Commit graph

4062 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 56941fe6a2 Fix possible close_notify/ClientHello confusion
The ssl-opt.sh test cases using session resumption tend to fail occasionally
on the CI due to a race condition in how ssl_server2 and ssl_client2 handle
the reconnection cycle.

The server does the following in order:
- S1 send application data
- S2 send a close_notify alert
- S3 close the client socket
- S4 wait for a "new connection" (actually a new datagram)
- S5 start a handshake

The client does the following in order:
- C1 wait for and read application data from the server
- C2 send a close_notify alert
- C3 close the server socket
- C4 reset session data and re-open a server socket
- C5 start a handshake

If the client has been able to send the close_notify (C2) and if has been
delivered to the server before if closes the client socket (S3), when the
server reaches S4, the datagram that we start the new connection will be the
ClientHello and everything will be fine.

However if S3 wins the race and happens before the close_notify is delivered,
in S4 the close_notify is what will be seen as the first datagram in a new
connection, and then in S5 this will rightfully be rejected as not being a
valid ClientHello and the server will close the connection (and go wait for
another one). The client will then fail to read from the socket and exit
non-zero and the ssl-opt.sh harness will correctly report this as a failure.

In order to avoid this race condition in test using ssl_client2 and
ssl_server2, this commits introduces a new command-line option
skip_close_notify to ssl_client2 and uses it in all ssl-opt.sh tests that use
session resumption with DTLS and ssl_server2.

This works because ssl_server2 knows how many messages it expects in each
direction and in what order, and closes the connection after that rather than
relying on close_notify (which is also why there was a race in the first
place).

Tests that use another server (in practice there are two of them, using
OpenSSL as a server) wouldn't work with skip_close_notify, as the server won't
close the connection until the client sends a close_notify, but for the same
reason they don't need it (there is no race between receiving close_notify and
closing as the former is the cause of the later).

An alternative approach would be to make ssl_server2 keep the connection open
until it receives a close_notify. Unfortunately it creates problems for tests
where we simulate a lossy network, as the close_notify could be lost (and the
client can't retransmit it). We could modify udp_proxy with an option to never
drop alert messages, but when TLS 1.3 comes that would no longer work as the
type of messages will be encrypted.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2020-02-26 09:33:45 +01:00
Piotr Nowicki 95e9eb8d91 Add test for renegotiation in DTLS
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-02-25 14:15:00 +01:00
Piotr Nowicki 6a7f01c237 Add test with sending application data via DTLS
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
2020-02-25 14:10:15 +01:00
Jaeden Amero 20b3a68e70
Merge pull request #3042 from AndrzejKurek/dtls-handshake-serialization
Dtls handshake serialization test
2020-02-24 14:56:00 +04:00
Janos Follath 6fc816ae7c
Merge pull request #3038 from gilles-peskine-arm/align-crypto-programs
Side-port from crypto: programs/
2020-02-24 10:36:39 +00:00
Andrzej Kurek da2b67806b
Add a dtls handshake test with context serialization
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2020-02-24 04:56:53 -05:00
Jaeden Amero a08e699afc
Merge pull request #3036 from AndrzejKurek/dtls-handshake-tests
DTLS handshake tests
2020-02-21 15:18:52 +04:00
Gilles Peskine 9ab9621511 Move 3rdparty mentions to a separate line
This makes it easier to merge changes related to adding or removing
3rdparty items.

No semantic change.
2020-02-19 20:13:29 +01:00
Janos Follath 84d2fd4ee2 Bump version to Mbed TLS 2.21.0 2020-02-19 14:35:16 +00:00
Janos Follath cf4a40ba0a
Merge pull request #370 from yanesca/update-version-2.21.0
Bump version to Mbed TLS 2.21.0
2020-02-19 14:21:11 +00:00
Janos Follath bc7c2424c9 Bump version to Mbed TLS 2.21.0 2020-02-19 11:51:13 +00:00
Manuel Pégourié-Gonnard 9bbe328752 Test each failure mode of pk_parse_key_pkcs1_der()
(Only the top-level ones, ie, for each call to eg asn1_get_mpi(), ensure
there's at least one test case that makes this call fail in one way, but don't
test the various ways to make asn1_get_mpi fail - that should be covered
elsewhere.)

