00
Manuel Pégourié-Gonnard
75c7882de3 Add PK test for forbidden operations 2013-10-17 12:57:47 +02:00
Manuel Pégourié-Gonnard
67d4583835 Add PK tests for rsa encrypt/decrypt 2013-10-17 12:57:47 +02:00
Manuel Pégourié-Gonnard
b0a467fdbe Start adding a PK test suite 2013-10-15 15:19:59 +02:00
Paul Bakker
5c17ccdf2a Bumped version to 1.3.1 2013-10-15 13:12:41 +02:00
Manuel Pégourié-Gonnard
48ac3db551 Add OIDs for brainpool curves 2013-10-10 15:11:33 +02:00
Manuel Pégourié-Gonnard
201401646e Fix a few selftest typos 2013-10-10 13:21:48 +02:00
Manuel Pégourié-Gonnard
43545c8b4f Add test vectors for brainpool curves 2013-10-10 12:56:00 +02:00
Paul Bakker
1337affc91 Buffer allocator threading support 2013-09-29 15:02:11 +02:00
Paul Bakker
1ffefaca1e Introduced entropy_free() 2013-09-29 15:01:42 +02:00
Manuel Pégourié-Gonnard
420edcaf1d Clean up config-suite-b.h thanks to new certs 2013-09-25 11:52:38 +02:00
Manuel Pégourié-Gonnard
cc648d19dc Adapt test cases to new certs and file names 2013-09-24 21:25:54 +02:00
Manuel Pégourié-Gonnard
cbf3ef3861 RSA and ECDSA key exchanges don't depend on CRL 2013-09-24 21:25:53 +02:00
Paul Bakker
c27c4e2efb Support faulty X509 v1 certificates with extensions
(POLARSSL_X509_ALLOW_EXTENSIONS_NON_V3)
2013-09-23 15:01:36 +02:00
Manuel Pégourié-Gonnard
a7496f00ff Fix a few more warnings in small configurations 2013-09-20 11:29:59 +02:00
Manuel Pégourié-Gonnard
4fee79b885 Fix some more depend issues 2013-09-20 10:58:59 +02:00
Manuel Pégourié-Gonnard
387a211fad Fix some dependencies in tests 2013-09-20 10:58:59 +02:00
Paul Bakker
5ad403f5b5 Prepared for 1.3.0 RC0 2013-09-18 21:21:30 +02:00
Manuel Pégourié-Gonnard
15d5de1969 Simplify usage of DHM blinding 2013-09-18 14:35:55 +02:00
Manuel Pégourié-Gonnard
456d3b9b0b Make ECP error codes more specific 2013-09-18 14:35:53 +02:00
Manuel Pégourié-Gonnard
dd0f57f186 Check key size in cipher_setkey() 2013-09-18 14:34:32 +02:00
Paul Bakker
c559c7a680 Renamed x509_cert structure to x509_crt for consistency 2013-09-18 14:32:52 +02:00
Paul Bakker
ddf26b4e38 Renamed x509parse_* functions to new form
e.g. x509parse_crtfile -> x509_crt_parse_file
2013-09-18 13:46:23 +02:00
Paul Bakker
369d2eb2a2 Introduced x509_crt_init(), x509_crl_init() and x509_csr_init() 2013-09-18 12:01:43 +02:00
Paul Bakker
86d0c1949e Generalized function names of x509 functions not parse-specific
x509parse_serial_gets -> x509_serial_gets
x509parse_dn_gets -> x509_dn_gets
x509parse_time_expired -> x509_time_expired
2013-09-18 12:01:42 +02:00
Paul Bakker
5187656211 Renamed X509 / X509WRITE error codes to generic (non-cert-specific) 2013-09-17 14:36:05 +02:00
Paul Bakker
36713e8ed9 Fixed bunch of X509_PARSE related defines / dependencies 2013-09-17 13:25:29 +02:00
Paul Bakker
7c6b2c320e Split up X509 files into smaller modules 2013-09-16 21:41:54 +02:00
Paul Bakker
cff6842b39 POLARSSL_PEM_C split into POLARSSL_PEM_PARSE_C and POLARSSL_PEM_WRITE_C 2013-09-16 13:36:18 +02:00
Paul Bakker
77e23fb0e0 Move *_pemify() function to PEM module 2013-09-15 20:03:26 +02:00
Paul Bakker
40ce79f1e6 Moved DHM parsing from X509 module to DHM module 2013-09-15 17:43:54 +02:00
Paul Bakker
dce7fdcbc9 Fixed warnings in case POLARSSL_PEM_C is not defined 2013-09-15 17:15:26 +02:00
Paul Bakker
2292d1fad0 Fixed warnings in case POLARSSL_X509_PARSE_C is not defined 2013-09-15 17:06:49 +02:00
Paul Bakker
de56ca1097 The suite specific header should only be used when the suite is active 2013-09-15 17:05:21 +02:00
Paul Bakker
4606c7317b Added POLARSSL_PK_PARSE_C and POLARSSL_PK_WRITE_C 2013-09-15 17:04:23 +02:00
Paul Bakker
428b9ba3b7 Moved POLARSSL_FS_IO check to .function from .data 2013-09-15 15:20:37 +02:00
Paul Bakker
e827ce013f Fix for parse commit 2013-09-15 15:08:31 +02:00
Paul Bakker
c7bb02be77 Moved PK key writing from X509 module to PK module 2013-09-15 14:54:56 +02:00
Paul Bakker
1a7550ac67 Moved PK key parsing from X509 module to PK module 2013-09-15 13:47:30 +02:00
Manuel Pégourié-Gonnard
92cb1d3a91 Make CBC an option, step 3: individual ciphers 2013-09-13 17:25:43 +02:00
Manuel Pégourié-Gonnard
989ed38de2 Make CBC an option, step 2: cipher layer 2013-09-13 15:48:40 +02:00
Manuel Pégourié-Gonnard
4fe9200f47 Fix memory leak in GCM by adding gcm_free() 2013-09-13 13:45:58 +02:00
Manuel Pégourié-Gonnard
735b8fcb0b Fix blunder in 8a109f1 2013-09-13 12:57:23 +02:00
Paul Bakker
9013af76a3 Merged major refactoring of x509write module into development
This refactoring adds support for proper CSR writing and X509
certificate generation / signing
2013-09-12 11:58:04 +02:00
Manuel Pégourié-Gonnard
0237620a78 Fix some dependencies declaration 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
31e59400d2 Add missing f_rng/p_rng arguments to x509write_crt 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
f38e71afd5 Convert x509write_crt interface to PK 2013-09-12 11:57:02 +02:00
Manuel Pégourié-Gonnard
6de63e480d Add EC support to x509write_key 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
7f1f0926e4 Add test for x509write_key 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
3837daec9e Add EC support to x509write_pubkey 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
e1f821a6eb Adapt x509write_pubkey interface to use PK
key_app_writer will be fixed later
2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
33250b0461 Add test for x509write_pubkey_pem() 2013-09-12 11:57:01 +02:00
Manuel Pégourié-Gonnard
ee73179b2f Adapt x509write_csr prototypes for PK 2013-09-12 11:57:00 +02:00
Manuel Pégourié-Gonnard
27d87fa6c4 Fix many off-by-one errors 2013-09-12 11:57:00 +02:00
Paul Bakker
c0dcf0ceb1 Merged blinding additions for EC, RSA and DHM into development 2013-09-10 14:44:27 +02:00
Paul Bakker
36b7e1efe7 Merged GCM refactoring into development
GCM is now independent of AES and can be used as a mode for any
cipher-layer supported 128-bit based block cipher
2013-09-10 14:41:05 +02:00
Paul Bakker
a5943858d8 x509_verify() now case insensitive for cn (RFC 6125 6.4) 2013-09-09 17:21:45 +02:00
Paul Bakker
cd35803684 Changes x509_csr to x509write_csr 2013-09-09 12:38:45 +02:00
Paul Bakker
