Gilles Peskine
b46f1bd451
Fix too small buffer in a test
2019-02-22 11:30:14 +01:00
Gilles Peskine
0efa8567d8
Add changelog entry for mbedtls_ecdh_get_params robustness
2019-02-21 18:17:05 +01:00
Gilles Peskine
f58078c7c5
Fix ecdh_get_params with mismatching group
...
If mbedtls_ecdh_get_params is called with keys belonging to
different groups, make it return an error the second time, rather than
silently interpret the first key as being on the second curve.
This makes the non-regression test added by the previous commit pass.
2019-02-21 18:17:05 +01:00
Gilles Peskine
496c9e053d
Add test case for ecdh_get_params with mismatching group
...
Add a test case for doing an ECDH calculation by calling
mbedtls_ecdh_get_params on both keys, with keys belonging to
different groups. This should fail, but currently passes.
2019-02-21 18:17:05 +01:00
Gilles Peskine
390bbd08f7
Add test case for ecdh_calc_secret
...
Add a test case for doing an ECDH calculation by calling
mbedtls_ecdh_get_params on both keys, then mbedtls_ecdh_calc_secret.
2019-02-21 18:16:55 +01:00
Jaeden Amero
f054f8b3dc
Merge remote-tracking branch 'origin/pr/2384' into mbedtls-2.7
2019-02-21 12:00:43 +00:00
Andres Amaya Garcia
493a0dc333
Clarify 3DES changes in ChangeLog
2019-02-19 21:07:03 +00:00
Antonin Décimo
8fd9156a4a
Fix #2370 , minor typos and spelling mistakes
2019-02-18 15:57:54 +00:00
Ron Eldor
de0c841b94
Use certificates from data_files and refer them
...
Use the server certificate from `data_files` folder, for formality,
and refer to the source, for easier reproduction.
2019-02-13 16:00:07 +02:00
Andres Amaya Garcia
b7c22ecc74
Fix documentation for 3DES removal
2019-02-13 10:00:02 +00:00
Andres Amaya Garcia
0a0e5b12a9
Exclude 3DES tests in test scripts
2019-02-13 09:59:06 +00:00
Andres Amaya Garcia
f9b2ed062f
Fix wording of ChangeLog and 3DES_REMOVE docs
2019-02-13 09:53:59 +00:00
Andres Amaya Garcia
21ade06ef8
Reduce priority of 3DES ciphersuites
2019-02-13 09:52:46 +00:00
Ron Eldor
664623ebbc
Specify server certificate to use in SHA-1 test
...
Specify the SHA-1 server certificate to use in the SHA-1 test,
because now the default certificates use SHA256 certificates.
2019-02-12 15:39:42 +02:00
ILUXONCHIK
be3d1ee4ac
refactor CA and SRV certificates into separate blocks
2019-02-12 15:38:22 +02:00
ILUXONCHIK
231385568e
refactor SHA-1 certificate defintions and assignment
...
As per refactoring suggestion that I made in #1520 .
2019-02-12 15:38:12 +02:00
ILUXONCHIK
62f9aec184
refactor server SHA-1 certificate definition into a new block
2019-02-12 15:38:03 +02:00
ILUXONCHIK
e3be6723b0
define TEST_SRV_CRT_RSA_SOME in similar logic to TEST_CA_CRT_RSA_SOME
2019-02-12 15:37:48 +02:00
ILUXONCHIK
4d8325eceb
server SHA-256 certificate now follows the same logic as CA SHA-256 certificate
2019-02-12 15:37:39 +02:00
ILUXONCHIK
5d45f8c54e
add entry to ChangeLog
2019-02-12 15:35:04 +02:00
Andres Amaya Garcia
fc547ffb92
Add ChangeLog entry for unused bits in bitstrings
2019-02-11 21:10:55 +00:00
Andres Amaya Garcia
e730ff68ee
Improve docs for ASN.1 bitstrings and their usage
2019-02-11 21:10:55 +00:00
Andres Amaya Garcia
abb7622d08
Add tests for (named) bitstring to suite_asn1write
2019-02-11 21:10:55 +00:00
Andres Amaya Garcia
04ee5e0bbd
Fix ASN1 bitstring writing
...
Refactor the function mbedtls_asn1_write_bitstring() that removes
trailing 0s at the end of DER encoded bitstrings. The function is
implemented according to Hanno Becker's suggestions.
This commit also changes the functions x509write_crt_set_ns_cert_type
and crt_set_key_usage to call the new function as the use named
bitstrings instead of the regular bitstrings.
2019-02-11 21:10:48 +00:00
k-stachowiak
0fd3021204
Update change log
2019-02-11 09:41:23 +01:00
Peter Kolbus
16015ddd59
all.sh: Test MBEDTLS_MPI_WINDOW_SIZE=1
...
