Hanno Becker
ba5b755f1a
Change signature and semantics of mbedtls_rsa_deduce_moduli
...
Input arguments are marked as constant. Further, no double-checking is performed when a factorization of the modulus has
been found.
2017-10-02 09:55:49 +01:00
Simon Butcher
83ce8201dc
Update ChangeLog for fix to #836
2017-09-30 23:39:46 +01:00
Hanno Becker
2f38a43d3a
Enhance documentation of ssl_write_hostname_ext, adapt ChangeLog.
...
Add a reference to the relevant RFC, adapt ChangeLog.
2017-09-30 23:35:21 +01:00
Hanno Becker
f5f9d11acc
Enhance documentation of mbedtls_ssl_set_hostname
...
(1) Add missing error condition
(2) Specify allowance and effect of of NULL hostname parameter
(3) Describe effect of function on failure
2017-09-30 23:35:12 +01:00
Hanno Becker
39f5d359f5
Make mbedtls_ssl_set_hostname safe to be called multiple times
...
Zeroize and free previously set hostnames before overwriting
them. Also, allow clearance of hostname by providing NULL parameter.
2017-09-30 23:35:02 +01:00
Hanno Becker
713fe7f66c
Add test case calling ssl_set_hostname twice
...
Add a test case calling ssl_set_hostname twice to test_suite_ssl.
When run in CMake build mode ASan, this catches the current leak,
but will hopefully be fine with the new version.
2017-09-30 23:34:52 +01:00
Ron Eldor
376f7f5fe1
Fix typo in configs/README.txt file
...
Fix typo in Readme file: ajust->adjust
2017-09-30 21:37:59 +01:00
Xinyu Chen
00afe1c046
Correct the printf message of the DTLS handshake.
...
Make it consistent with dtls_server.c
2017-09-30 09:52:38 +01:00
Hanno Becker
08a36dde80
Unify naming schemes for RSA keys
2017-09-29 20:05:23 +01:00
Hanno Becker
b4274210a4
Improve documentation in pkparse.c
...
State explicitly that `pk_parse_pkcs8_undencrypted_der` and `pk_parse_key_pkcs8_encrypted_der` are not responsible for
zeroizing and freeing the provided key buffer.
2017-09-29 19:18:51 +01:00
Hanno Becker
f04111f5c5
Fix typo
2017-09-29 19:18:42 +01:00
Gilles Peskine
5b7ee07ff6
Cleaned up get_line for test data files
...
Look, ma, a use for do...while!
Also removed 1-3 calls to strlen.
2017-09-29 18:00:25 +02:00
Hanno Becker
56bae95e1d
Improve style and documentation, fix typo
2017-09-29 15:43:49 +01:00
Gilles Peskine
26182edd0c
Allow comments in test data files
2017-09-29 15:45:12 +02:00
Hanno Becker
4b2f691691
Doxygen: Use typewriter font for variables in rsa.h documentation
2017-09-29 13:36:54 +01:00
Hanno Becker
ed20361321
Increase readability of Doxygen output
...
Multiple lists were not properly recognized as such.
2017-09-29 13:34:25 +01:00
Hanno Becker
91c194dabb
Add and document an RSA-specific error code for unsupported exports
...
E.g., a private key on an external chip might not be exportable to RAM.
2017-09-29 12:50:12 +01:00
Hanno Becker
bead71752e
Correct typo in rsa.c
2017-09-29 12:41:06 +01:00
Hanno Becker
e1582a832b
Add expectation when testing RSA key import/export
...
This commit adds a flag to the RSA import/export tests indicating whether it is
expected that a full RSA keypair can be set up from the provided parameters.
Further, the tests of `mbedtls_rsa_import` and `mbedtls_rsa_import_raw` are
expanded to perform key checks and an example encryption-decryption.
2017-09-29 11:54:05 +01:00
Hanno Becker
4d6e83406c
Improve readability of test for mbedtls_rsa_import
2017-09-29 11:54:05 +01:00
Hanno Becker
5063cd2cca
Deprecate direct manipulation of structure fields in RSA context
2017-09-29 11:54:05 +01:00
Hanno Becker
ba1ba11a98
Check that length is properly set in mbedtls_rsa_check_pubkey
2017-09-29 11:54:05 +01:00
Hanno Becker
2f8f06aa25
Don't always recompute context length in mbedtls_rsa_get_len
...
This commit changes the implementation of `mbedtls_rsa_get_len` to return
`ctx->len` instead of always re-computing the modulus' byte-size via
`mbedtls_mpi_size`.
2017-09-29 11:54:05 +01:00
Hanno Becker
54cfc585cd
Add test cases for mbedtls_rsa_import[_raw] where N is missing
2017-09-29 11:54:05 +01:00
Hanno Becker
2cca6f3290
Always deduce N from P, Q in mbedtls_rsa_complete
...
Previously, a parameter set of (-, P, Q, -, E) was completed, but (-, P, Q, D,
E) wasn't - this is odd.