43aff2aec4 Moved GCM to use cipher layer instead of AES directly 2013-09-09 00:10:27 +02:00
Paul Bakker
5e0efa7ef5 Added POLARSSL_MODE_ECB to the cipher layer 2013-09-08 23:04:04 +02:00
Paul Bakker
2397cf3ede First certificate writing test. Full server1.crt reconstruction 2013-09-08 15:58:15 +02:00
Manuel Pégourié-Gonnard
b8bd593741 Restrict cipher_update() for GCM 2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
1af50a240b Cipher: test multiple cycles
GCM-cipher: just trust the user to call update_ad at the right time
2013-09-05 17:06:10 +02:00
Manuel Pégourié-Gonnard
ed8a02bfae Simplify DH blinding a bit 2013-09-04 17:18:28 +02:00
Manuel Pégourié-Gonnard
143b5028a5 Implement DH blinding 2013-09-04 16:29:59 +02:00
Manuel Pégourié-Gonnard
2d627649bf Change dhm_calc_secret() prototype 2013-09-04 14:22:07 +02:00
Manuel Pégourié-Gonnard
f7ce67f0d2 Add tests for gcm via cipher 2013-09-04 12:14:11 +02:00
Manuel Pégourié-Gonnard
8eccab5077 Add test vectors to the cipher test suite
Ensures the selected cipher/mode/padding is actually used
and padding and tag are actually checked.
2013-09-04 12:12:44 +02:00
Manuel Pégourié-Gonnard
43a4780b03 Ommit AEAD functions if GCM not defined 2013-09-03 19:28:35 +02:00
Manuel Pégourié-Gonnard
aa9ffc5e98 Split tag handling out of cipher_finish() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
2adc40c346 Split cipher_update_ad() out or cipher_reset() 2013-09-03 19:20:55 +02:00
Manuel Pégourié-Gonnard
9c853b910c Split cipher_set_iv() out of cipher_reset() 2013-09-03 13:04:44 +02:00
Manuel Pégourié-Gonnard
e09d2f8261 Change ecp_mul() prototype to allow randomization
(Also improve an error code while at it.)
2013-09-02 14:29:09 +02:00
Manuel Pégourié-Gonnard
9241be7ac5 Change cipher prototypes for GCM 2013-08-31 18:07:42 +02:00
Manuel Pégourié-Gonnard
07f8fa5a69 GCM in the cipher layer, step 1
- no support for additional data
- no support for tag
2013-08-31 16:08:22 +02:00
Manuel Pégourié-Gonnard
b5e85885de Handle NULL as a stream cipher for more uniformity 2013-08-30 17:11:28 +02:00
Manuel Pégourié-Gonnard
37e230c022 Add arc4 support in the cipher layer 2013-08-30 17:11:28 +02:00
Paul Bakker
48377d9834 Configuration option to enable/disable POLARSSL_PKCS1_V15 operations 2013-08-30 13:41:14 +02:00
Paul Bakker
548957dd49 Refactored RSA to have random generator in every RSA operation
Primarily so that rsa_private() receives an RNG for blinding purposes.
2013-08-30 10:30:02 +02:00
Paul Bakker
ca174fef80 Merged refactored x509write module into development 2013-08-28 16:32:51 +02:00
Paul Bakker
577e006c2f Merged ECDSA-based key-exchange and ciphersuites into development
Conflicts:
	include/polarssl/config.h
	library/ssl_cli.c
	library/ssl_srv.c
	library/ssl_tls.c
2013-08-28 11:58:40 +02:00
Manuel Pégourié-Gonnard
a0f07478ee Rm redundant dependencies in test files 2013-08-28 10:10:09 +02:00
Manuel Pégourié-Gonnard
df0142bd17 Fix some dependencies in tests 2013-08-27 22:21:21 +02:00
Paul Bakker
82e2945ed2 Changed naming and prototype convention for x509write functions
CSR writing functions now start with x509write_csr_*()
DER writing functions now have the context at the start instead of the
end conforming to other modules.
2013-08-25 11:01:31 +02:00
Paul Bakker
2130796658 Switched order of storing x509_req_names to match inputed order 2013-08-25 10:51:18 +02:00
Paul Bakker
8eabfc1461 Rewrote x509 certificate request writing to use structure for storing 2013-08-25 10:51:18 +02:00
Manuel Pégourié-Gonnard
3fb5c5ee1c PK: rename members for consistency CIPHER, MD
Also add pk_get_name() to remove a direct access to pk_type
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
c6ac8870d5 Nicer interface between PK and debug.
Finally get rid of pk_context.type member, too.
2013-08-20 20:46:04 +02:00
Manuel Pégourié-Gonnard
b4e9ca9650 Add some more x509_verify tests
- trust chain of depth 0
- invalid signature
- trust chain of depth 2
- multiple trusted CA's
2013-08-20 20:46:03 +02:00
Manuel Pégourié-Gonnard
05b9dce20b Add tests for crl_info with EC CA 2013-08-20 20:26:29 +02:00
Manuel Pégourié-Gonnard
6d29ff209b Add cert_info tests for EC and mixed certificates 2013-08-20 20:26:29 +02:00
Manuel Pégourié-Gonnard
6009c3ae5e Add tests for EC cert and crl validation 2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
e7f64a8e71 Add missing depends to some x509parse tests 2013-08-20 20:26:28 +02:00
Manuel Pégourié-Gonnard
20e9fad4c1 Add test files for EC cert & crl validation 2013-08-20 20:21:02 +02:00
Manuel Pégourié-Gonnard
8eebd012b9 Add an ecdsa_genkey() function 2013-08-20 20:08:28 +02:00
Manuel Pégourié-Gonnard
b694b4896c Add ecdsa_{read,write}_signature() 2013-08-20 20:04:16 +02:00
Paul Bakker
5a8a62ce1c Fixed some x509parse tests after merge of new test framework 2013-08-20 14:27:21 +02:00
Paul Bakker
898edb7744 Merged the revamped test framework into development 2013-08-20 14:23:02 +02:00
Paul Bakker
68a4fce8aa Added missing dependencies on functions and tests 2013-08-20 12:42:31 +02:00
Paul Bakker
bb20f4b720 Failing TEST_ASSERT now breaks off test 2013-08-20 12:41:33 +02:00
Paul Bakker
b34fef2f3c Suite dependencies handled correctly now 2013-08-20 12:06:33 +02:00
Paul Bakker
33b43f1ec3 Converted .function file to c-like format and adapted generator code 2013-08-20 11:48:36 +02:00
Paul Bakker
55a7e908f2 Enhanced test output presentation 2013-08-19 14:02:21 +02:00
Manuel Pégourié-Gonnard
b03de8bcbe Add test for EC keys with all curves.
(Made possible by the OID fix.)
2013-08-16 14:00:52 +02:00
Manuel Pégourié-Gonnard
06dab806ce Fix memory error in asn1_get_bitstring_null()
When *len is 0, **p would be read, which is out of bounds.
2013-08-16 14:00:52 +02:00
Paul Bakker
dbd443dca6 Adapted .function files and .data files to new test framework
Changes include:
 - Integers marked with '#' in the .function files.
 - Strings should have "" in .data files.
 - String comparison instead of preprocessor-like replace for e.g. '=='
 - Params and variables cannot have the same name in .function files
2013-08-16 13:51:37 +02:00
Paul Bakker
1934318dce Introduced own scripted test framework to replace fct.h and reduce
compile time

