Commit graph

4977 commits

Author SHA1 Message Date
Robert Cragie 45feb6ef20 Add support for AES-128-CMAC and AES-CMAC-PRF-128 2016-10-13 13:51:07 +01:00
Janos Follath 0be2b01a6b Add safety check to sample mutex implementation
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.

This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-10-13 13:51:07 +01:00
Andres AG 42547d0cf7 Set selftest verbose flag to boost coverage 2016-10-13 13:48:48 +01:00
Andres AG 84c46db746 Fix scripts to support multiple openssl and gnutls 2016-10-13 13:48:48 +01:00
Andres AG 94d73b0b0a Add config macro for min bytes hw entropy 2016-10-13 13:48:48 +01:00
Andres AG ba66e8958d Add new config.h that does not need entropy source 2016-10-13 13:48:48 +01:00
Andres AG 3616f6f261 Rename net.{c,h} to net_sockets.{c,h}
The library/net.c and its corresponding include/mbedtls/net.h file are
renamed to library/net_sockets.c and include/mbedtls/net_sockets.h
respectively. This is to avoid naming collisions in projects which also
have files with the common name 'net'.
2016-10-13 13:48:48 +01:00
Simon Butcher 77d779e8bb Update for ChangeLog for fixes for cert_app 2016-10-13 13:48:48 +01:00
Paul Bakker 2d6599284f Do not add empty cert / key in cert_app 2016-10-13 13:46:04 +01:00
Paul Bakker e9bdaa251f Actually apply debug_level settings in cert_app 2016-10-13 13:46:04 +01:00
Simon Butcher 1c8b33ad19 Merge branch 'development' 2016-10-13 13:40:41 +01:00
Simon Butcher bb42068a91 Merge branch 'development-restricted'
Conflicts:
	ChangeLog
2016-10-13 13:33:29 +01:00
Janos Follath e709f7c9e0 Fix global variable shadowing 2016-10-13 13:20:12 +01:00
Simon Butcher e019296ab7 Fix stdio redirection memory leak in test suites 2016-10-13 10:03:08 +01:00
Simon Butcher edf2a3fba7 Fix stdio redirection memory leak in test suites 2016-10-13 09:59:46 +01:00
Simon Butcher 4d69ecd9cb Added credit to Changelog for fix #558 2016-10-13 00:32:28 +01:00
Janos Follath ef44178474 Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 00:25:07 +01:00
Simon Butcher f6e3b9e8b2 Clarified Changelog for fix #602 2016-10-12 19:52:38 +01:00
Andres AG 821da84ff9 Fix documentation for mbedtls_gcm_finish()
Fix implementation and documentation missmatch for the function
arguments to mbedtls_gcm_finish(). Also, removed redundant if condition
that always evaluates to true.
2016-10-12 19:49:41 +01:00
Simon Butcher 3a5e070982 Updated Changelog for fix #599 2016-10-12 16:46:48 +01:00
Andres AG 776a6fcd1a Fix 1 byte overread in mbedtls_asn1_get_int() 2016-10-12 16:43:37 +01:00
Andres AG d5766f62e4 Fix typo in docs for mbedtls_x509write_csr_der() 2016-10-12 15:32:54 +01:00
Janos Follath 99d09d2747 Fix memory leaks in CMAC tests 2016-10-12 15:32:54 +01:00
Andres AG c4424c0a69 Fix memory leak in test_suite_cmac.function 2016-10-12 15:32:53 +01:00
Andres AG cd153278eb Fix typo in docs for mbedtls_x509write_csr_der() 2016-10-12 14:39:39 +01:00
Janos Follath d444358247 Fix memory leaks in CMAC tests 2016-10-12 14:31:01 +01:00
Andres AG 8abc6b86f9 Fix memory leak in test_suite_cmac.function 2016-10-12 00:40:16 +01:00
Janos Follath b48c8ac45d Add safety check to sample mutex implementation
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.

This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-10-12 00:36:31 +01:00
Andres AG c47857dbf4 Add seed cmdline arg to test scripts 2016-10-12 00:36:31 +01:00
Janos Follath 1aae658d76 Add safety check to sample mutex implementation
Due to inconsistent freeing strategy in pkparse.c the sample mutex
implementation in threading.c could lead to undefined behaviour by
destroying the same mutex several times.