2017-09-29 11:54:05 +01:00
Hanno Becker
041a6b030f
Adapt ChangeLog
2017-09-28 14:52:26 +01:00
Hanno Becker
cc56628117
Don't use all_final as a target in tests/data_files/Makefile
...
The `neat` target in that Makefile assumes all_final to be a concatenation of
file names.
2017-09-26 16:21:19 +01:00
Ron Eldor
8b766218a8
Update ChangeLog
...
Update ChangeLog according to Andres seggestion
2017-09-24 15:44:56 +03:00
Ron Eldor
2981a0a740
Address Andres PR comments
...
Address Andres' comments in the PR
2017-09-24 15:41:09 +03:00
Jaeden Amero
1526330931
Allow alternate implementation of GCM
...
Provide the ability to use an alternative implementation of GCM in place
of the library-provided implementation.
2017-09-22 17:42:44 +01:00
Hanno Becker
6428f8d78e
Let ssl-opt.sh gracefully fail is SSL_MAX_CONTENT_LEN is not 16384
...
Some tests in ssl-opt.sh require MBEDTLS_SSL_MAX_CONTENT_LEN to be set to its
default value of 16384 to succeed. While ideally such a dependency should not
exist, as a short-term remedy this commit adds a small check that will at least
lead to graceful exit if that assumption is violated.
2017-09-22 16:58:50 +01:00
Hanno Becker
d8a6f7cfbe
Clarify code-paths in x509write_csr and x509write_crt
2017-09-22 16:05:43 +01:00
Hanno Becker
a20e33ad59
Use X509 CRT version macros for version checks in x509write_crt_der
2017-09-22 15:40:01 +01:00
Hanno Becker
7f3652ddf1
Fix error code printing in cert_write
...
Error codes can consume up to two bytes, but only one was printed so far.
2017-09-22 15:39:02 +01:00
Hanno Becker
38eff43791
Use X509 CRT version macros in cert_write program
2017-09-22 15:38:20 +01:00
Hanno Becker
e1b1d0af8e
Fix senseless comment
2017-09-22 15:35:16 +01:00
Hanno Becker
930025da6d
Adapt ChangeLog
2017-09-18 16:12:28 +01:00
Florin
0b7b83fd91
Fixed SIGSEGV problem when writing with ssl_write_real a buffer that is over MBEDTLS_SSL_MAX_CONTENT_LEN bytes
...
Signed-off-by: Florin <petriuc.florin@gmail.com>
2017-09-18 16:11:42 +01:00
Hanno Becker
2b187c4d5f
Correct typo
2017-09-18 16:11:42 +01:00
Hanno Becker
09930d1f01
Add expected number of fragments to 16384-byte packet tests
2017-09-18 16:11:42 +01:00
Hanno Becker
c526696c05
Add tests for messages beyond 16384 bytes to ssl-opt.sh
...
This commit adds four tests to ssl-opt.sh testing the library's behavior when
`mbedtls_ssl_write` is called with messages beyond 16384 bytes. The combinations
tested are TLS vs. DTLS and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH enabled vs. disabled.
2017-09-18 16:11:42 +01:00
Hanno Becker
4aed27e469
Add missing test-dependencies for MBEDTLS_SSL_MAX_FRAGMENT_LENGTH
...
The tests for the maximum fragment length extension were lacking a dependency on
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH being set in the config.
2017-09-18 16:11:42 +01:00
Hanno Becker
e4ad3e8803
Allow requests of size larger than 16384 in ssl_client2
2017-09-18 16:11:42 +01:00
Hanno Becker
5175ac6e13
Add tests for disabled MFL-extension to all.sh
...
This commit adds a build with default config except
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH to all.sh, as well as a run of the MFL-related
tests in ssl-opt.sh.
2017-09-18 16:11:39 +01:00
Andres Amaya Garcia
01692531c6
Document code silently discarding invalid records
2017-09-14 20:20:31 +01:00
Andres Amaya Garcia
f569f701c2
Fix ChangeLog entry
2017-09-14 20:20:21 +01:00
Andres Amaya Garcia
06fc6650f4
Add ChangeLog entry
2017-09-14 20:20:15 +01:00
Andres Amaya Garcia
2fad94b193
Dont send alert on invalid DTLS record type
...
Do not send fatal alerts when receiving a record with an invalid header
while running DTLS as this is not compliant behaviour.
2017-09-14 20:18:37 +01:00
Hanno Becker
d4a872ee67
Rename internal MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG
...
This commit renames the test-only flag MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG to make it more transparent
that it's an internal flag, and also to content the testscript tests/scripts/check-names.pl which previously complained
about the macro occurring in a comment in `entropy.c` without being defined in a library file.
2017-09-14 08:04:13 +01:00
Hanno Becker
45037ceac5
Add check for presence of relevant parameters in mbedtls_rsa_private
...
If CRT is used, check for the presence N, P, Q, D, E, DP, DQ and QP. If CRT is
not used, check for N, P, Q, D, E only.
2017-09-14 08:02:14 +01:00