The new test framework generates a data file parsing engine plus the
templated function code. In order to 'understand' defines, during
the generation phase, a mapping is made to check for dependencies and
result code mappings.
2013-08-16 13:51:37 +02:00
Paul Bakker
51e73135ec Fixed expected test result case for unknown padding modes 2013-08-15 11:41:39 +02:00
Manuel Pégourié-Gonnard
ebdc413f44 Add 'no padding' mode 2013-08-14 14:02:48 +02:00
Manuel Pégourié-Gonnard
0e7d2c0f95 Add zero padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
8d4291b52a Add zeros-and-length (ANSI X.923) padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
679f9e90ad Add one-and-zeros (ISO/IEC 7816-4) padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
6c9789932e Adapt cipher tests to configurable padding 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
a640849b55 Add tests for get_padding() (PKCS#7) 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
725680ffd2 Make cipher tests less dependant on padding size 2013-08-14 14:02:47 +02:00
Manuel Pégourié-Gonnard
d5fdcaf9e5 Add cipher_set_padding() (no effect yet)
Fix pattern in tests/.gitignore along the way.
2013-08-14 14:02:46 +02:00
Paul Bakker
bd5fd4d1da RFC6229 ARC4 test vectors added to testsuite 2013-07-19 14:51:31 +02:00
Manuel Pégourié-Gonnard
4f47538ad8 Fix some 'depends' in tests 2013-07-17 15:59:44 +02:00
Manuel Pégourié-Gonnard
a2d4e644ac Some more EC pubkey parsing refactoring
Fix a bug in pk_rsa() and pk_ec() along the way
2013-07-17 15:59:43 +02:00
Manuel Pégourié-Gonnard
893879adbd Adapt debug_print_crt() for EC keys 2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
a3c86c334c Certificates with EC key and/or sig parsed 2013-07-17 15:59:42 +02:00
Manuel Pégourié-Gonnard
72ef0b775d Add test certificate signed with ECDSA 2013-07-17 15:59:41 +02:00
Manuel Pégourié-Gonnard
244569f4b1 Use generic x509_get_pubkey() for RSA functions 2013-07-17 15:59:40 +02:00
Paul Bakker
8ea6c61477 Rename of prvkey -> privkey fix in test suite files 2013-07-16 17:16:58 +02:00
Manuel Pégourié-Gonnard
de44a4aecf Rename ecp_check_prvkey with a 'i' for consistency 2013-07-09 16:42:34 +02:00
Manuel Pégourié-Gonnard
8838099330 Add x509parse_{,public}_key{,file}()
Also make previously public *_ec functions private.
2013-07-08 17:32:27 +02:00
Manuel Pégourié-Gonnard
2b9252cd8f Add tests for x509parse_key_ec()
Test files were generated as follows:

openssl ecparam -name prime192v1 -genkey > key.pem

openssl ec -in key.pem -pubout -outform PEM > pub.pem
openssl ec -in key.pem -pubout -outform DER > pub.der

openssl ec -in key.pem -outform pem > prv.sec1.pem
openssl ec -in key.pem -outform der > prv.sec1.der
openssl ec -in key.pem -des -passout pass:polar -outform pem > prv.sec1.pw.pem

openssl pkcs8 -topk8 -in key.pem -nocrypt -outform pem > prv.pk8.pem
openssl pkcs8 -topk8 -in key.pem -nocrypt -outform der > prv.pk8.der
openssl pkcs8 -topk8 -in key.pem -passout pass:polar -outform der \
    > prv.pk8.pw.der
openssl pkcs8 -topk8 -in key.pem -passout pass:polar -outform pem \
    > prv.pk8.pw.pem
2013-07-08 17:32:26 +02:00
Manuel Pégourié-Gonnard
1bc6931f8c Add test for x509parse_public_keyfile_ec 2013-07-08 15:31:19 +02:00
Manuel Pégourié-Gonnard
ba4878aa64 Rename x509parse_key & co with _rsa suffix 2013-07-08 15:31:18 +02:00
Manuel Pégourié-Gonnard
c8dc295e83 Add ecp_check_prvkey, with test
Also group key checking and generation functions in ecp.h and ecp.c.
2013-07-08 15:31:18 +02:00
Paul Bakker
92b8dc0535 Fixed memory leaks in tests 2013-07-03 17:22:31 +02:00
Paul Bakker
e07c431eb3 Test suite automatically uses buffer-based memory allocator if present
Eat your own dog-food..
2013-07-03 17:22:31 +02:00
Paul Bakker
d2681d82e2 Renamed sha2.{c,h} to sha256.{c,h} and sha4.{c,h} to sha512.{c,h} 2013-06-30 14:49:12 +02:00
Paul Bakker
9e36f0475f SHA2 renamed to SHA256, SHA4 renamed to SHA512 and functions accordingly
The SHA4 name was not clear with regards to the new SHA-3 standard. So
SHA2 and SHA4 have been renamed to better represent what they are:
SHA256 and SHA512 modules.
2013-06-30 14:34:05 +02:00
Paul Bakker
fd3eac5786 Cleaned up ECP error codes 2013-06-29 23:31:33 +02:00
Paul Bakker
5dc6b5fb05 Made supported curves configurable 2013-06-29 23:26:34 +02:00
Paul Bakker
f8d018a274 Made asn1_get_alg() and asn1_get_alg_null() as generic functions
A generic function for retrieving the AlgorithmIdentifier structure with
its parameters and adapted X509, PKCS#5 and PKCS#12 to use them.
2013-06-29 18:35:40 +02:00
Paul Bakker
b9d3cfa114 Split up GCM into a start/update/finish cycle 2013-06-26 15:08:29 +02:00
Paul Bakker
534f82c77a Made ctr_drbg_init_entropy_len() non-static and defined 2013-06-25 16:47:55 +02:00
Paul Bakker
b6c5d2e1a6 Cleanup up non-prototyped functions (static) and const-correctness
More fixes based on the compiler directives -Wcast-qual -Wwrite-strings
-Wmissing-prototypes -Wmissing-declarations. Not everything with regards
to -Wcast-qual has been fixed as some have unwanted consequences for the
rest of the code.
2013-06-25 16:25:17 +02:00
Paul Bakker
f67edd9db8 Made x509parse PKCS#12 and PKCS#5 tests dependent on defines
(cherry picked from commit db7ea6f162)
2013-06-25 15:06:53 +02:00
Paul Bakker
38b50d73a1 Moved PKCS#12 PBE functions to cipher / md layer where possible
The 3-key and 2-key Triple DES PBE functions have been replaced with a
single pkcs12_pbe() function that handles both situations (and more).

In addition this allows for some PASSWORD_MISMATCH checking
(cherry picked from commit 14a222cef2)
2013-06-25 15:06:53 +02:00
Paul Bakker
a4232a7ccb x509parse_crt() and x509parse_crt_der() return X509 password related codes
POLARSSL_ERR_X509_PASSWORD_MISMATCH is returned instead of
POLARSSL_ERR_PEM_PASSWORD_MISMATCH and
POLARSSL_ERR_X509_PASSWORD_REQUIRED instead of
POLARSSL_ERR_PEM_PASSWORD_REQUIRED

Rationale: For PKCS#8 encrypted keys the same are returned
(cherry picked from commit b495d3a2c7)
2013-06-25 15:06:53 +02:00
Paul Bakker
28144decef PKCS#5 v2 PBES2 support and use in PKCS#8 encrypted certificates
The error code POLARSSL_ERR_X509_PASSWORD_MISMATCH is now properly
returned in case of an encryption failure in the padding. The
POLARSSL_ERR_X509_PASSWORD_REQUIRED error code is only returned for PEM
formatted private keys as for DER formatted ones it is impossible to
distinguish if a DER blob is PKCS#8 encrypted or not.
(cherry picked from commit 1fd4321ba2)

Conflicts:
	include/polarssl/error.h
	scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker
b0c19a4b3d PKCS#5 module added. Moved PBKDF2 functionality inside and deprecated
old PBKDF2 module.
(cherry picked from commit 19bd297dc8)

Conflicts:
	include/polarssl/error.h
	scripts/generate_errors.pl
2013-06-25 15:06:52 +02:00
Paul Bakker
28837ff2f4 Make sure polarssl/config.h is included at the start
(cherry picked from commit 9691bbe9b3)
2013-06-25 15:06:51 +02:00
Paul Bakker
f1f21fe825 Parsing of PKCS#8 encrypted private key files added and PKCS#12 basis
PKCS#8 encrypted key file support has been added to x509parse_key() with
support for some PCKS#12 PBE functions (pbeWithSHAAnd128BitRC4,
pbeWithSHAAnd3-KeyTripleDES-CBC and pbeWithSHAAnd2-KeyTripleDES-CBC)
(cherry picked from commit cf6e95d9a8)

Conflicts:
	scripts/generate_errors.pl
2013-06-25 15:06:51 +02:00
Paul Bakker
e2f5040876 Internally split up x509parse_key()
Split up x509parse_key() into a (PEM) handler function and specific
DER parser functions for the PKCS#1 (x509parse_key_pkcs1_der()) and
unencrypted PKCS#8 (x509parse_key_pkcs8_unencrypted_der()) private
key formats.
(cherry picked from commit 65a1909dc6)

Conflicts:
	library/x509parse.c
2013-06-25 15:06:50 +02:00
Paul Bakker
ef3f8c747e Fixed const correctness issues in programs and tests
(cherry picked from commit e0225e4d7f)

Conflicts:
	programs/ssl/ssl_client2.c
	programs/ssl/ssl_server2.c
	programs/test/ssl_test.c
	programs/x509/cert_app.c
2013-06-24 19:09:24 +02:00
Paul Bakker
286bf3c501 Split up largest test suite data files into smaller chunks 2013-04-08 18:09:51 +02:00
Paul Bakker
c70b982056 OID functionality moved to a separate module.
A new OID module has been created that contains the main OID searching
functionality based on type-dependent arrays. A base type is used to
contain the basic values (oid_descriptor_t) and that type is extended to
contain type specific information (like a pk_alg_t).

