Commit graph

9083 commits

Author SHA1 Message Date
Hanno Becker 72309d0847 Document origin of hardcoded certificates in library/certs.c
All of them are copied from (former) CRT and key files in `tests/data_files`.
For files which have been regenerated since they've been copied to `certs.c`,
update the copy.

Add declarations for DER encoded test CRTs to certs.h

Add DER encoded versions of CRTs to certs.c

fix comment in certs.c

Don't use (signed) char for DER encoded certificates

Consistently use `const char *` for test CRTs regardless of encoding

Remove non-sensical and unused PW variable for DER encoded key

Provide test CRTs in PEM and DER fmt, + pick suitable per config

This commit modifies `certs.h` and `certs.c` to start following the
following pattern for the provided test certificates and files:

- Raw test data is named `NAME_ATTR1_ATTR2_..._ATTRn`

  For example, there are
     `TEST_CA_CRT_{RSA|EC}_{PEM|DER}_{SHA1|SHA256}`.

- Derived test data with fewer attributes, iteratively defined as one
  of the raw test data instances which suits the current configuration.

  For example,
     `TEST_CA_CRT_RSA_PEM`
  is one of `TEST_CA_CRT_RSA_PEM_SHA1` or `TEST_CA_CRT_RSA_PEM_SHA256`,
  depending on whether SHA-1 and/or SHA-256 are defined in the current
  config.

Add missing public declaration of test key password

Fix signedness and naming mismatches

Further improve structure of certs.h and certs.c

Fix definition of mbedtls_test_cas test CRTs depending on config

Remove semicolon after macro string constant in certs.c
2019-05-30 10:27:49 +01:00
Hanno Becker 820c021f4e Adapt ChangeLog 2019-05-30 10:27:49 +01:00
Hanno Becker f8b0b15c90 Rename server1.der to server1.crt.der 2019-05-30 10:27:49 +01:00
Hanno Becker 389ee9b40b Add DER encoded files to git tree 2019-05-30 10:27:14 +01:00
Hanno Becker 5895a2db7b Add build instructions to generate DER versions of CRTs and keys 2019-05-30 10:27:14 +01:00
Hanno Becker 1ce1a51816 Document "none" value for ca_path/ca_file in ssl_client2/ssl_server2 2019-05-30 10:21:59 +01:00
Hanno Becker 7ae36e4179 ssl_server2: Skip CA setup if ca_path or ca_file argument "none"
This allows to test PSK-based ciphersuites via ssl_server2 in builds
which have MBEDTLS_X509_CRT_PARSE_C enabled but both MBEDTLS_FS_IO and
MBEDTLS_CERTS_C disabled.
2019-05-30 10:21:59 +01:00
Hanno Becker a7242061c4 ssl_client2: Skip CA setup if ca_path or ca_file argument "none"
This allows to test PSK-based ciphersuites via ssl_client2 in builds
which have MBEDTLS_X509_CRT_PARSE_C enabled but both MBEDTLS_FS_IO and
MBEDTLS_CERTS_C disabled.

A similar change is applied to the `crt_file` and `key_file` arguments.
2019-05-30 10:21:59 +01:00
Hanno Becker c258c440b5 Correct white spaces in ssl_server2 and ssl_client2 2019-05-30 10:21:59 +01:00
Hanno Becker bb676f7d32 Adapt ssl_client2 to parse DER encoded test CRTs if PEM is disabled 2019-05-30 10:21:59 +01:00
Hanno Becker 38566ccbd5 Adapt ssl_server2 to parse DER encoded test CRTs if PEM is disabled 2019-05-30 10:21:59 +01:00
Simon Butcher 0d1d76f987 Merge remote-tracking branch 'origin/pr/561' into baremetal 2019-05-29 15:09:24 +01:00
Darryl Green e831f5575b Remove all abi dumps, not just ones shared between versions
While the abi-checking script handled comparing only the modules
that were shared between the old and new versions correctly, the
cleanup of the abi dumps only removed what was shared. Change the
cleanup logic to remove all abi dumps instead.
2019-05-29 13:40:19 +01:00
Renz Christian Bagaporo ac859f39bd Create link to include/mbedtls only when testing is enabled 2019-05-27 15:58:36 +08:00
Simon Butcher d5e1bfc6b4 Merge remote-tracking branch 'origin/pr/569' into baremetal 2019-05-24 15:07:10 +01:00
Simon Butcher 0edb924e16 Merge remote-tracking branch 'origin/pr/565' into baremetal 2019-05-24 15:06:56 +01:00
Simon Butcher 5a790f9214 Merge remote-tracking branch 'origin/pr/563' into baremetal 2019-05-24 15:06:16 +01:00
Simon Butcher 6961760eb8 Merge remote-tracking branch 'origin/pr/560' into baremetal 2019-05-24 15:05:42 +01:00
Simon Butcher ba13ff514f Merge remote-tracking branch 'origin/pr/559' into baremetal 2019-05-24 15:05:07 +01:00
Hanno Becker 948a34adcc Add description of CID feature to ChangeLog 2019-05-24 10:23:43 +01:00
Hanno Becker f6fb4ea632 Insert records with unexpected CID in CID tests in ssl-opt.sh 2019-05-24 10:11:23 +01:00
Hanno Becker 675c4d6d35 Add debug line witnessing receipt of unexpected CID 2019-05-24 10:11:06 +01:00
Hanno Becker 34dcf4e6f6 Add bad_cid option UDP proxy to insert unexpected CID records
This commit adds the command line option 'bad_cid' to the UDP proxy
`./programs/test/udp_proxy`. It takes a non-negative integral value N,
which if not 0 has the effect of duplicating every 1:N CID records
and modifying the CID in the first copy sent.