- the new checks added by the previous commits needed exercising
- existing tests sometimes had wrong descriptions or where passing for the
  wrong reason (eg with the "length mismatch" test, the function actually
failed before reaching the length check)
- while at it, add tests for the rest as well

The valid minimal-size key was generated with:

openssl genrsa 128 2>/dev/null | openssl rsa -outform der 2>/dev/null | xxd -p
2020-02-18 10:31:29 +01:00
Manuel Pégourié-Gonnard b65370f97d Clean up test function pk_parse_key
- remove incorrect compile-time dependency (the individual cases already have
  correct run-time dependency information)
- remove unused argument
- remove unused stack buffer
- remove useless code block
2020-02-18 10:18:43 +01:00
Andrzej Kurek 941962eb91 Add DTLS handshake tests for the mocked ssl test suite
Starting with TLS 1.1
2020-02-12 09:18:19 -05:00
Andrzej Kurek 15daf50b05 Parametrize the endpoint init and free to prepare for DTLS tests 2020-02-12 09:17:52 -05:00
Gilles Peskine 765d240ca6 Test component with malloc(0) returning NULL: run some ssl tests 2020-02-11 19:26:28 +01:00
Gilles Peskine c4ef7a9de3 Add a test component with malloc(0) returning NULL
Exercise the library functions with calloc returning NULL for a size
of 0. Make this a separate job with UBSan (and ASan) to detect
places where we try to dereference the result of calloc(0) or to do
things like

    buf = calloc(size, 1);
    if (buf == NULL && size != 0) return INSUFFICIENT_MEMORY;
    memcpy(buf, source, size);

which has undefined behavior when buf is NULL at the memcpy call even
if size is 0.

This is needed because other test components jobs either use the system
malloc which returns non-NULL on Linux and FreeBSD, or the
memory_buffer_alloc malloc which returns NULL but does not give as
useful feedback with ASan (because the whole heap is a single C
object).
2020-02-11 19:26:28 +01:00
Jaeden Amero 7cb47de12a query_config: Move to programs/test
As the SSL programs, like ssl_client2 and ssl_server2, are dependent on
SSL and therefore about to be removed, the only consumer of query_config
is the query_compile_time_config test. As such, it makes sense to move
query_config to be next to what uses it.
2020-02-11 19:26:27 +01:00
Manuel Pégourié-Gonnard 4c08dd4e71
Merge pull request #2852 from gilles-peskine-arm/2.19-fix-full-Os
Fix and test the full config with gcc and clang
2020-02-11 09:17:02 +01:00
Andrzej Kurek 1a44a159ef Change the order of endpoint initialization steps
Wrong order caused the `protected_record_size` to be of wrong size, hence
causing the server to receive a malformed message in case of a DTLS test.
2020-02-10 03:53:49 -05:00
Andrzej Kurek f46b9128b6 Change test queue errors to SSL_WANT_WRITE and SSL_WANT_READ
Simulate real behavior better, so that higher abstraction layers know when
the buffers are empty and full.
2020-02-10 03:53:49 -05:00
Piotr Nowicki c3fca5e876 Add tests with sending application data to test_suite_ssl 2020-02-07 09:14:04 +01:00
Manuel Pégourié-Gonnard 4d8c836cdc
Merge pull request #346 from gilles-peskine-arm/mpi_copy_shrink
Improve robustness and testing of mbedtls_mpi_copy
2020-02-06 09:52:01 +01:00
Janos Follath f317dc4918
Merge pull request #350 from gilles-peskine-arm/asn1-tests-parse_prefixes-trailing_garbage
test_suite_asn1parse: improve testing of trailing garbage in parse_prefixes
2020-02-05 15:40:22 +00:00
Jaeden Amero c64eb63aaa
Merge pull request #3021 from AndrzejKurek/handshake-tests
Handshake tests with mocked I/O callbacks
2020-02-05 13:50:20 +00:00
Andrzej Kurek cc5169ce32 Add a PSK test to the mocked ssl handshake tests 2020-02-05 07:26:19 -05:00
Gilles Peskine 5da20cc569
Merge pull request #3023 from gilles-peskine-arm/config-crypto
Add crypto-only preset configurations
2020-02-05 11:17:56 +01:00
Andrzej Kurek f40daa3f05 Add version & ciphersuite tests to ssl handshake
Add tests exercising various protocol versions and ciphersuites
in the mocked ssl handshake.
2020-02-04 09:00:01 -05:00
Janos Follath 148c3deba1
Merge pull request #3018 from mpg/fix-ssl-opt-gnutls-no-sha1
Fix ssl-opt.sh for GnuTLS versions rejecting SHA-1
2020-02-04 11:18:04 +00:00
Gilles Peskine ec10bf1385 Test GCC and Clang with common build options
Goals:
* Build with common compilers with common options, so that we don't
  miss a (potentially useful) warning only triggered with certain
  build options.
* A previous commit removed -O0 test jobs, leaving only the one with
  -m32. We have inline assembly that is disabled with -O0, falling
  back to generic C code. This commit restores a test that runs the
  generic C code on a 64-bit platform.
2020-02-03 19:52:36 +01:00
Gilles Peskine 6ec0f0f6d0 Replace -O0 by -O1 or -Os in most components
Gcc skips some analyses when compiling with -O0, so we may miss
warnings about things like uninitialized variables.
2020-02-03 19:52:36 +01:00
Gilles Peskine 2579675935 Merge remote-tracking branch 'upstream-public/development' into development
Files deleted by us: keep them deleted.

```
git rm $(git status -s | sed -n 's/^DU //p')
```