As a result the rsa sign and verify function prototypes have changed. They
now expect a md_type_t identifier instead of the removed RSA_SIG_XXX
defines.

All OID definitions have been moved to oid.h
All OID matching code is in the OID module.

The RSA PKCS#1 functions cleaned up as a result and adapted to use the
MD layer.

The SSL layer cleanup up as a result and adapted to use the MD layer.

The X509 parser cleaned up and matches OIDs in certificates with new
module and adapted to use the MD layer.

The X509 writer cleaned up and adapted to use the MD layer.

Apps and tests modified accordingly
2013-04-07 22:00:46 +02:00
Paul Bakker
00c1f43743 Merge branch 'ecc-devel-mpg' into development 2013-03-13 16:31:01 +01:00
Paul Bakker
90f042d4cb Prepared for PolarSSL 1.2.6 release 2013-03-11 11:38:44 +01:00
Manuel Pégourié-Gonnard
424fda5d7b Add ecdh_calc_secret() 2013-02-11 22:05:42 +01:00
Manuel Pégourié-Gonnard
5cceb41d2c Add ecdh_{make,read}_public() 2013-02-11 21:51:45 +01:00
Manuel Pégourié-Gonnard
854fbd7ba2 Add ecdh_read_params(). 2013-02-11 21:32:24 +01:00
Manuel Pégourié-Gonnard
98f51815d6 Fix ecp_tls_read_point's signature 2013-02-10 13:38:29 +01:00
Manuel Pégourié-Gonnard
7c145c6418 Fix ecp_tls_read_group's signature 2013-02-10 13:20:52 +01:00
Manuel Pégourié-Gonnard
8c16f96259 Add a few tests for ecp_tls_read_point 2013-02-10 13:00:20 +01:00
Manuel Pégourié-Gonnard
46106a9d75 Add tests for (and fix bug in) ecp_tls_write_group 2013-02-10 12:51:17 +01:00
Manuel Pégourié-Gonnard
420f1eb675 Fix ecp_tls_write_point's signature 2013-02-10 12:22:46 +01:00
Manuel Pégourié-Gonnard
6282acaec2 Add basic tests for ecp_tls_*_point 2013-02-10 11:15:11 +01:00
Manuel Pégourié-Gonnard
7e86025f32 Rename ecp_*_binary to ecp_point_*_binary 2013-02-10 10:58:48 +01:00
Manuel Pégourié-Gonnard
d84895dc22 Supress 'format' argument to ecp_read_binary.
And adjust error codes for ecp_*_binary while at it.
2013-02-10 10:53:04 +01:00
Manuel Pégourié-Gonnard
1a96728964 Add function parsing a TLS ECParameters record 2013-02-09 17:53:31 +01:00
Paul Bakker
c7a2da437e Updated for PolarSSL 1.2.5 2013-02-02 19:23:57 +01:00
Manuel Pégourié-Gonnard
cf4a70c8ed Adjust names of ECDSA tests. 2013-01-27 09:10:53 +01:00
Manuel Pégourié-Gonnard
450a163c81 Fix valgrind warning in ECDSA test suite. 2013-01-27 09:08:18 +01:00
Manuel Pégourié-Gonnard
007b7177ef ECDH : add test vectors from RFC 5903. 2013-01-27 09:00:02 +01:00
Manuel Pégourié-Gonnard
602a8973d7 ECDSA : test vectors from RFC 4754 2013-01-27 08:10:28 +01:00
Manuel Pégourié-Gonnard
d1c7150bf5 Basic tests for ECDSA. 2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
61ce13b728 Basic tests for ECDH primitive 2013-01-26 19:11:28 +01:00
Manuel Pégourié-Gonnard
45a035a9ac Add ecp_gen_keypair() 2013-01-26 14:42:45 +01:00
Paul Bakker
14c56a3378 Updated for PolarSSL 1.2.4 2013-01-25 17:11:37 +01:00
Manuel Pégourié-Gonnard
5e402d88ea Added ecp_read_binary(). 2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
37d218a8e3 Added support for writing points compressed 2013-01-16 16:31:54 +01:00
Manuel Pégourié-Gonnard
e19feb5b46 Added ecp_write_binary(). 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
1c33057a63 Added ecp_check_pubkey(). 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
c554e9acf1 Added test vectors from RFC 5903 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
b63f9e98f5 Made ecp_mul() faster and truly SPA resistant 2013-01-16 16:31:53 +01:00
Manuel Pégourié-Gonnard
b4a310b472 Added a selftest about SPA resistance 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
9674fd0d5e Added ecp_sub() as a variant of ecp_add() 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
1c2782cc7c Changed to jacobian coordinates everywhere 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
4bdd47d2cb Multiplication by negative is now forbidden 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
8433824d5f Added fast mod_p192 2013-01-16 16:31:52 +01:00
Manuel Pégourié-Gonnard
e739f0133b Added test vectors from RFC 5114 to test suite 2013-01-16 16:31:50 +01:00
Manuel Pégourié-Gonnard
4b8c3f2a1c Moved tests from selftest to tests/test_suite_ecp 2013-01-16 16:31:50 +01:00
Paul Bakker
58ef6ec613 Cleaner test-memory cleanups 2013-01-03 11:33:48 +01:00
Paul Bakker
fb1ba781b3 Updated for release 1.2.3 2012-11-26 16:28:25 +01:00
Paul Bakker
df5069cb97 Updated for 1.2.2 release 2012-11-24 12:20:19 +01:00
Manuel Pégourié-Gonnard
e44ec108be Fixed segfault in mpi_shift_r()
Fixed memory leak in test_suite_mpi
Amended ChangeLog
2012-11-18 23:15:02 +01:00
Paul Bakker
e0f41f3086 - Updated version to 1.2.1 2012-11-13 12:55:02 +00:00
Paul Bakker
9daf0d0651 - Added max length check for rsa_pkcs1_sign with PKCS#1 v2.1 2012-11-13 12:13:27 +00:00
Paul Bakker
f02c5642d0 - Allow R and A to point to same mpi in mpi_div_mpi 2012-11-13 10:25:21 +00:00
Paul Bakker
8f387e6605 - Updated trunk base version to 1.2.0 for prerelease 1 2012-10-02 15:26:45 +00:00
