Commit graph

3223 commits

Author SHA1 Message Date
Simon Butcher 6f3c9cc8b7 Update ChangeLog for fix to crypt_and_hash #441 2016-10-13 12:44:20 +01:00
Simon Butcher 31d7f5b236 Fix for #441 - crypt and hash gcm (#546)
* Fix crypt_and_hash to support decrypting GCM encrypted files

* Fix documentation in crypt_and_hash for the generic case

* Remove unused lastn from crypt_and_hash

lastn is not used with the cipher layer as it already provides padding
and understanding of length of the original data.

Backport of fix by Paul Bakker.
2016-10-13 12:44:19 +01:00
Andres AG 4bfbd6b542 Fix skipped test dependency in x509parse
Replace MBEDTLS_ with POLARSSL_ in the test dependency for x509parse,
otherwise tests are always skipped because dependencies are never
satisfied.
2016-10-13 12:44:19 +01:00
Simon Butcher 8b82d20321 Add missing dependencies to X509 Parse test suite for P-384 curve
The test script curves.pl was failing on testing dependencies for the P-384
curve on the new test cases introduced by ede75f0 and 884b4fc.
2016-10-13 12:44:19 +01:00
Janos Follath af1e74be70 X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-10-13 12:44:19 +01:00
Janos Follath 486c4f9a33 X509: Future CA among trusted: add more tests 2016-10-13 12:43:11 +01:00
Janos Follath c35f458d94 X509: Future CA among trusted: add unit tests 2016-10-13 12:43:11 +01:00
Janos Follath 17da9dd829 Add option for relaxed X509 time verification.
The certificates are not valid according to the RFC, but are in wide
distribution across the internet. Hence the request to add a
compile-time flag to accept these certificates if wanted by the
application.

If POLARSSL_RELAXED_X509_DATE is enabled it will allow dates without
seconds, and allow dates with timezones (but doesn't actually use
the timezone).

