yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-12-27 16:25:34 +00:00
Code Issues Packages Projects Releases Wiki Activity
3291 commits 88 branches 205 tags 69 MiB
Commit graph

949 commits

Author SHA1 Message Date
Simon Butcher c1d54bb7b2 Update library version to 1.3.18 2016-10-17 23:40:14 +01:00
Simon Butcher 2261f198ee Merge branch 'mbedtls-1.3' 2016-10-17 16:09:06 +01:00
Simon Butcher 123fb027dd Update all.sh test script 
Various fixes to the all.sh script.
 * support for two different versions of OpenSSL and GNUTLS, to allow testing of
   legacy features, deprecated but not yet removed in the library.
 * additional test builds for server only and client only builds
 * removed error redirection on armcc to allow build errors to be output
 * added tools checking, to ensure the absence of a tool will cause a failure, rather
   than silently failing to execute a test
 * added test for out of tree cmake builds
 2016-10-15 22:35:06 +01:00
Andres AG 0da3e44fea Add check for validity of date in x509_get_time() 2016-10-13 17:00:01 +01:00
Simon Butcher 696f92e9b4 Add simple test for repeated IVs when using AEAD 
In a USENIX WOOT '16 paper the authors exploit implementation
mistakes that cause Initialisation Vectors (IV) to repeat. This
did not happen in mbed TLS, and this test makes sure that this
won't happen in the future either.

A new test option is introduced to ssl-opt.sh that checks the server
and client logs for a pattern and fails in case there are any
duplicates in the lines following the matching ones. (This is
necessary because of the structure of the logging)

Added a test case as well to utilise the new option. This test forces
the TLS-ECDHE-ECDSA-WITH-AES-256-GCM-SHA384 ciphersuite to make the
client and the server use an AEAD cipher.