Paul Bakker
5c2364c2ba - Moved from unsigned long to uint32_t throughout code 2012-10-01 14:41:15 +00:00
Paul Bakker
915275ba78 - Revamped x509_verify() and the SSL f_vrfy callback implementations 2012-09-28 07:10:55 +00:00
Paul Bakker
31417a71f8 - Fixed tests for enhanced rsa_check_privkey() 2012-09-27 20:41:37 +00:00
Paul Bakker
1a0f552030 - Fixed test for 'trust extension' change 2012-09-25 21:53:55 +00:00
Paul Bakker
17a9790918 - Added regression check for latest mpi_add_abs() issue 2012-09-17 08:44:35 +00:00
Paul Bakker
68b6d88f5e - Clear all memory 2012-09-08 14:04:13 +00:00
Paul Bakker
f518b16f97 - Added PKCS#5 PBKDF2 key derivation function 2012-08-23 13:03:18 +00:00
Paul Bakker
9195662a4c - Added test for no-subject certificates with altSubjectNames 2012-08-23 10:46:54 +00:00
Paul Bakker
6132d0aa93 - Added Blowfish to generic cipher layer
- Renamed POLARSSL_MODE_CFB128 to POLARSSL_MODE_CFB
2012-07-04 17:10:40 +00:00
Paul Bakker
a9379c0ed1 - Added base blowfish algorithm 2012-07-04 11:02:11 +00:00
Paul Bakker
f6198c1513 - mpi_exp_mod() now correctly handles negative base numbers (Closes ticket #52) 2012-05-16 08:02:29 +00:00
Paul Bakker
40dd5303c2 - Fixed test on Big Endian systems (Fixed Ticket #54) 2012-05-15 15:02:38 +00:00
Paul Bakker
4d2c1243b1 - Changed certificate verify behaviour to comply with RFC 6125 section 6.3 to not match CN if subjectAltName extension is present. 2012-05-10 14:12:46 +00:00
Paul Bakker
0c8f73ba8b - Fixed a mistake in mpi_cmp_mpi() where longer B values are handled wrong 2012-03-22 14:08:57 +00:00
Paul Bakker
89e80c9a43 - Added base Galois/Counter mode (GCM) for AES 2012-03-20 13:50:09 +00:00
Paul Bakker
6d6205091b - First tests for x509_write_cert_req() compat with OpenSSL output 2012-02-16 14:09:13 +00:00
Paul Bakker
b08e6843c2 - Removed test memory leaks 2012-02-11 18:43:20 +00:00
Paul Bakker
57b12982b3 - Multi-domain certificates support wildcards as well 2012-02-11 17:38:38 +00:00
Paul Bakker
a8cd239d6b - Added support for wildcard certificates
- Added support for multi-domain certificates through the X509 Subject Alternative Name extension
2012-02-11 16:09:32 +00:00
Paul Bakker
fab5c829e7 - Added support for NULL cipher (POLARSSL_CIPHER_NULL_CIPHER) and weak ciphersuites (POLARSSL_ENABLE_WEAK_CIPHERSUITES). They are disabled by default! 2012-02-06 16:45:10 +00:00
Paul Bakker
3c18a830b3 - Made changes for 1.1.1 release 2012-01-23 09:44:43 +00:00
Paul Bakker
69e095cc15 - Changed the behaviour of x509parse_parse_crt for permissive parsing. Now returns the number of 'failed certificates' instead of having a switch to enable it.
- As a consequence all error code that were positive were changed. A lot of MALLOC_FAILED and FILE_IO_ERROR error codes added for different modules.
 - Programs and tests were adapted accordingly
2011-12-10 21:55:01 +00:00
Paul Bakker
18d32911c0 - Added internal ctr_drbg_init_entropy_len() to allow NIST determined entropy tests to work 2011-12-10 21:42:49 +00:00
Paul Bakker
c50132d4fa - Updated version of PolarSSL to 1.1.0 2011-12-05 14:38:36 +00:00
Paul Bakker
c0a1a319df - Moved test to entropy and CTR_DRBG 2011-12-04 17:12:15 +00:00
Paul Bakker
6c0ceb3f9a - Added permissive certificate parsing to x509parse_crt() and x509parse_crtfile(). With permissive parsing the parsing does not stop on encountering a parse-error 2011-12-04 12:24:18 +00:00
Paul Bakker
cb37aa5912 - Better buffer handling in mpi_read_file() 2011-11-30 16:00:20 +00:00
Paul Bakker
a3d195c41f - Changed the used random function pointer to more flexible format. Renamed havege_rand() to havege_random() to prevent mistakes. Lots of changes as a consequence in library code and programs 2011-11-27 21:07:34 +00:00
Paul Bakker
0e04d0e9a3 - Added CTR_DRBG based on AES-256-CTR (NIST SP 800-90) random generator 2011-11-27 14:46:59 +00:00
Paul Bakker
fae618fa8b - Updated tests to reflect recent changes 2011-10-12 11:53:52 +00:00
Paul Bakker
fa1c592860 - Fixed faulty HMAC-MD2 implementation (Fixes ticket #37) 2011-10-06 14:18:49 +00:00
Paul Bakker
968bc9831b - Preparations for v1.0.0 release of PolarSSL 2011-07-27 17:03:00 +00:00
Paul Bakker
46c1794110 - Split cipher test suite into three different sets
- Adapted test source code generation accordingly
2011-07-13 14:54:54 +00:00
Paul Bakker
26b41a8370 - Fixed compiler warning 2011-07-13 14:53:58 +00:00
Paul Bakker
eaf90d9a9c - Removed unused but initialized variables 2011-07-13 14:21:52 +00:00
Paul Bakker
36f1b197ca - Added test for PKCS#8 wrapped private and public keys 2011-07-13 11:32:29 +00:00
Paul Bakker
c65ab340a7 - Fixed error code 2011-06-09 15:44:37 +00:00
Paul Bakker
343a870daa - Expanded generic cipher layer with support for CTR and CFB128 modes of operation. 2011-06-09 14:27:58 +00:00
Paul Bakker
1ef71dffc7 - Updated unsignedness in some missed cases 2011-06-09 14:14:58 +00:00
Paul Bakker
cd43a0beec - Adjusted to use proper size_t arguments 2011-06-09 13:55:44 +00:00
Paul Bakker
