Simon Butcher
c1d54bb7b2
Update library version to 1.3.18
2016-10-17 23:40:14 +01:00
Simon Butcher
2261f198ee
Merge branch 'mbedtls-1.3'
2016-10-17 16:09:06 +01:00
Andres AG
0da3e44fea
Add check for validity of date in x509_get_time()
2016-10-13 17:00:01 +01:00
Janos Follath
bfcd032f9d
Restore P>Q in RSA key generation ( #558 )
...
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.
This commit restores this behaviour.
2016-10-13 12:54:33 +01:00
Andres AG
f527609849
Add test for bounds in X509 DER write funcs
2016-10-13 12:45:08 +01:00
Andres AG
4bfbd6b542
Fix skipped test dependency in x509parse
...
Replace MBEDTLS_ with POLARSSL_ in the test dependency for x509parse,
otherwise tests are always skipped because dependencies are never
satisfied.
2016-10-13 12:44:19 +01:00
Simon Butcher
8b82d20321
Add missing dependencies to X509 Parse test suite for P-384 curve
...
The test script curves.pl was failing on testing dependencies for the P-384
curve on the new test cases introduced by ede75f0
and 884b4fc
.
2016-10-13 12:44:19 +01:00
Janos Follath
486c4f9a33
X509: Future CA among trusted: add more tests
2016-10-13 12:43:11 +01:00
Janos Follath
c35f458d94
X509: Future CA among trusted: add unit tests
2016-10-13 12:43:11 +01:00
Janos Follath
3072458ec3
Restore P>Q in RSA key generation ( #558 )
...
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.
This commit restores this behaviour.
2016-10-13 09:27:18 +01:00
Andres AG
a5a7f8d464
Fix skipped test dependency in x509parse
...
Replace MBEDTLS_ with POLARSSL_ in the test dependency for x509parse,
otherwise tests are always skipped because dependencies are never
satisfied.
2016-07-15 17:19:10 +01:00
Simon Butcher
463129b7f7
Add missing dependencies to X509 Parse test suite for P-384 curve
...
The test script curves.pl was failing on testing dependencies for the P-384
curve on the new test cases introduced by ede75f0
and 884b4fc
.
2016-07-15 13:05:31 +01:00
Janos Follath
aeff929a5a
X509: Future CA among trusted: add more tests
2016-07-14 13:26:19 +01:00
Janos Follath
e6bf97995b
X509: Future CA among trusted: add unit tests
2016-07-14 13:26:13 +01:00
Simon Butcher
4f7b13bd79
Changed library version number to 1.3.17
2016-06-27 19:37:31 +01:00
Simon Butcher
65e79fae53
Merge branch 'mbedtls-1.3'
2016-05-18 20:11:17 +01:00
Janos Follath
bc68e9c087
Add tests to cover PKCS1 v1.5 signature functions.
...
The reported memory leak should have been spotted by
make memcheck
But it wasn't. Keeping the tests for better coverage.
2016-05-18 20:08:16 +01:00
Janos Follath
6483af8e42
Fix the broken pkcs1 v1.5 test.
...
The random buffer handed over to the test function was too small
and the remaining bytes were generated by the default (platform
dependant) function.
2016-05-18 19:58:40 +01:00
Janos Follath
8eeecd0444
Fix the backport of pkcs1 v1.5 test suite.
...
The test suite was not properly backported and it remained unnoticed,
because it was not compile due to the change in the naming of the
compile time requirements.
2016-05-18 19:58:40 +01:00
Janos Follath
7244ecf52e
Add tests for the bug IOTSSL-619.
...
The main goal with these tests is to test the bug in question and
they are not meant to test the entire PKCS#1 v1.5 behaviour. To
achieve full test coverage, further test cases are needed.
2016-05-18 19:58:40 +01:00
Simon Butcher
e9f842782b
Adds test for odd bit length RSA key size
...
Also tidy up ChangeLog following review.
2016-04-19 10:02:43 +01:00
Janos Follath
d74aa47380
Remove unused code from PKCS1v15 test suite
2016-04-18 10:12:05 +01:00
Simon Butcher
f20ab8941f
Add missing config dependencies to PKCS1 V15 tests
2016-04-13 01:41:49 +01:00
Janos Follath
8970fd6ab9
Add tests to cover PKCS1 v1.5 signature functions.
...
The reported memory leak should have been spotted by
make memcheck
But it wasn't. Keeping the tests for better coverage.
2016-04-12 16:44:30 +01:00
Janos Follath
afe799f2eb
Fix the broken pkcs1 v1.5 test.
...
The random buffer handed over to the test function was too small
and the remaining bytes were generated by the default (platform
dependant) function.
2016-03-16 11:11:16 +00:00
Janos Follath
53eb0d1f5a
Fix the backport of pkcs1 v1.5 test suite.
...
The test suite was not properly backported and it remained unnoticed,
because it was not compile due to the change in the naming of the
compile time requirements.