Hanno Böck, Aaron Zauner, Sean Devlin, Juraj Somorovsky and Philipp
Jovanovic, "Nonce-Disrespecting Adversaries: Practical Forgery Attacks
on GCM in TLS", USENIX WOOT '16
 2016-10-13 14:13:17 +01:00
Janos Follath bfcd032f9d Restore P>Q in RSA key generation (#558) 
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
 2016-10-13 12:54:33 +01:00
Andres AG f527609849 Add test for bounds in X509 DER write funcs 2016-10-13 12:45:08 +01:00
Andres AG 4bfbd6b542 Fix skipped test dependency in x509parse 
Replace MBEDTLS_ with POLARSSL_ in the test dependency for x509parse,
otherwise tests are always skipped because dependencies are never
satisfied.
 2016-10-13 12:44:19 +01:00
Simon Butcher 8b82d20321 Add missing dependencies to X509 Parse test suite for P-384 curve 
The test script curves.pl was failing on testing dependencies for the P-384
curve on the new test cases introduced by ede75f0 and 884b4fc.
 2016-10-13 12:44:19 +01:00
Janos Follath 486c4f9a33 X509: Future CA among trusted: add more tests 2016-10-13 12:43:11 +01:00
Janos Follath c35f458d94 X509: Future CA among trusted: add unit tests 2016-10-13 12:43:11 +01:00
Janos Follath 3072458ec3 Restore P>Q in RSA key generation (#558) 
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
 2016-10-13 09:27:18 +01:00
Andres AG a5a7f8d464 Fix skipped test dependency in x509parse 
Replace MBEDTLS_ with POLARSSL_ in the test dependency for x509parse,
otherwise tests are always skipped because dependencies are never
satisfied.
 2016-07-15 17:19:10 +01:00
Simon Butcher 463129b7f7 Add missing dependencies to X509 Parse test suite for P-384 curve 
The test script curves.pl was failing on testing dependencies for the P-384
curve on the new test cases introduced by ede75f0 and 884b4fc.
 2016-07-15 13:05:31 +01:00
Janos Follath aeff929a5a X509: Future CA among trusted: add more tests 2016-07-14 13:26:19 +01:00
Janos Follath e6bf97995b X509: Future CA among trusted: add unit tests 2016-07-14 13:26:13 +01:00
Simon Butcher 4f7b13bd79 Changed library version number to 1.3.17 2016-06-27 19:37:31 +01:00
Simon Butcher fd349bcb8e Merge branch 'mbedtls-1.3' into mbedtls-1.3 2016-06-27 01:29:03 +01:00
Simon Butcher 53fa7cc6d3 Fix for armcc in all.sh 2016-06-27 00:46:07 +01:00
Janos Follath 8abaa8b275 Add a test for SSLv3 with extensions, server side 
This test verifies if the server parses or sends extensions when
the protocol is SSLv3.
 2016-05-23 14:53:41 +01:00
Simon Butcher 65e79fae53 Merge branch 'mbedtls-1.3' 2016-05-18 20:11:17 +01:00
Janos Follath bc68e9c087 Add tests to cover PKCS1 v1.5 signature functions. 
The reported memory leak should have been spotted by
make memcheck
But it wasn't. Keeping the tests for better coverage.
 2016-05-18 20:08:16 +01:00
Simon Butcher 6301f44f3f Adds test_suite_pkcs1_v15 to tests/Makefile 2016-05-18 20:08:16 +01:00
Janos Follath 6483af8e42 Fix the broken pkcs1 v1.5 test. 
The random buffer handed over to the test function was too small
and the remaining bytes were generated by the default (platform
dependant) function.
 2016-05-18 19:58:40 +01:00
Janos Follath 8eeecd0444 Fix the backport of pkcs1 v1.5 test suite. 
The test suite was not properly backported and it remained unnoticed,
because it was not compile due to the change in the naming of the
compile time requirements.
 2016-05-18 19:58:40 +01:00
Janos Follath 7244ecf52e Add tests for the bug IOTSSL-619. 
The main goal with these tests is to test the bug in question and
they are not meant to test the entire PKCS#1 v1.5 behaviour. To
achieve full test coverage, further test cases are needed.
 2016-05-18 19:58:40 +01:00
Simon Butcher e9f842782b Adds test for odd bit length RSA key size 
Also tidy up ChangeLog following review.
 2016-04-19 10:02:43 +01:00
Janos Follath d74aa47380 Remove unused code from PKCS1v15 test suite 2016-04-18 10:12:05 +01:00
Simon Butcher f20ab8941f Add missing config dependencies to PKCS1 V15 tests 2016-04-13 01:41:49 +01:00
Janos Follath 8970fd6ab9 Add tests to cover PKCS1 v1.5 signature functions. 
The reported memory leak should have been spotted by
make memcheck
But it wasn't. Keeping the tests for better coverage.
 2016-04-12 16:44:30 +01:00
Simon Butcher d255c0e430 Adds test_suite_pkcs1_v15 to tests/Makefile 2016-04-10 00:03:16 +01:00
Janos Follath 33857f4c3d Update default configuration 
Change the default settings for SSL and modify the tests accordingly.
 2016-04-09 00:16:40 +01:00
Janos Follath afe799f2eb Fix the broken pkcs1 v1.5 test. 
The random buffer handed over to the test function was too small
and the remaining bytes were generated by the default (platform
dependant) function.
 2016-03-16 11:11:16 +00:00
Janos Follath 53eb0d1f5a Fix the backport of pkcs1 v1.5 test suite. 
The test suite was not properly backported and it remained unnoticed,
because it was not compile due to the change in the naming of the
compile time requirements.
 2016-03-16 10:26:12 +00:00
Janos Follath 4dfecabb97 Update default configuration 
Change the default settings for SSL and modify the tests accordingly.
 2016-03-14 13:40:43 +00:00
Janos Follath f1225eaffc Add tests for the bug IOTSSL-619. 
The main goal with these tests is to test the bug in question and
they are not meant to test the entire PKCS#1 v1.5 behaviour. To
achieve full test coverage, further test cases are needed.
 2016-03-01 22:28:31 +00:00
Manuel Pégourié-Gonnard 20715dc73b Make ar invocation more portable 
armar doesn't understand the syntax without dash. OTOH, the syntax with dash
is the only one specified by POSIX, and it's accepted by GNU ar, BSD ar (as
bundled with OS X) and armar, so it looks like the most portable syntax.