Individual files with conflicts:

* `README.md`: keep the crypto version.
* `doxygen/input/doc_mainpage.h`: keep the crypto version (with an obsolete Mbed Crypto version number).
* `include/mbedtls/error.h`:
    * `ERROR`: similar additions made through parallel commits, with only whitespace differences. Align with the tls version.
* `library/CMakeLists.txt`: keep the crypto version.
* `library/Makefile`: keep the crypto version.
* `scripts/generate_errors.pl`: keep the crypto version (the relevant changes were made through parallel commits).
* `tests/scripts/check-test-cases.py`:
    * `Results`: keep the crypto version, which has both the new argument to the constructor (added in crypto only) and the class docstring (added through parallel commits).
* `tests/suites/helpers.function`:
    * `ARRAY_LENGTH`, `ASSERT_ALLOC`: additions in the same location. Keep both, in indifferent order.
* `tests/suites/target_test.function`:
    * `receive_uint32`: keep the crypto version which has an additional bug fix. The tls changes made in tls are irrelevant after this bug fix.
* `visualc/VS2010/mbedTLS.vcxproj`: run `scripts/generate_visualc_files.pl`.

Review of non-conflicting changes:

* `all.sh`: 1 change.
    * zlib test components: don't add them.
* `include/CMakeLists.txt`: 1 change.
    * `target_include_directories`: doesn't work as is (different target name). Don't take the change.
* All other non-conflicting changes: take them.
2020-02-03 18:52:36 +01:00
Gilles Peskine a9da093617 shrink tests: clearer description 2020-02-03 16:18:30 +01:00
Gilles Peskine 9a6ecee4de Move test functions from Lilliput to Blefuscu
We normally represent bignums in big-endian order and there is no
reason to deviate here.
2020-02-03 16:15:47 +01:00
Janos Follath 2fdb1af18c
Merge pull request #2236 from andresag01/iotssl-2156-deprecate-sslv3
Deprecate SSLv2 parsing and SSLv3
2020-02-03 15:11:33 +00:00
Gilles Peskine 6bb3915e96 Always use "-O1 -Werror" in crypto-only test builds
Pass -Werror because any compiler warning would be suspicious. Pass
-O1 because at -O0, gcc doesn't do as much analysis.
2020-02-03 11:59:20 +01:00
Andrzej Kurek b29807413e Refactor certificates and keys in ssl handshake mock tests
Let the caller decide what certificates and keys are loaded (EC/RSA)
instead of loading both for the server, and an unspecified one 
for the client. Use only DER encoding.
2020-02-02 19:25:26 -05:00
Hanno Becker 199b709e53 ASN.1: Add ASN.1 SEQUENCE traversal API 2020-01-31 15:37:26 +00:00
Hanno Becker 12ae27dd0e ASN.1: Introduce helper function to free ASN.1 sequence 2020-01-31 15:37:26 +00:00
Gilles Peskine ec541fe0a1 Add test components for crypto-only builds
For each of the crypto-only presets, run the build and check that the
resulting libmbedx509 and libmbedtls are empty.

