lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-11-23 00:02:39 +03:00
Code Activity
16,864 Commits 176 Branches 276 Tags
938dc19ef22e951a06af98979c337e5ea5bc90dd
Commit Graph

5634 Commits

Author SHA1 Message Date
Werner Lewis
938dc19ef2 Add auxiliary ECP comparison function 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-15 12:57:48 +01:00
Werner Lewis
55a3285faf Add test case for mbedtls_ecp_set_zero 
Tests function with various ECP point conditions, covering freshly
initialized, zeroed, non-zero, and freed points.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-08 17:24:24 +01:00
Werner Lewis
df336842a9 Use upper case for bignum string comparison 
Test data which is compared as a hex string now uses upper case to
match output of mbedtls_mpi_write_string() output. This removes usage
of strcasecmp().

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-01 15:57:06 +01:00
Werner Lewis
d487776a61 Remove radix from added test cases 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-01 15:57:06 +01:00
Werner Lewis
3d52e445cc Fix formatting in bignum test functions 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-01 15:57:06 +01:00
Werner Lewis
3e005f3efc Remove remaining bignum radix args 
Functions which are not covered by script, changes made to use radix
16.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-01 15:57:06 +01:00
Werner Lewis
955a0bb18f Remove radix arg from bignum tests 
Cases where radix was explictly declared are removed in most cases,
replaced using script. bignum arguments are represented as hexadecimal
strings. This reduces clutter in test data and makes bit patterns
clearer.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-01 15:57:06 +01:00
Werner Lewis
24b6078306 Remove radix arg from mbedtls_test_read_mpi 
All uses have radix argument removed, using script.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-01 15:57:02 +01:00
Tom Cosgrove
c71bc7b7d3 Fix typographical errors in .md files found by cspell 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-07-29 13:54:52 +01:00
Tuvshinzaya Erdenekhuu
e63492aeea Add missing break 
In ''int execute_tests( int argc , const char ** argv )'' function,
switch case is missing break statement.

Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-07-20 15:18:55 +01:00
Dave Rodgman
fe9d08fd12 Bump version 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-11 10:43:55 +01:00
Dave Rodgman
df275c4227 Merge remote-tracking branch 'restricted/mbedtls-2.28-restricted' into mbedtls-2.28.1rc0-pr 2022-07-11 10:42:55 +01:00
Andrzej Kurek
c87d97b2ac Rearrange the session resumption code 
Previously, the transforms were populated before extension
parsing, which resulted in the client rejecting a server
hello that contained a connection ID.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 06:43:00 -04:00
Manuel Pégourié-Gonnard
e3954e36d9 Merge pull request #5997 from gilles-peskine-arm/storage-format-doc-202206-2.28 
Backport 2.28: Documentation about storage format compatibility
 2022-07-01 12:21:21 +02:00
Ronald Cron
0ae1c1c49c Merge pull request #5991 from gilles-peskine-arm/asn1write-0-fix-2.28 
Backport 2.28: Improve ASN.1 write tests
 2022-06-30 15:42:31 +02:00
Gilles Peskine
3d96ea1e4c Add warnings to test code and data about storage format stability 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 13:57:27 +02:00
Gilles Peskine
d97de551e4 Don't call memcpy(NULL, 0) which has undefined behavior 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 11:04:48 +02:00
Gilles Peskine
96b8d31ef6 ASN.1: test that we can parse what we can write 
In asn1_write tests, when there's a parsing function corresponding to the
write function, call it and check that it can parse what we wrote.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 11:04:48 +02:00
Gilles Peskine
53875878b8 Fix copypasta in test data 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 11:04:48 +02:00
Gilles Peskine
53785928fa ASN.1 write tests: test with larger buffer 
Test with the output buffer size up to *and including* the expected output
size plus one. `... < expected->len + 1` was evidently a mistake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 11:04:48 +02:00
Gilles Peskine
bb34feea0d Fix bug whereby 0 was written as 0200 rather than 020100 
0200 is not just non-DER, it's completely invalid, since there has to be a
sign bit.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 11:04:48 +02:00
Gilles Peskine
62f217b180 Add MPI write tests when the MPI object has a leading zero limb 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 11:04:48 +02:00
Gilles Peskine
4269185aa1 Fix mismatch between test data and test description 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 11:04:48 +02:00
Gilles Peskine
7f56783a0a Uncomment mbedtls_asn1_write_mpi tests with leading 1 bit 
mbedtls_asn1_write_mpi() correctly handles the sign bit, so there's no
reason not to test that it's handled correctly.