828acb2234 - Updated for release 0.99-pre5 2011-05-27 09:25:42 +00:00
Paul Bakker
d7d8dbe3bf - Fixed two typos 2011-05-26 15:29:38 +00:00
Paul Bakker
c3f5656ff6 - Fixed dependency of MD4 and MD2 of POLARSSL_FS_IO 2011-05-26 14:38:05 +00:00
Paul Bakker
5690efccc4 - Fixed a whole bunch of dependencies on defines between files, examples and tests 2011-05-26 13:16:06 +00:00
Paul Bakker
02722ea867 - Added missing semicolon 2011-05-25 11:34:44 +00:00
Paul Bakker
2f5947e1f6 - Added mpi_get_bit() and mpi_set_bit() individual bit setter/getter functions. 2011-05-18 15:47:11 +00:00
Paul Bakker
9d781407bc - A error_strerror function() has been added to translate between error codes and their description.
- The error codes have been remapped and combining error codes is now done with a PLUS instead of an OR as error codes used are negative.
 - Descriptions to all error codes have been added.
 - Generation script for error.c has been created to automatically generate error.c from the available error definitions in the headers.
2011-05-09 16:17:09 +00:00
Paul Bakker
6c591fab72 - mpi_init() and mpi_free() only accept a single argument and do not accept variable arguments anymore. This prevents unexpected memory corruption in a number of use cases. 2011-05-05 11:49:20 +00:00
Paul Bakker
335db3f121 - Functions requiring File System functions can now be disables by undefining POLARSSL_FS_IO 2011-04-25 15:28:35 +00:00
Paul Bakker
f4a3f301fd - Updated for migration to size_t 2011-04-24 15:53:29 +00:00
Paul Bakker
a755ca1bbe - Renamed t_s_int, t_int and t_dbl to respectively t_sint, t_uint and t_udbl for clarity 2011-04-24 09:11:17 +00:00
Paul Bakker
23986e5d5d - Major type rewrite of int to size_t for most variables and arguments used for buffer lengths and loops 2011-04-24 08:57:21 +00:00
Paul Bakker
1be81a4e5f - Removed test for MD2 certificate as OpenSSL does not support it anymore 2011-04-23 14:46:28 +00:00
Paul Bakker
b6ecaf5276 - Added additional (configurable) cipher block modes. AES-CTR, Camellia-CTR, XTEA-CBC 2011-04-19 14:29:23 +00:00
Paul Bakker
3efa575ff2 - Ready for release 0.99-pre4 2011-04-01 12:23:26 +00:00
Paul Bakker
579923c51b - The config header file is now always included in all tests 2011-03-26 13:39:34 +00:00
Paul Bakker
be4e7dca08 - Debug print of MPI now removes leading zero octets and displays actual bit size of the value 2011-03-14 20:41:31 +00:00
Paul Bakker
b3dcbc18f6 - Made function resilient to endianness differences. 2011-03-13 16:57:25 +00:00
Paul Bakker
4cce2bbd5a - Renamed rnd_info structure to correct rnd_buf_info structure 2011-03-13 16:56:35 +00:00
Paul Bakker
997bbd10d8 - Removed dependency of tests on rand()
- Added pseudo-random helper function
2011-03-13 15:45:42 +00:00
Paul Bakker
9dcc32236b - Added support for PKCS#1 v2.1 encoding and thus support for the RSAES-OAEP and RSASSA-PSS operations (enabled by POLARSSL_PKCS1_V21) 2011-03-08 14:16:06 +00:00
Paul Bakker
345a6fee91 - Replaced function that fixes man-in-the-middle attack
- Added message to indicate inclusion of man-in-the-middle attack (Reported by Larry Highsmith, Subreption LLC)
 - Released version 0.99-pre3
2011-02-28 21:20:02 +00:00
Paul Bakker
1946e42dd4 - Made ready for 0.99-pre2 release 2011-02-25 09:39:39 +00:00
Paul Bakker
c43481aa82 - Release memory used 2011-02-20 16:34:26 +00:00
Paul Bakker
2544a04918 - Replaced with current value of the certificate after certificate replacement 2011-02-20 13:52:44 +00:00
Paul Bakker
400ff6f0fd - Corrected parsing of UTCTime dates before 1990 and after 1950
- Support more exotic OID's when parsing certificates
 - Support more exotic name representations when parsing certificates
 - Replaced the expired test certificates
2011-02-20 10:40:16 +00:00
Paul Bakker
96743fc5f5 - Parsing of PEM files moved to separate module (Fixes ticket #13). Also possible to remove PEM support for systems only using DER encoding
- Parsing PEM private keys encrypted with DES and AES are now supported (Fixes ticket #5)
 - Added tests for encrypted keyfiles
2011-02-12 14:30:57 +00:00
Paul Bakker
896b3be1d1 - Added proper dependencies 2011-02-06 13:12:25 +00:00
Paul Bakker
9fc4659b30 - Preparing for Release of 0.99 prerelease 1 2011-01-30 16:59:02 +00:00
Paul Bakker
bbf2f63e92 - Added missing dependency on POLARSSL_DEBUG_C 2011-01-21 10:51:24 +00:00
Paul Bakker
562535d11b - Split current md_starts() and md_hmac_starts() functionality into separate md_init_ctx() for allocating the context and the existing starts() functions to initialize the message digest for use. 2011-01-20 16:42:01 +00:00
Paul Bakker
5a62408629 - Fixed compiler warnings 2011-01-18 16:31:52 +00:00
Paul Bakker
76fd75a3de - Improved certificate validation and validation against the available CRLs 2011-01-16 21:12:10 +00:00
Paul Bakker
1f87fb6896 - Support for DES weak keys and parity bits added 2011-01-15 17:32:24 +00:00
Paul Bakker
f92d7a8c81 - Fixed faulty dependency in test 2011-01-15 17:05:17 +00:00