This is to exercise the stacks documented behaviour on receipt
of unexpected CIDs.

It is important to send the record with the unexpected CID first,
because otherwise the packet would be dropped already during
replay protection (the same holds for the implementation of the
existing 'bad_ad' option).
2019-05-24 10:07:42 +01:00
Hanno Becker d8f7c4aa59 Fix indentation in debug message in ssl_tls.c 2019-05-23 17:03:44 +01:00
Hanno Becker 3b2bf5b214 Improve comment in ssl_parse_record_header() 2019-05-23 17:03:19 +01:00
Hanno Becker 4753e65e9b Disable Connection ID feature by default 2019-05-23 17:02:14 +01:00
Hanno Becker f4e8ed116c Remove superfluous new line in ssl_server2 2019-05-23 17:01:43 +01:00
Hanno Becker c8f43d82b8 Improve readability of ssl_client2/ssl_server2 usage instructions 2019-05-23 17:01:06 +01:00
Hanno Becker b8260c64d6 Remove superfluous newline in ssl_client2 2019-05-23 17:00:23 +01:00
Hanno Becker 76581052f9 Use negative-hex format for error codes in ssl_client2/ssl_server2 2019-05-23 16:58:22 +01:00
Hanno Becker 948d2d5611 Expand CID to Connection ID in documentation of mbedtls_ssl_conf_cid 2019-05-23 16:55:50 +01:00
Jaeden Amero bab2367924 Merge remote-tracking branch 'origin/pr/2648' into mbedtls-2.16
* origin/pr/2648:
  list-symbols.sh: if the build fails, print the build transcript
  Document "check-names.sh -v"
  all.sh: invoke check-names.sh in print-trace-on-exit mode
  Print a command trace if the check-names.sh exits unexpectedly
2019-05-23 15:14:35 +01:00
Jaeden Amero cbcd327376 Merge remote-tracking branch 'origin/pr/2611' into mbedtls-2.16
* origin/pr/2611:
  Update change log
  Reword ssl_conf_max_frag_len documentation for clarity
2019-05-23 15:14:06 +01:00
Gilles Peskine 39d7c58db5 list-symbols.sh: if the build fails, print the build transcript
If "make clean lib" fails in list-symbols.sh, print the transcript
from running make.
2019-05-22 19:07:36 +02:00
Gilles Peskine 902a1f3f7f Document "check-names.sh -v" 2019-05-22 19:07:36 +02:00
Hanno Becker ac36388e3e Exemplify ways of calling mbedtls_ssl_get_peer_cid() in ssl_client2 2019-05-22 16:59:25 +01:00
Hanno Becker 633d604837 Allow passing NULL pointers to mbedtls_ssl_get_peer_cid()
This commit modifies mbedtls_ssl_get_peer_cid() to also allow passing
NULL pointers in the arguments for the peer's CID value and length, in
case this information is needed.

For example, some users might only be interested in whether the use of
the CID was negotiated, in which case both CID value and length pointers
can be set to NULL. Other users might only be interested in confirming
that the use of CID was negotiated and the peer chose the empty CID,
in which case the CID value pointer only would be set to NULL.
It doesn't make sense to pass a NULL pointer for the CID length but a
non-NULL pointer for the CID value, as the caller has no way of telling
the length of the returned CID - and this case is therefore forbidden.
2019-05-22 16:50:35 +01:00
Hanno Becker 6945983588 Rename MBEDTLS_SSL_CID->MBEDTLS_SSL_DTLS_CONNECTION_ID in SSL suite 2019-05-20 15:40:23 +01:00
Hanno Becker 2f8c804d79 Fix typo in Doxygen documentation of mbedtls_ssl_conf_cid() 2019-05-20 15:35:36 +01:00
Hanno Becker a5a2b08a05 Rename MBEDTLS_SSL_CID to MBEDTLS_SSL_DTLS_CONNECTION_ID
Files modified via

sed -i 's/MBEDTLS_SSL_CID\([^_]\|$\)/MBEDTLS_SSL_DTLS_CONNECTION_ID\1/g' **/*.c **/*.h **/*.sh **/*.function
2019-05-20 15:35:36 +01:00
Hanno Becker 3cdf8fe50b Consistently reference CID draft through name + URL 2019-05-20 15:32:36 +01:00
Hanno Becker e582d12264 Slightly reorder CID debug messages during creation of transforms 2019-05-20 15:32:36 +01:00
Hanno Becker cfa6be76bd Fix typo in documentation of mbedtls_ssl_context::cid_in_use 2019-05-20 15:32:36 +01:00
Hanno Becker 96f35b4f06 Improve wording of documentation of mbedtls_ssl_get_peer_cid() 2019-05-20 15:32:36 +01:00
Hanno Becker 5fcac0dc99 Slightly reword documentation of mbedtls_ssl_set_cid() 2019-05-20 15:32:36 +01:00
Hanno Becker 53f36e9230 Use full sentences in Doxygen documentation of mbedtls_ssl_set_cid() 2019-05-20 15:32:36 +01:00
Hanno Becker dc19b41eb3 Use uniform spacing in def's of MBEDTLS_SSL_CID_{IN|OUT}_LEN_MAX 2019-05-20 15:32:36 +01:00
Hanno Becker f83017ccd1 Improve wording in documentation of mbedtls_ssl_set_cid() 2019-05-20 15:32:36 +01:00
Hanno Becker 75b334f33a Update references to CID draft to version 5 2019-05-20 15:32:36 +01:00
Hanno Becker ef2b8b0dcf Improve wording in documentation of MBEDTLS_SSL_CID 2019-05-20 15:32:36 +01:00