Fix copypasta in test data that was commented out.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 11:04:48 +02:00
Gilles Peskine
06c5e929ba Merge pull request #5863 from wernerlewis/csr_subject_comma_2.28 
[Backport 2.28] Fix output of commas and other special characters in X509 DN values
 2022-06-28 21:00:47 +02:00
Gilles Peskine
c9529f9649 Fix null pointer dereference in mpi_mod_int(0, 2) 
Fix a null pointer dereference when performing some operations on zero
represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or
mbedtls_mpi_write_string() in base 2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 14:48:44 +02:00
Dave Rodgman
4118092105 Merge pull request #5825 from polhenarejos/mbedtls-2.28 
Backport 2.28: Fix for order value for curve448
 2022-06-27 13:47:31 +01:00
Werner Lewis
1421efa25e Fix case where final special char exceeds buffer 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 12:04:43 +01:00
Manuel Pégourié-Gonnard
d80d8a40ee Add negative tests for opaque mixed-PSK (server) 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:04:31 +02:00
Manuel Pégourié-Gonnard
a49a00cc24 Add negative tests for opaque mixed-PSK (client) 
ssl_client2.c used to check that we force a ciphersuite that worked;
that would have prevented testing so I removed it. The library should be
robust even when the application tries something that doesn't work.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:04:31 +02:00
Manuel Pégourié-Gonnard
938be422c6 Add negative test for Opaque key & static ECDH 
That's actually the only non-PSK key exchange that needs to be
negative-tested: all the other key exchanges are either positive-tested
or use RSA, for which we can't even create opaque keys in this branch.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:04:31 +02:00
Przemyslaw Stekiel
b3de3fd68c ssl-opt.sh: adapt paramteters of key opaque cases 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-20 21:04:31 +02:00
Przemyslaw Stekiel
331c3421d1 Address review comments 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-20 21:04:31 +02:00
Przemyslaw Stekiel
5b6c4c9552 add client/server opaque test 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-20 21:04:31 +02:00
Przemyslaw Stekiel
ab09c9eb79 Add key_opaque option to ssl_server2.c + test 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-20 21:04:31 +02:00
Werner Lewis
9a2356b190 Add tests for exceeded buffer size 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-17 16:45:24 +01:00
Dave Rodgman
46b5cb553a Add test-case for checking curve order 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-06-17 13:46:45 +01:00
Andrzej Kurek
719c723afc test_suite_ssl: Use a zero fragment offset in a test with a too short record 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-17 07:37:49 -04:00
Andrzej Kurek
3c036f54cc Add missing test dependencies for cookie parsing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-17 07:37:27 -04:00
Andrzej Kurek
33f41a8fa8 Add the mbedtls prefix to ssl_check_dtls_clihlo_cookie 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-17 07:37:02 -04:00
Andrzej Kurek
862acb8403 Add cookie parsing tests to test_suite_ssl 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-17 07:36:42 -04:00
Werner Lewis
02c9d3b9c2 Fix parsing of special chars in X509 DN values 
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-08 14:38:38 +01:00
Paul Elliott
7e163d796c Merge pull request #5893 from AndrzejKurek/ssl-opt-client-kill-fix-2.28 
[Backport 2.28] Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell
 2022-06-08 14:26:42 +01:00
Dave Rodgman
ce02537b0c Merge pull request #5828 from wernerlewis/time_utc_2.28 
[Backport 2.28] Use ASN1 UTC tags for dates before 2000
 2022-06-08 13:55:38 +01:00
Andrzej Kurek
d27cdcc16f Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell 
When executing eval in the background, the next "$!" gives the
eval PID, not the ssl-client2 pid. This causes problems when
a client times out and the script tries to kill it. Instead, it
kills the parent eval call.
This caused problems with subsequent proxy tests receiving
old packets from a client from a previous test.
Moving the "&" to inside the eval call fixes the problem.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-06 15:12:55 -04:00
Werner Lewis
1b54a05f77 Use ASN1 UTC tags for dates before 2000 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-01 16:28:10 +01:00
Gilles Peskine
3afb7c33d5 Update PSA compliance test branch 
Update to a branch with a fix for the test case
"expected error for psa_raw_key_agreement - Small buffer size"
since we just fixed the corresponding bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-18 16:25:39 +02:00
Gilles Peskine
47cfdfd452 Use TEST_LE_U in some places where it applies 
Systematically replace "TEST_ASSERT( $x <= $y )" by "TEST_LE_U( $x, $y )" in
test_suite_psa_crypto. In this file, all occurrences of this pattern are
size_t so unsigned.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-17 16:29:50 +02:00
Gilles Peskine
063700d612 New test helper macros TEST_LE_U, TEST_LE_S 
Test assertions for integer comparisons that display the compared values on
failure. Similar to TEST_EQUAL.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-17 16:26:29 +02:00
Gilles Peskine
d0d777e6bc Separate the validation of the size macros and of the function 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-17 16:26:29 +02:00