Don't bother testing, because for each crypto-only preset, another
component builds that plus the x509 and tls parts and tests
everything.
2020-01-31 15:14:18 +01:00
Gilles Peskine f4e672ec9e Add missing compilation guards in test suite
Fix the build when MBEDTLS_USE_PSA_CRYPTO is set but
MBEDTLS_X509_CSR_WRITE_C is not.
2020-01-31 14:22:10 +01:00
Manuel Pégourié-Gonnard 03035eb943 Stop testing ssl3 when it isn't enabled
We already have a specific component in all.sh for testing SSLv3, we don't
need to also test it in components that aren't specifically about it.

Previously config.py full enabled SSLv3, but it no longer does since it is
deprecated.
2020-01-31 12:40:36 +01:00
Gilles Peskine 7cfcb3fc03 Change the encoding of key types to have a parity bit
Change the encoding of key types, EC curve families and DH group
families to make the low-order bit a parity bit (with even parity).

This ensures that distinct key type values always have a Hamming
distance of at least 2, which makes it easier for implementations to
resist single bit flips.
2020-01-31 10:24:21 +01:00
Gilles Peskine 7d7c8dc8b0 Test parsing invalid key type in storage 2020-01-31 10:24:21 +01:00
Gilles Peskine f65ed6f254 Change key types to a 16-bit encoding
All key types now have an encoding on 32 bits where the bottom 16 bits
are zero. Change to using 16 bits only.

Keep 32 bits for key types in storage, but move the significant
half-word from the top to the bottom.

Likewise, change EC curve and DH group families from 32 bits out of
which the top 8 and bottom 16 bits are zero, to 8 bits only.

Reorder psa_core_key_attributes_t to avoid padding.
2020-01-31 10:24:21 +01:00
Gilles Peskine b87b719467 Remove old values of curve encodings
Remove the values of curve encodings that are based on the TLS registry
and include the curve size, keeping only the new encoding that merely
encodes a curve family in 8 bits.

Keep the old constant names as aliases for the new values and
deprecate the old names.
2020-01-31 10:24:21 +01:00
Gilles Peskine 80d26fb56f Switch psa_crypto tests to the new curve encoding 2020-01-31 10:24:21 +01:00
Gilles Peskine 89177e862b Convert USE_PSA_CRYPTO pk interface to the new PSA EC curve encoding 2020-01-31 10:15:32 +01:00
Gilles Peskine 33b1c69908 pk tests: USE_PSA_CRYPTO: test several curves 2020-01-31 10:15:32 +01:00
Gilles Peskine 85f47c9d69 pk tests: USE_PSA_CRYPTO: test attributes of the PSA key 2020-01-31 10:15:32 +01:00
Gilles Peskine 45c29ce4c0 Move size-specific curve/group constants to crypto_compat.h 2020-01-31 10:15:32 +01:00
Gilles Peskine 228abc5773 Define EC curve family constants
Define constants for ECC curve families and DH group families. These
constants have 0x0000 in the lower 16 bits of the key type.

Support these constants in the implementation and in the PSA metadata
tests.

Switch the slot management and secure element driver HAL tests to the
new curve encodings. This requires SE driver code to become slightly
more clever when figuring out the bit-size of an imported EC key since
it now needs to take the data size into account.

