Commit graph

5068 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard eeef947040 Clarify documentation about missing CRLs
Also tune up some working while at it.
2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard 214a84889c Update note about hardcoded verify_data_length 2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard 967994a05e Remove unused code.
After the record contents are decompressed, in_len is no longer
accessed directly, only in_msglen is accessed. in_len is only read by
ssl_parse_record_header() which happens before ssl_prepare_record_contents().

This is also made clear by the fact that in_len is not touched after
decrypting anyway, so if it was accessed after that it would be wrong unless
decryption is used - as this is not the case, it show in_len is not accessed.
2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard 9d6241269a Add note about not implementing PSK id_hint 2016-03-09 19:32:08 +00:00
Manuel Pégourié-Gonnard 90ab4a45b5 Fix Unix detection in mini_client
fixes #398
2016-03-09 19:32:08 +00:00
Simon Butcher 157cb656a9 Clarified mbedtls_ssl_conf_alpn_protocols() doc
Clarified the lifetime of the protos parameter passed in the
function mbedtls_ssl_conf_alpn_protocols().
2016-03-09 19:32:08 +00:00
Simon Butcher 7f0df510ee Merge development branch with restricted
Conflicts:
	tests/suites/test_suite_x509parse.data
2016-03-08 14:37:37 +00:00
Manuel Pégourié-Gonnard 1dbf753502 Add precision about exploitability in ChangeLog
Also fix some whitespace while at it.
2016-03-08 12:15:36 +00:00
Janos Follath 2f5f123817 Add Changelog entry for current branch 2016-03-08 12:15:36 +00:00
Janos Follath a1452b0c95 Add Changelog entry for current branch 2016-03-08 12:06:47 +00:00
Simon Butcher d7515ae998 Swap C++ comments to C for style consistency in rsa.c 2016-03-08 12:02:16 +00:00
Manuel Pégourié-Gonnard 81835a19ad Add precision about exploitability in ChangeLog
Also fix some whitespace while at it.
2016-03-08 12:02:16 +00:00
Janos Follath 3c21bafae7 Add Changelog entry for current branch 2016-03-08 12:02:16 +00:00
Janos Follath c7ac991cea Removing 'if' branch from the fix.
This new error shouldn't be distinguishable from other padding errors.
Updating 'bad' instead of adding a new 'if' branch.
2016-03-08 12:02:16 +00:00
Janos Follath eb39d7d268 Add tests for the bug IOTSSL-619.
The main goal with these tests is to test the bug in question and
they are not meant to test the entire PKCS#1 v1.5 behaviour. To
achieve full test coverage, further test cases are needed.
2016-03-08 12:02:16 +00:00
Janos Follath ed6a7ae681 Add Changelog entry for current branch 2016-03-08 12:02:16 +00:00
Janos Follath 8dfdce3341 Length check added 2016-03-08 12:02:16 +00:00
Manuel Pégourié-Gonnard 7dc6f93db1 Add precision about exploitability in ChangeLog
Also fix some whitespace while at it.
2016-03-08 12:02:16 +00:00
Janos Follath ff40a4b805 Add Changelog entry for current branch 2016-03-08 12:02:16 +00:00
Janos Follath e726aa4946 Included tests for the overflow 2016-03-08 12:02:16 +00:00
Simon Butcher 8b4a1bdbb0 Update the ChangeLog 2016-03-07 23:30:50 +00:00
Simon Butcher 342671f982 Update interop tests to default configuration
Removed SSLv3 from the default tests in compat.sh, and adapted the test
cases in all.sh to include an additional SSLv3 regression test suite.
2016-03-07 23:22:10 +00:00
Simon Butcher 14ecd0439f Fix yotta builds for change in default configs
The change to defaults configurations in a720ced broke the yotta build.
This fix addresses that.
2016-03-07 23:07:04 +00:00
Simon Butcher 29b2150016 Fix the 'all tests' script for baremetal builds
Fixes the test script test/scripts/all.sh which was failing at the
baremetal ARM builds due to the entropy platform check introduced in
7ff4b77.
2016-03-07 23:06:27 +00:00
Janos Follath a720ced403 Update default configuration
Change the default settings for SSL and modify the tests accordingly.
2016-03-07 15:57:05 +00:00
Simon Butcher b3c6978c7e Add copright, and better documentation to curves.pl
The purpose and use of the test script, curves.pl was not obvious without
reading the source code, plus the file was missing a copyright statement.
2016-03-04 23:26:57 +00:00
Simon Butcher 5d23716e20 Add missing dependencies to X509 Parse test suite for P-384 curve
The test script curves.pl was failing on testing dependencies for the P-384
curve on the new test cases introduced by ede75f0 and 884b4fc.
2016-03-04 22:21:52 +00:00
Simon Butcher 25f2c4c028 Update mbed-drivers dependency to v1.0.0 2016-03-02 17:00:16 +00:00