2016-03-16 10:26:12 +00:00
Janos Follath
f1225eaffc
Add tests for the bug IOTSSL-619.
...
The main goal with these tests is to test the bug in question and
they are not meant to test the entire PKCS#1 v1.5 behaviour. To
achieve full test coverage, further test cases are needed.
2016-03-01 22:28:31 +00:00
Janos Follath
2db440d2f1
Improved on the previous fix and added a test case to cover both types
...
of carries.
2016-01-08 15:22:05 +01:00
Janos Follath
ff5317e99b
Improved on the fix of #309 and extended the test to cover subroutines.
2016-01-08 15:19:14 +01:00
Janos Follath
87f1494809
Tests and fix added for #309 (inplace mpi doubling).
2016-01-08 15:18:03 +01:00
Simon Butcher
84181adae8
Change version number to 1.3.16
...
Changed version for library files and yotta module
2016-01-04 22:49:30 +00:00
Manuel Pégourié-Gonnard
6ad4f65780
Add test case for root with max_pathlen=0
...
This was already working but not tested so far
(Test case from previous commit still failing.)
Test certificates generated with:
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key
programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \
issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
selfsign=1 max_pathlen=0
programs/x509/cert_write serial=92 output_file=cert92.crt \
issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK"
mv cert9?.crt tests/data_files/dir4
rm cert9?.key
2015-11-19 12:02:29 +01:00
Manuel Pégourié-Gonnard
c058074836
Add test case for first intermediate max_pathlen=0
...
!!! This test case is currently failing !!!
(See fix in next-next commit.)
Test certificates generated with the following script:
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key
programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"
mv cert8?.crt tests/data_files/dir4
rm cert8?.key
2015-11-19 12:01:11 +01:00
Simon Butcher
1f4e08c979
Changed version number to 1.3.15
...
Changed for library
2015-11-05 15:44:46 +00:00
Manuel Pégourié-Gonnard
28e1ac5cab
Use own implementation of strsep()
...
Not available on windows, and strtok() is not a good option
2015-11-02 06:50:46 +09:00
Manuel Pégourié-Gonnard
1da232df97
Use symbolic constants in test data
2015-10-30 09:39:42 +01:00
Janos Follath
3d98a7eee3
Additional corner cases for testing pathlen constrains. Just in case.
...
backport of ef4f258
2015-10-28 18:20:43 +01:00
Janos Follath
189c743d3e
Added test case for pathlen constrains in intermediate certificates
...
backport of 822b2c3
2015-10-28 18:15:48 +01:00
Manuel Pégourié-Gonnard
f093bde91e
Bump version to 1.3.14
2015-10-05 19:06:46 +01:00
Manuel Pégourié-Gonnard
df048c59cf
Bump version to 1.3.13
2015-09-17 11:53:14 +02:00
Manuel Pégourié-Gonnard
8f63e95dae
Fix typos that made tests be skipped
2015-09-01 18:44:47 +02:00
Manuel Pégourié-Gonnard
1c38550bbd
Skip to trusted certs early in the chain
...
This helps in the case where an intermediate certificate is directly trusted.
In that case we want to ignore what comes after it in the chain, not only for
performance but also to avoid false negatives (eg an old root being no longer
trusted while the newer intermediate is directly trusted).
see #220
backport of fdbdd72
2015-09-01 18:34:15 +02:00
Manuel Pégourié-Gonnard
15f1088ef6
Add tests for verify callback
...
As we're about to change the chain construction logic, we want to make sure
the callback will still be called exactly when it should, and not on the
(upcoming) ignored certs in the chain.
backport of 560fea3
2015-09-01 18:29:59 +02:00
Manuel Pégourié-Gonnard
5efed09c5f
Fix possible unlock before lock in RSA
...
Backport of 1385a28
and 4d04cdc
see #257
2015-08-31 10:21:10 +02:00
Manuel Pégourié-Gonnard
ce11699cf2
Fix pkwrite test that were failing on mingw32
...
Apparently fread() writes some junk after the contents of the file. Don't look
at it.
2015-08-19 10:20:25 +02:00
Paul Bakker
3edec6c4ed
Prepare for 1.3.12 release
2015-08-11 13:22:10 +01:00
Manuel Pégourié-Gonnard
b5d77d3fd9
Accept a trailing space at end of PEM lines
...
With certs being copy-pasted from webmails and all, this will probably become
more and more common.
2015-08-10 12:01:50 +02:00
Manuel Pégourié-Gonnard
6c3ccf5fd0
Fix thread-safety issue in debug.c
...
Closes #203
2015-06-29 18:52:57 +02:00
Paul Bakker
19eef51487
Prepare for 1.3.11 release
2015-06-04 14:49:19 +02:00
Manuel Pégourié-Gonnard
770b5e1e9e
Fix missing NULL check in MPI
2015-04-29 17:02:01 +02:00