Switch some documentation to the new encodings.

Remove the macro PSA_ECC_CURVE_BITS which can no longer be implemented.
2020-01-31 10:15:32 +01:00
Gilles Peskine 025fccdc32 Change the encoding of EC curves and DH groups to include the size
Change the representation of psa_ecc_curve_t and psa_dh_group_t from
the IETF 16-bit encoding to a custom 24-bit encoding where the upper 8
bits represent a curve family and the lower 16 bits are the key size
in bits. Families are based on naming and mathematical similarity,
with sufficiently precise families that no two curves in a family have
the same bit size (for example SECP-R1 and SECP-R2 are two different
families).

As a consequence, the lower 16 bits of a key type value are always
either the key size or 0.
2020-01-31 10:15:32 +01:00
Gilles Peskine 4295e8b9c5 Rework PSA curve to mbedlts group id conversion
Don't rely on the bit size encoded in the PSA curve identifier, in
preparation for removing that.

For some inputs, the error code on EC key creation changes from
PSA_ERROR_INVALID_ARGUMENT to PSA_ERROR_NOT_SUPPORTED or vice versa.
There will be further such changes in subsequent commits.
2020-01-31 10:15:32 +01:00
Gilles Peskine 7bfcfac164 Change key type encodings to avoid bit 16
Key types are now encoded through a category in the upper 4 bits (bits
28-31) and a type-within-category in the next 11 bits (bits 17-27),
with bit 16 unused and bits 0-15 only used for the EC curve or DH
group.

For symmetric keys, bits 20-22 encode the block size (0x0=stream,
0x3=8B, 0x4=16B).
2020-01-31 10:15:32 +01:00
Piotr Nowicki 2a1f178d7c Add test for prescribed states of handshake with the custom IO callbacks 2020-01-31 10:06:04 +01:00
Manuel Pégourié-Gonnard ead19fecf9
Merge pull request #2975 from mpg/add-zlib-tests-dev
Add zlib tests and fix runtime bug
2020-01-31 09:22:24 +01:00
Manuel Pégourié-Gonnard bc4da29d06 De-duplicate SHA1-independent test in ssl-opt.sh
The splitting of this test into two versions depending on whether SHA-1 was
allowed by the server was a mistake in
5d2511c4d4 - the test has nothing to do with
SHA-1 in the first place, as the server doesn't request a certificate from
the client so it doesn't matter if the server accepts SHA-1 or not.
2020-01-30 12:45:14 +01:00
Gilles Peskine 88e08464f5 Add dedicated test cases for psa_hash_compare
psa_hash_compare is tested for good cases and invalid-signature cases
in hash_compute_compare. Also test invalid-argument cases. Also run a
few autonomous test cases with valid arguments.
2020-01-30 12:27:14 +01:00
Gilles Peskine 29eb80d26c Remove some spurious dependencies on MBEDTLS_SHA256_C 2020-01-30 12:27:14 +01:00
Gilles Peskine 1fb7aea9b3 Add command line option to hide warnings 2020-01-30 12:27:14 +01:00
Gilles Peskine 7b8efaffaa Add missing dependencies on MBEDTLS_MD_C
The PSA implementations of deterministic ECDSA, of all RSA signatures
and of RSA OAEP use the MD module.
2020-01-30 12:27:14 +01:00
Gilles Peskine aead02cce9 Remove obsolete dependencies on MBEDTLS_MD_C
The PSA implementation of hash algorithms, HMAC algorithms and KDF
algorithms using HMAC no longer use the MD module.
2020-01-30 12:27:14 +01:00
Gilles Peskine 0a749c8fa3 Implement and test psa_hash_compute, psa_hash_compare 2020-01-30 12:27:12 +01:00
Jaeden Amero 79ef1d4e55
Merge pull request #2987 from AndrzejKurek/iotssl-2958-datagram-transport-simulated
Message transport mocks in ssl tests
2020-01-30 10:23:27 +00:00
Manuel Pégourié-Gonnard 77cbeff04c Fix ssl-opt.sh for GnuTLS versions rejecting SHA-1
While the whole script makes (often implicit) assumptions about the version of
GnuTLS used, generally speaking it should work out of the box with the version
packaged on our reference testing platform, which is Ubuntu 16.04 so far.