Paul Bakker
b63b0afc05 - Added verification callback in certificate verification chain in order to allow external blacklisting 2011-01-13 17:54:59 +00:00
Paul Bakker
8123e9d8f1 - Added generic cipher wrapper for integration with OpenVPN (donated by Fox-IT) 2011-01-06 15:37:30 +00:00
Paul Bakker
1737385e04 - Added generic message digest wrapper for integration with OpenVPN (donated by Fox-IT) 2011-01-06 14:20:01 +00:00
Paul Bakker
7c8fc71aea - Updated compile-time and run-time version number and test 2010-08-16 12:41:27 +00:00
Paul Bakker
a802e1ac10 - Updated to new rsa_init, rsa_gen_key prototypes 2010-08-16 11:56:45 +00:00
Paul Bakker
ebcef6d4e8 - Updated test to conform to new prototype of rsa_init, rsa_pkcs1_encrypt and rsa_gen_key 2010-08-16 11:10:49 +00:00
Paul Bakker
f0ba6a479a - Removed unused variable 2010-07-18 19:47:37 +00:00
Paul Bakker
a665685abf - Added rsa random deadlock test 2010-07-18 19:47:14 +00:00
Paul Bakker
545570e208 - Added initialization for RSA where needed 2010-07-18 09:00:25 +00:00
Paul Bakker
3ac1b2d952 - Added runtime and compiletime version information 2010-06-18 22:47:29 +00:00
Paul Bakker
baad6504d4 - Changed ARC4 to use seperate input/output buffer 2010-03-21 15:42:15 +00:00
Paul Bakker
f3ccc68100 - Fixed cipher interface for encrypt/decrypt functions 2010-03-18 21:21:02 +00:00
Paul Bakker
ff60ee6c2a - Added const-correctness to main codebase 2010-03-16 21:09:09 +00:00
Paul Bakker
9120018f3d - Added support for GeneralizedTime in X509 certificates 2010-02-18 21:26:15 +00:00
Paul Bakker
1f76115340 - Fixed bug resulting in failure to send the last certificate in the chain in ssl_write_certificate() and ssl_write_certificate_request() 2010-02-18 18:16:31 +00:00
Paul Bakker
c847f070e5 - Added extra test cases 2010-01-18 21:26:30 +00:00
Paul Bakker
c1f3caacf2 - Added config.h to requirements for testing 2009-10-04 15:25:48 +00:00
Paul Bakker
76791f7c32 - Rewrote sign and verify tests to handle missing algorithm definitions 2009-10-03 20:02:00 +00:00
Paul Bakker
46b8071641 - Added 'depends_on' for tests dependent on specific hash algorithms 2009-10-03 20:01:39 +00:00
Paul Bakker
c6ce838d8f - Better handling of extension parsing 2009-07-27 21:34:45 +00:00
Paul Bakker
2b222c830b - Changed interface for AES and Camellia setkey functions to indicate invalid key lengths. 2009-07-27 21:03:45 +00:00
Paul Bakker
33768bf19b - Created better DHM tests 2009-07-27 20:37:44 +00:00
Paul Bakker
e4ff413890 - Added extra coverage tests 2009-07-27 20:22:10 +00:00
Paul Bakker
345fb49cb7 - Added extra coverage and regression tests 2009-07-20 21:26:07 +00:00
Paul Bakker
6b0fa4f33b - Added extra regression and coverage tests for ASN parsing of CRL and Key data 2009-07-20 20:35:41 +00:00
Paul Bakker
38e2b482ff - Fixed typo in name of POLARSSL_ERR_RSA_OUTPUT_TOO_LARGE. 2009-07-19 20:41:06 +00:00
Paul Bakker
fc22c441bc - Renamed RSA_RAW to SIG_RSA_RAW for consistency in the code. 2009-07-19 20:36:27 +00:00
Paul Bakker
c26a189189 - Added extra X509 regression and coverage tests 2009-07-19 20:30:14 +00:00
Paul Bakker
b2c38f54b4 - Added a lot of ASN1 Certificate parsing tests 2009-07-19 19:36:15 +00:00
Paul Bakker
94101362e8 - Added test for larger that 64 byte hmac-md2 key 2009-07-19 19:35:51 +00:00
Paul Bakker
821fb08b53 - Added extra tests (result of coverage) 2009-07-12 13:26:42 +00:00
Paul Bakker
4d6b31a999 - Added extra certificates and tests 2009-07-12 11:11:06 +00:00
Paul Bakker
ba48cb2fee - Added and modified tests (result from coverage) 2009-07-12 11:01:32 +00:00
Paul Bakker
71d59fb4b4 - Added extra tests (result from coverage) 2009-07-12 11:00:55 +00:00
Paul Bakker
9863ca5001 - Added non-OpenSSL HMAC-MD2 hashes. They seem to be correct and OpenSSL wrong 2009-07-11 20:42:12 +00:00
Paul Bakker
69998dd2c8 - Made code compliant with ISO99 (no-declaration-after-statement) 2009-07-11 19:15:20 +00:00
Paul Bakker
5946fd9124 - Added further coverage tests for Base64 2009-07-11 15:29:30 +00:00
Paul Bakker
37940d9ff6 - Added test coverage for X509parse
- Fixed segfault in rsa_check_privkey() and rsa_check_pubkey() and added test
2009-07-10 22:38:58 +00:00
Paul Bakker
5c60de2beb - Added preliminary test cases for DHM 2009-07-08 19:47:36 +00:00
Paul Bakker
f725a88e54 - Added test suite for XTEA 2009-07-08 06:43:10 +00:00
Paul Bakker
42a29bf7bf - Added test suite for RSA and PKCS#1 2009-07-07 20:18:41 +00:00
Paul Bakker
e896feafbe - Added additional cases for MPI, MDx
- Added test case set for Camellia, DES and 3-DES
2009-07-06 06:40:23 +00:00
Paul Bakker
f3eedce885 - Added shax_file tests and data files
- Added tests for shax self_test()
2009-07-05 11:30:16 +00:00
Paul Bakker
3d36082a8d - Added test for self_test() 2009-07-05 11:29:38 +00:00
Paul Bakker
367dae44b2 - Added CMake makefiles as alternative to regular Makefiles.
- Added preliminary Code Coverage tests for AES, ARC4, Base64, MPI, SHA-family, MD-family and  HMAC-SHA-family.
2009-06-28 21:50:27 +00:00