Patch provided by OpenVPN.
2016-09-30 09:04:18 +01:00
Simon Butcher 2d01f2d4c5 Update Changelog for release 2016-06-27 20:00:26 +01:00
Simon Butcher 4f7b13bd79 Changed library version number to 1.3.17 2016-06-27 19:37:31 +01:00
Simon Butcher fd349bcb8e Merge branch 'mbedtls-1.3' into mbedtls-1.3 2016-06-27 01:29:03 +01:00
Simon Butcher 53fa7cc6d3 Fix for armcc in all.sh 2016-06-27 00:46:07 +01:00
Janos Follath 307e181cfa Fix non compliance SSLv3 in server extension handling.
The server code parses the client hello extensions even when the
protocol is SSLv3 and this behaviour is non compliant with rfc6101.
Also the server sends extensions in the server hello and omitting
them may prevent interoperability problems.
2016-05-23 18:52:14 +01:00
Janos Follath 8abaa8b275 Add a test for SSLv3 with extensions, server side
This test verifies if the server parses or sends extensions when
the protocol is SSLv3.
2016-05-23 14:53:41 +01:00
Simon Butcher 65e79fae53 Merge branch 'mbedtls-1.3' 2016-05-18 20:11:17 +01:00
Simon Butcher 3d24b19a95 Fixes error and exit paths in rsa sample programs 2016-05-18 20:08:16 +01:00
Janos Follath 347552d8d0 Fix memory leaks in example programs. 2016-05-18 20:08:16 +01:00
Janos Follath bc68e9c087 Add tests to cover PKCS1 v1.5 signature functions.
The reported memory leak should have been spotted by
make memcheck
But it wasn't. Keeping the tests for better coverage.
2016-05-18 20:08:16 +01:00
Simon Butcher 6301f44f3f Adds test_suite_pkcs1_v15 to tests/Makefile 2016-05-18 20:08:16 +01:00
Simon Butcher 959d4328c1 Fix ChangeLog for backport of IOTSSL-621 2016-05-18 20:08:16 +01:00
Janos Follath af1836e1cf Add Changelog entry for current branch 2016-05-18 20:07:27 +01:00
Simon Butcher 49ed628ede Fix ChangeLog after merging fix for IOTSSL-628 2016-05-18 20:07:27 +01:00
Janos Follath f383363d43 Extended ChangeLog entry 2016-05-18 20:01:46 +01:00
Janos Follath c70515d455 Add Changelog entry for current branch 2016-05-18 20:00:19 +01:00
Simon Butcher f31d9676d1 Fix ChangeLog for backport of IOTSSL-621 2016-05-18 19:58:41 +01:00
Janos Follath 742783fe85 Included tests for the overflow
Conflicts:
	library/rsa.c
2016-05-18 19:58:41 +01:00
Janos Follath 21ca00243c Add Changelog entry for current branch 2016-05-18 19:58:41 +01:00
Simon Butcher d3253b018e Fix for backprt of IOTSSL-628
Corrections to constand and function names changed between 1.3 and 2.1
2016-05-18 19:58:41 +01:00
Simon Butcher 2d49c4d2f6 Fix ChangeLog after merging fix for IOTSSL-628 2016-05-18 19:58:41 +01:00
Janos Follath 7295c189ee Extended ChangeLog entry 2016-05-18 19:58:41 +01:00
Janos Follath 092f2c48c4 Move underflow test to make time constant 2016-05-18 19:58:41 +01:00
Janos Follath 574b118bf8 Add Changelog entry for current branch 2016-05-18 19:58:40 +01:00
Janos Follath 3bed13df1c Included test for integer underflow. 2016-05-18 19:58:40 +01:00
Janos Follath 6483af8e42 Fix the broken pkcs1 v1.5 test.
The random buffer handed over to the test function was too small
and the remaining bytes were generated by the default (platform
dependant) function.
2016-05-18 19:58:40 +01:00
Janos Follath 8eeecd0444 Fix the backport of pkcs1 v1.5 test suite.
The test suite was not properly backported and it remained unnoticed,
because it was not compile due to the change in the naming of the
compile time requirements.
2016-05-18 19:58:40 +01:00
Janos Follath f18263d78b Removing 'if' branch from the fix.
This new error shouldn't be distinguishable from other padding errors.
Updating 'bad' instead of adding a new 'if' branch.
2016-05-18 19:58:40 +01:00
Janos Follath 7244ecf52e Add tests for the bug IOTSSL-619.
The main goal with these tests is to test the bug in question and
they are not meant to test the entire PKCS#1 v1.5 behaviour. To
achieve full test coverage, further test cases are needed.
2016-05-18 19:58:40 +01:00
Janos Follath a1ebe662f3 Add Changelog entry for current branch 2016-05-18 19:58:40 +01:00
Janos Follath f570f7f686 Length check added 2016-05-18 19:58:40 +01:00
Simon Butcher 01660396da Corrects debug macro in ssl_cli.c 2016-04-22 10:05:50 +01:00
Janos Follath 4e03439e6a Fix bug in ssl_write_supported_elliptic_curves_ext
Passing invalid curves to mbedtls_ssl_conf_curves potentially could caused a
crash later in ssl_write_supported_elliptic_curves_ext. #373
2016-04-22 09:59:00 +01:00
Janos Follath 7ddc2cdfce Fix null pointer dereference in the RSA module.
Introduced null pointer checks in mbedtls_rsa_rsaes_pkcs1_v15_encrypt
2016-04-19 10:28:24 +01:00
Simon Butcher e9f842782b Adds test for odd bit length RSA key size
Also tidy up ChangeLog following review.
2016-04-19 10:02:43 +01:00
Janos Follath d61fc6881a Fix odd bitlength RSA key generation
Fix issue that caused a hang up when generating RSA keys of odd
bitlength.
2016-04-19 09:42:17 +01:00
Janos Follath d74aa47380 Remove unused code from PKCS1v15 test suite 2016-04-18 10:12:05 +01:00
Simon Butcher f20ab8941f Add missing config dependencies to PKCS1 V15 tests 2016-04-13 01:41:49 +01:00
Simon Butcher 8435f9e8ec Add missing stdlib.h header to rsa sample programs 2016-04-13 01:38:54 +01:00
Simon Butcher de62b6e396 Fixes error and exit paths in rsa sample programs 2016-04-12 17:36:34 +01:00
Janos Follath fa4a88a8eb Fix memory leaks in example programs. 2016-04-12 16:45:10 +01:00
Janos Follath 8970fd6ab9 Add tests to cover PKCS1 v1.5 signature functions.
The reported memory leak should have been spotted by
make memcheck
But it wasn't. Keeping the tests for better coverage.
2016-04-12 16:44:30 +01:00