With the update from Jan 8 2020 (3.4.10-4ubuntu1.6), the patches for rejecting
SHA-1 in certificate signatures were backported, so we should avoid presenting
SHA-1 signed certificates to a GnuTLS peer in ssl-opt.sh.
2020-01-30 11:22:57 +01:00
Manuel Pégourié-Gonnard f712e163b0
Merge pull request #179 from mpg/sha512-no-sha384
Add option to build SHA-512 without SHA-384
2020-01-30 10:32:20 +01:00
Janos Follath 8b38978b85
Merge pull request #349 from gilles-peskine-arm/coverity-20200115-crypto
Fix minor defects found by Coverity
2020-01-29 15:05:11 +00:00
Janos Follath ba1150f822 Merge pull request #2995 from gilles-peskine-arm/coverity-20200115-tls into development 2020-01-29 14:51:24 +00:00
Jaeden Amero bfc73bcfd2
Merge pull request #2988 from piotr-now/iotssl-2954-custom-io-callbacks-to-ssl-unit-test
Changes in custom IO callbacks used in unit tests
2020-01-28 14:46:13 +00:00
Piotr Nowicki d796e19d3b Fix memory allocation fail in TCP mock socket
Because two buffers were aliased too early in the code, it was possible that
after an allocation failure, free() would be called twice for the same pointer.
2020-01-28 13:04:21 +01:00
Manuel Pégourié-Gonnard f2e2902c5a Add detection for zlib headers to all.sh 2020-01-24 10:44:13 +01:00
Manuel Pégourié-Gonnard 342d2ca9ab Add test for record compression in ssl-opt.sh
Deprecated but still needs to be tested.
2020-01-24 10:44:13 +01:00
Manuel Pégourié-Gonnard 95e04490fa Add all.sh components with ZLIB enabled
ZLIB support is deprecated, but until it's removed it should still be tested.
2020-01-24 10:44:13 +01:00
Piotr Nowicki 890b5ca330 Change non-blocking read/write in TCP mock socket
Previously mocked non-blocking read/write was returning 0 when buffer was empty/full. That was causing ERR_SSL_CONN_EOF error in tests which was using these mocked callbacks. Beside that non-blocking read/write was returning ERR_SSL_WANT_READ/_WRITE depending on block pattern set by test design. Such behavior forced to redesign of these functions so that they could be used in other tests
2020-01-22 14:15:17 +01:00
Piotr Nowicki fb437d72ef Fix segmentation fault in mbedtls_test_buffer
This error occurs when free space in the buffer is in the middle (the buffer has come full circle) and function mbedtls_test_buffer_put is called. Then the arguments for memcpy are calculated incorrectly and program ends with segmentation fault
2020-01-22 13:25:36 +01:00
Andrzej Kurek bc483dea84 Add a message-based socket mock connection to the ssl tests
The connection will send/receive full messages.
2020-01-22 06:38:03 -05:00
Andrzej Kurek 13719cdae4 Add a message metadata queue in ssl tests
Add a metadata queue that will be used on top of the ring buffer callbacks.
Add normal and negative tests.
2020-01-22 06:36:39 -05:00
Andrzej Kurek f7774146b6 ssl test suite: enable dropping bytes from buffer
Add an option to not pass any buffer to mbedtls_test_buffer_get to drop data.
2020-01-22 06:34:59 -05:00
Gilles Peskine 95c893d17f More systematic handling of trailing garbage in parse_prefixes
Before, the string to parse may contain trailing garbage (there was
never more than one byte), and there was a separate argument
indicating the length of the content. Now, the string to parse is the
exact content, and the test code runs an extra test step with a
trailing byte added.
2020-01-21 21:29:37 +01:00
Gilles Peskine ef4183858a Document how tested prefix lengths are chosen 2020-01-21 21:29:37 +01:00
Gilles Peskine 9c673233bc Fix outcome file leak if execute_tests exits early
If there was a fatal error (bizarre behavior from the standard
library, or missing test data file), execute_tests did not close the
outcome file. Fix this.
2020-01-21 18:03:56 +01:00
Gilles Peskine 84984ae220 Add missing return code check on calls to mbedtls_md() 2020-01-21 16:52:08 +01:00
Gilles Peskine 9018b11302 Check that mbedtls_mpi_grow succeeds 2020-01-21 16:30:53 +01:00
Gilles Peskine 292672eb12 If ASSERT_ALLOC_WEAK fails, mark the test as skipped, not passed
This was the intended behavior of ASSERT_ALLOC_WEAK all along, but
skipping was not implemented yet when ASSERT_ALLOC_WEAK was
introduced.
2020-01-21 16:20:04 +01:00
Gilles Peskine 42a1acfd0e get_len_step: Fix end-of-buffer calculation when buffer_size==0
Fix get_len_step when buffer_size==0. The intent of this test is to
ensure (via static or runtime buffer overflow analysis) that
mbedtls_asn1_get_len does not attempt to access beyond the end of the
buffer. When buffer_size is 0 (reached from get_len when parsing a
1-byte buffer), the buffer is buf[1..1] because allocating a 0-byte
buffer might yield a null pointer rather than a valid pointer. In this
case the end of the buffer is p==buf+1, not buf+buffer_size which is
buf+0.