fixes #386
 2016-01-08 15:28:40 +01:00
Janos Follath 2db440d2f1 Improved on the previous fix and added a test case to cover both types 
of carries.
 2016-01-08 15:22:05 +01:00
Janos Follath ff5317e99b Improved on the fix of #309 and extended the test to cover subroutines. 2016-01-08 15:19:14 +01:00
Janos Follath 87f1494809 Tests and fix added for #309 (inplace mpi doubling). 2016-01-08 15:18:03 +01:00
Simon Butcher 84181adae8 Change version number to 1.3.16 
Changed version for library files and yotta module
 2016-01-04 22:49:30 +00:00
Manuel Pégourié-Gonnard 6ad4f65780 Add test case for root with max_pathlen=0 
This was already working but not tested so far

(Test case from previous commit still failing.)

Test certificates generated with:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert91.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert92.key

programs/x509/cert_write serial=91 output_file=cert91.crt is_ca=1 \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    selfsign=1 max_pathlen=0
programs/x509/cert_write serial=92 output_file=cert92.crt \
    issuer_key=cert91.key issuer_name="CN=Root 9,O=mbed TLS,C=UK" \
    subject_key=cert92.key subject_name="CN=EE 92,O=mbed TLS,C=UK"

mv cert9?.crt tests/data_files/dir4
rm cert9?.key
 2015-11-19 12:02:29 +01:00
Manuel Pégourié-Gonnard c058074836 Add test case for first intermediate max_pathlen=0 
!!! This test case is currently failing !!!
(See fix in next-next commit.)

Test certificates generated with the following script:

programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert81.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert82.key
programs/pkey/gen_key type=ec ec_curve=secp256r1 filename=cert83.key

programs/x509/cert_write serial=81 output_file=cert81.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    selfsign=1
programs/x509/cert_write serial=82 output_file=cert82.crt is_ca=1 \
    issuer_key=cert81.key issuer_name="CN=Root 8,O=mbed TLS,C=UK" \
    subject_key=cert82.key subject_name="CN=Int 82,O=mbed TLS,C=UK" \
    max_pathlen=0
programs/x509/cert_write serial=83 output_file=cert83.crt \
    issuer_key=cert82.key issuer_name="CN=Int 82,O=mbed TLS,C=UK" \
    subject_key=cert83.key subject_name="CN=EE 83,O=mbed TLS,C=UK"

mv cert8?.crt tests/data_files/dir4
rm cert8?.key
 2015-11-19 12:01:11 +01:00
Simon Butcher 1f4e08c979 Changed version number to 1.3.15 
Changed for library
 2015-11-05 15:44:46 +00:00
Manuel Pégourié-Gonnard 28e1ac5cab Use own implementation of strsep() 
Not available on windows, and strtok() is not a good option
 2015-11-02 06:50:46 +09:00
Manuel Pégourié-Gonnard 1da232df97 Use symbolic constants in test data 2015-10-30 09:39:42 +01:00
Janos Follath 3d98a7eee3 Additional corner cases for testing pathlen constrains. Just in case. 
backport of ef4f258
 2015-10-28 18:20:43 +01:00
Janos Follath 189c743d3e Added test case for pathlen constrains in intermediate certificates 
backport of 822b2c3
 2015-10-28 18:15:48 +01:00
Jonathan Leroy 094788ed7d Test certificate "Server1 SHA1, key_usage" reissued. 2015-10-27 15:12:39 +01:00
Manuel Pégourié-Gonnard f093bde91e Bump version to 1.3.14 2015-10-05 19:06:46 +01:00