There were no tests for a non-default MPI window size. Add one.
Change-Id: Ic08fbc9161d0b3ee67eb3c91f9baf602646c9dfe
2019-02-05 16:42:45 +01:00
Peter Kolbus
f5d153daf0
Fix DEADCODE in mbedtls_mpi_exp_mod()
...
In mbedtls_mpi_exp_mod(), the limit check on wsize is never true when
MBEDTLS_MPI_WINDOW_SIZE is at least 6. Wrap in a preprocessor guard
to remove the dead code and resolve a Coverity finding from the
DEADCODE checker.
Change-Id: Ice7739031a9e8249283a04de11150565b613ae89
2019-02-05 16:42:27 +01:00
k-stachowiak
4d2982091b
Correct code formatting in the timing test suites
2019-02-05 10:03:31 +01:00
k-stachowiak
16373da579
Apply imperiative style in the changelog entry
2019-02-05 10:03:20 +01:00
Christian Walther
5d662dc018
Add ChangeLog entry
2019-01-31 19:21:24 +02:00
Christian Walther
42aa453de8
Fix private DER output shifted by one byte.
2019-01-31 19:20:37 +02:00
Jaeden Amero
bdc807dbe8
Merge remote-tracking branch 'origin/pr/2343' into mbedtls-2.7
2019-01-30 15:45:15 +00:00
Jaeden Amero
9033e541a6
Merge remote-tracking branch 'origin/pr/2234' into mbedtls-2.7
2019-01-30 15:29:00 +00:00
Jaeden Amero
d3841737e9
Merge remote-tracking branch 'origin/pr/2356' into mbedtls-2.7
2019-01-30 14:55:35 +00:00
Jaeden Amero
18fe25614a
Merge remote-tracking branch 'origin/pr/2359' into mbedtls-2.7
2019-01-30 14:47:22 +00:00
Hanno Becker
a34cc6b1c6
Correct length check for DTLS records from old epochs.
...
DTLS records from previous epochs were incorrectly checked against the
current epoch transform's minimal content length, leading to the
rejection of entire datagrams. This commit fixed that and adapts two
test cases accordingly.
Internal reference: IOTSSL-1417
2019-01-30 15:07:09 +01:00
k-stachowiak
523d2d23b8
Improve wording in the ChangeLog
2019-01-29 12:55:28 +01:00
k-stachowiak
9368113607
Reduce the timing tests complexity
2019-01-29 12:54:10 +01:00
Simon Butcher
d09324ac58
Merge remote-tracking branch 'public/pr/2264' into mbedtls-2.7
2019-01-23 10:58:08 +01:00
Simon Butcher
32331305dd
Merge remote-tracking branch 'public/pr/1797' into mbedtls-2.7
2019-01-23 10:56:40 +01:00
Simon Butcher
12b60bc702
Merge remote-tracking branch 'public/pr/2341' into mbedtls-2.7
2019-01-23 09:53:29 +01:00
Simon Butcher
c5b6c2f877
Merge remote-tracking branch 'public/pr/2296' into mbedtls-2.7
2019-01-23 09:51:48 +01:00
Jeffrey Martin
f7fe144082
update ChangLog credit
...
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-16 09:26:15 -06:00
Jeffrey Martin
55ab90d40e
update ChangLog per comments
...
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-15 09:02:14 -06:00
Jeffrey Martin
44fbf91f01
Backport #1949 into mbedtls-2.7
...
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-14 18:13:06 -06:00
Hanno Becker
6950ebb31f
Document psk_list
parameter of ssl_server2 example program
2019-01-14 09:27:04 +00:00
Gilles Peskine
9f55364ec7
Rename test_memcheck to test_valgrind
...
Valgrind is what it does. `memcheck` is how it's implemented.
2019-01-10 18:29:37 +01:00
Gilles Peskine
ff7238f4ad
Support wildcard patterns with a positive list of components to run
...
Wildcard patterns now work with command line COMPONENT arguments
without --except as well as with. You can now run e.g.
`all.sh "check_*` to run all the sanity checks.
2019-01-10 18:29:37 +01:00
Gilles Peskine
30bc385124
Add missing protection on __aeabi_uldiv check under --keep-going
...
Partial backport of 2adb375c50
"Add option to avoid 64-bit multiplication"
2019-01-10 18:29:37 +01:00
Gilles Peskine
c780095901
Delete $OUT_OF_SOURCE_DIR under --force even without Yotta
...
The deletion of "$OUT_OF_SOURCE_DIR" had mistakenly been lumped
together with Yotta.
2019-01-10 18:29:37 +01:00