The test passed because calling mbedtls_asn1_get_len(&p,end,...) with
end < p happens to work, but this is not guaranteed.
2020-01-21 16:12:07 +01:00
Janos Follath 2e9f108fbd Bump version to Mbed TLS 2.20.0 2020-01-21 14:08:26 +00:00
Gilles Peskine 7428b45126 Better coverage for copy and swap
Cover more cases: different signs, different zeronesses, repeated
argument.
2020-01-20 21:01:51 +01:00
Gilles Peskine 72d7609f82 Bignum copy/shrink: More precise test case descriptions 2020-01-20 17:19:03 +01:00
Janos Follath 83f33d33eb Bump version to Mbed TLS 2.20.0 2020-01-20 14:52:29 +00:00
Janos Follath d27a88438f Merge branch 'development' into development-restricted 2020-01-15 15:55:11 +00:00
Manuel Pégourié-Gonnard 86a39bdbc5 Improve readability of test dependencies
- Always put MBEDTLS_SHA512_NO_SHA384 immediately after MBEDTLS_SHA512_C
- Remove duplicate occurrences of MBEDTLS_SHA512_NO_SHA384 on the same line
2020-01-07 10:24:17 +01:00
Manuel Pégourié-Gonnard 20f236de37 Adjust depends-hashes.pl to test NO_SHA384 as well 2020-01-06 11:40:23 +01:00
Manuel Pégourié-Gonnard 6ba5a3fc57 Declare test dependencies on !SHA512_NO_SHA384 2020-01-06 11:40:23 +01:00
Jaeden Amero 252faff19f
Merge pull request #2966 from dgreen-arm/fix-pylint-warnings
Sideport: Fix some pylint warnings
2019-12-20 16:07:07 +00:00
Jaeden Amero 448d1cc854
Merge pull request #334 from dgreen-arm/fix-pylint-warnings
Fix some pylint warnings
2019-12-20 16:06:53 +00:00
Darryl Green fb5faa2582 Fix some pylint warnings
Add docstrings where they were missing and fix a too-long line
2019-12-20 15:14:59 +00:00
Darryl Green 1822061093 Fix some pylint warnings
Add docstrings where they were missing and fix a too-long line
2019-12-20 15:13:45 +00:00
Gilles Peskine 180850a229
Merge pull request #291 from gilles-peskine-arm/ctr_drbg-test_aes_128
Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
2019-12-20 10:43:44 +01:00
Gilles Peskine 7a1925c453 Add a few EC public key import/export test cases
Test a Brainpool curve and a curve whose bit size is not a multiple of 8.
2019-12-12 09:00:27 +01:00