This fix prevents mutexes from being destroyed several times in the
sample threading implementation.
2016-10-12 00:32:17 +01:00
Andres AG 7770ea82d5 Add seed cmdline arg to test scripts 2016-10-12 00:32:17 +01:00
Simon Butcher 5a74d26006 Added credit to Changelog for X.509 DER bounds fix 2016-10-11 14:09:10 +01:00
Andres AG e0af995f12 Add test for bounds in X509 DER write funcs 2016-10-11 14:07:48 +01:00
Andres AG 60dbc93831 Add missing bounds check in X509 DER write funcs
This patch adds checks in both mbedtls_x509write_crt_der and
mbedtls_x509write_csr_der before the signature is written to buf
using memcpy().
2016-10-11 14:07:48 +01:00
Janos Follath e3d882ad4a Remove unnecessary flag from CMAC context 2016-10-11 13:38:36 +01:00
Simon Butcher 851ae29a5d Revise Changelog to clarify and add credit 2016-10-11 12:28:04 +01:00
Janos Follath 8ca53b51c5 Fix minor style issues in test framework 2016-10-11 12:25:34 +01:00
Simon Butcher 2573136fa8 Fix to test output in test suites
Fixes the test suites to consistently use mbedtls_fprintf to output to
stdout or stderr.

Also redirects output from the tests to /dev/null to avoid confusing
output if the test suite code or library outputs anything to stdout.
2016-10-11 12:25:34 +01:00
Simon Butcher bd8d221920 Fix exit and formatting in CMAC test suite
Minor fixes following review.
2016-10-11 12:25:04 +01:00
Simon Butcher 53da6ae842 Add CMAC test suite to CMakeLists.txt 2016-10-11 12:25:04 +01:00
Simon Butcher 33183fd408 Extend test coverage of CMAC
Expands tests to include NULL tests and successive calls to
mbedtls_cipher_cmac_update() and mbedtls_cipher_cmac_reset().
2016-10-11 12:25:04 +01:00
Simon Butcher 6b0774ab1a Fix issues in CMAC in repeated updates
Successive calls to mbedtls_cipher_cmac_update() which weren't block aligned
were failing, which is fixed by this commit.
2016-10-11 12:25:04 +01:00
Simon Butcher b98eaff408 Revise Changelog to clarify and add credit 2016-10-11 10:13:52 +01:00
Simon Butcher df6c3e8e48 Merge branch 'iotssl-825-double-free-quickfix'
Conflicts:
	ChangeLog
2016-10-11 00:07:14 +01:00
Simon Butcher f77309cb35 Update Changelog for fixes to X.509 sample apps 2016-10-10 09:05:26 +01:00
Simon Butcher 203a6934e7 Add extra compilation conditions to X.509 samples
The sample applications programs/pkey/cert_req.c and
programs/pkey/cert_write.c use the library functions
mbedtls_pk_write_csr_pem() and mbedtls_pk_write_crt_pem() respectively which
are dependent on the configuration option MBEDTLS_PEM_WRITE_C. If the option
isn't defined the build breaks.

This change adds the compilation condition MBEDTLS_PEM_WRITE_C to these
sample application.
2016-10-10 09:05:26 +01:00
Janos Follath 23bdca0d63 Fix an x509 compatibility issue
Certificates with unsupported algorithms in the certificate chain
prevented verification even if a certificate before the unsupported
ones was already trusted.

We change the behaviour to ignoring every certificate with unknown
(unsupported) signature algorithm oid when parsing the certificate
chain received from the peer.
2016-10-07 16:12:50 +01:00
Janos Follath 9fe6f92561 Add SHA1 guards in dh_client.c and dh_server.c
The build breaked for configurations not having MBEDTLS_SHA1_C.
2016-10-07 14:17:56 +01:00
Simon Butcher 420be4ea04 Fix bracketing in cmac.c
The bracketing in some expressions where an assignment was being made in an if statement in cmac.c had been accidentally broken and was causing compiler warnings with armcc.
2016-10-07 12:55:43 +01:00
Simon Butcher f73fd701c0 Update Changelog for fix #559 2016-10-07 11:17:44 +01:00