Simon Butcher 2e4370119a Swap C++ comments to C for style consistency in rsa.c 2016-03-01 21:47:22 +00:00
Manuel Pégourié-Gonnard 2a85c3998c Add precision about exploitability in ChangeLog
Also fix some whitespace while at it.
2016-03-01 21:47:22 +00:00
Janos Follath 05884db043 Add Changelog entry for current branch 2016-03-01 21:47:22 +00:00
Simon Butcher e3241670b1 Remove redundant test certificates and clarify ChangeLog 2016-03-01 21:46:36 +00:00
Janos Follath 855ec587a4 X509: Fix bug triggered by future CA among trusted
Fix an issue that caused valid certificates being rejected whenever an
expired or not yet valid version of the trusted certificate was before the
valid version in the trusted certificate list.
2016-03-01 21:46:36 +00:00
Janos Follath f4a65d66bf X509: Future CA among trusted: add more tests 2016-03-01 21:46:36 +00:00
Janos Follath a155afb9d7 X509: Future CA among trusted: add unit tests 2016-03-01 21:46:36 +00:00
Simon Butcher e919f76e0d Fix typos and add copyright statement to generate_code.pl 2016-03-01 21:46:36 +00:00
SimonB 32ff13ae3d Refactored test suite template code
Restructed test suite helper and main code to support tests suite helper
functions, changed C++ comments to C-style, and made the generated
source code more navigable.
2016-03-01 21:46:36 +00:00
SimonB 16177a4033 Added support for per test suite helper functions
Added to generate_code.pl:
    - support for per test suite helper functions
    - description of the structure of the files the script uses to construct
      the test suite file
    - delimiters through the source code to make the machine generated code
      easier to understand
2016-03-01 21:46:36 +00:00
SimonB 26f9a7098a Clarified purpose and usage of generate_code.pl
Added comments to explain purpose and usage of generate_code.pl
2016-03-01 21:46:36 +00:00
Simon Butcher f51f088656 Added script to split the test case data files
Script generate-afl-tests.sh will split the test suite data files into
individual test case files, suitable for fuzzing.
2016-03-01 21:46:36 +00:00
Simon Butcher 3990f62669 Parameterised the test suite applications
All test suites can now take an arbitrary test file.
2016-03-01 21:46:35 +00:00
Simon Butcher bc32e4a151 Use the SSL IO and time callback typedefs consistently
The callback typedefs defined for mbedtls_ssl_set_bio() and
mbedtls_ssl_set_timer_cb() were not used consistently where the callbacks were
referenced in structures or in code.
2016-03-01 21:46:35 +00:00
Simon Butcher 36567e3437 Fix some minor typos in comments
Fix spelling mistakes and typos.
2016-03-01 21:46:35 +00:00
Manuel Pégourié-Gonnard b2d3011774 x509: remove obsolete TODO comment
- basicContraints checks are done during verification
- there is no need to set extensions that are not present to default values,
  as the code using the extension will check if it was present using
ext_types. (And default values would not make sense anyway.)
2016-03-01 21:46:35 +00:00
Manuel Pégourié-Gonnard db1ae1ea01 x509:
-
2016-03-01 21:46:35 +00:00
Manuel Pégourié-Gonnard 5a793b74a0 ssl: ignore CertificateRequest's content for real
- document why we made that choice
- remove the two TODOs about checking hash and CA
- remove the code that parsed certificate_type: it did nothing except store
  the selected type in handshake->cert_type, but that field was never accessed
afterwards. Since handshake_params is now an internal type, we can remove that
field without breaking the ABI.
2016-03-01 21:46:35 +00:00
Manuel Pégourié-Gonnard 9d79c1ba95 Remove unnecessary TODO comment
We don't implement anonymous key exchanges, and we don't intend to, so it can
never happen that an unauthenticated server requests a certificate from us.
2016-03-01 21:46:35 +00:00
Manuel Pégourié-Gonnard e66dd1dcef Clarify documentation about missing CRLs
Also tune up some working while at it.
2016-03-01 21:46:35 +00:00
Manuel Pégourié-Gonnard a6062607f1 Update note about hardcoded verify_data_length 2016-03-01 21:46:35 +00:00
Manuel Pégourié-Gonnard 28124dba07 Remove unused code.
After the record contents are decompressed, in_len is no longer
accessed directly, only in_msglen is accessed. in_len is only read by
ssl_parse_record_header() which happens before ssl_prepare_record_contents().

This is also made clear by the fact that in_len is not touched after
decrypting anyway, so if it was accessed after that it would be wrong unless
decryption is used - as this is not the case, it show in_len is not accessed.
2016-03-01 21:46:34 +00:00