Commit graph

6744 commits

Author SHA1 Message Date
Jaeden Amero f921e8fa9f Merge remote-tracking branch 'origin/pr/2387' into mbedtls-2.7
* origin/pr/2387:
  Update change log
  all.sh: Test MBEDTLS_MPI_WINDOW_SIZE=1
  Fix DEADCODE in mbedtls_mpi_exp_mod()
2019-03-05 16:34:12 +00:00
Jaeden Amero b9f12dcfb1 Merge remote-tracking branch 'origin/pr/2255' into mbedtls-2.7
* origin/pr/2255:
  Add a facility to skip running some test suites
  run-test-suites: update the documentation
2019-03-05 16:31:22 +00:00
Jaeden Amero a47f32b9b9 Merge remote-tracking branch 'origin/pr/1976' into mbedtls-2.7
* origin/pr/1976:
  Move ChangeLog entry from Bugfix to Changes section
  Adapt ChangeLog
  Return from debugging functions if SSL context is unset
2019-03-05 16:28:59 +00:00
Jaeden Amero 6ee6f181ff Merge remote-tracking branch 'origin/pr/2435' into mbedtls-2.7
* origin/pr/2435:
  Use certificates from data_files and refer them
  Specify server certificate to use in SHA-1 test
  refactor CA and SRV certificates into separate blocks
  refactor SHA-1 certificate defintions and assignment
  refactor server SHA-1 certificate definition into a new block
  define TEST_SRV_CRT_RSA_SOME in similar logic to TEST_CA_CRT_RSA_SOME
  server SHA-256 certificate now follows the same logic as CA SHA-256 certificate
  add entry to ChangeLog
2019-03-05 16:25:53 +00:00
Simon Butcher fb85576f05 Merge remote-tracking branch 'restricted/pr/529' into mbedtls-2.7
* restricted/pr/529:
  Fix order of sections in the ChangeLog
  Fix failure in SSLv3 per-version suites test
  Adjust DES exclude lists in test scripts
  Clarify 3DES changes in ChangeLog
  Fix documentation for 3DES removal
  Exclude 3DES tests in test scripts
  Fix wording of ChangeLog and 3DES_REMOVE docs
  Reduce priority of 3DES ciphersuites
2019-03-03 10:08:12 +00:00
Simon Butcher 6728797f02 Merge remote-tracking branch 'public/pr/2148' into mbedtls-2.7
* public/pr/2148:
  Add ChangeLog entry for unused bits in bitstrings
  Improve docs for ASN.1 bitstrings and their usage
  Add tests for (named) bitstring to suite_asn1write
  Fix ASN1 bitstring writing
2019-03-01 13:09:04 +00:00
Manuel Pégourié-Gonnard 47237346d4 Fix order of sections in the ChangeLog 2019-03-01 10:34:21 +01:00
Manuel Pégourié-Gonnard a82d38dc7c Fix failure in SSLv3 per-version suites test
The test used 3DES as the suite for SSLv3, which now makes the handshake fails
with "no ciphersuite in common", failing the test as well. Use Camellia
instead (as there are not enough AES ciphersuites before TLS 1.2 to
distinguish between the 3 versions).

Document some dependencies, but not all. Just trying to avoid introducing new
issues by using a new cipher here, not trying to make it perfect, which is a
much larger task out of scope of this commit.
2019-03-01 10:33:58 +01:00
Andres Amaya Garcia fea3d0a3d0 Adjust DES exclude lists in test scripts 2019-02-26 12:46:16 +01:00
Jaeden Amero f054f8b3dc Merge remote-tracking branch 'origin/pr/2384' into mbedtls-2.7 2019-02-21 12:00:43 +00:00
Andres Amaya Garcia 493a0dc333 Clarify 3DES changes in ChangeLog 2019-02-19 21:07:03 +00:00
Ron Eldor de0c841b94 Use certificates from data_files and refer them
Use the server certificate from `data_files` folder, for formality,
and refer to the source, for easier reproduction.
2019-02-13 16:00:07 +02:00
Andres Amaya Garcia b7c22ecc74 Fix documentation for 3DES removal 2019-02-13 10:00:02 +00:00
Andres Amaya Garcia 0a0e5b12a9 Exclude 3DES tests in test scripts 2019-02-13 09:59:06 +00:00
Andres Amaya Garcia f9b2ed062f Fix wording of ChangeLog and 3DES_REMOVE docs 2019-02-13 09:53:59 +00:00
Andres Amaya Garcia 21ade06ef8 Reduce priority of 3DES ciphersuites 2019-02-13 09:52:46 +00:00
Ron Eldor 664623ebbc Specify server certificate to use in SHA-1 test
Specify the SHA-1 server certificate to use in the SHA-1 test,
because now the default certificates use SHA256 certificates.
2019-02-12 15:39:42 +02:00
ILUXONCHIK be3d1ee4ac refactor CA and SRV certificates into separate blocks 2019-02-12 15:38:22 +02:00
ILUXONCHIK 231385568e refactor SHA-1 certificate defintions and assignment
As per refactoring suggestion that I made in #1520.
2019-02-12 15:38:12 +02:00
ILUXONCHIK 62f9aec184 refactor server SHA-1 certificate definition into a new block 2019-02-12 15:38:03 +02:00
ILUXONCHIK e3be6723b0 define TEST_SRV_CRT_RSA_SOME in similar logic to TEST_CA_CRT_RSA_SOME 2019-02-12 15:37:48 +02:00
ILUXONCHIK 4d8325eceb server SHA-256 certificate now follows the same logic as CA SHA-256 certificate 2019-02-12 15:37:39 +02:00
ILUXONCHIK 5d45f8c54e add entry to ChangeLog 2019-02-12 15:35:04 +02:00
Andres Amaya Garcia fc547ffb92 Add ChangeLog entry for unused bits in bitstrings 2019-02-11 21:10:55 +00:00
Andres Amaya Garcia e730ff68ee Improve docs for ASN.1 bitstrings and their usage 2019-02-11 21:10:55 +00:00
Andres Amaya Garcia abb7622d08 Add tests for (named) bitstring to suite_asn1write 2019-02-11 21:10:55 +00:00
Andres Amaya Garcia 04ee5e0bbd Fix ASN1 bitstring writing
Refactor the function mbedtls_asn1_write_bitstring() that removes
trailing 0s at the end of DER encoded bitstrings. The function is
implemented according to Hanno Becker's suggestions.

This commit also changes the functions x509write_crt_set_ns_cert_type
and crt_set_key_usage to call the new function as the use named
bitstrings instead of the regular bitstrings.
2019-02-11 21:10:48 +00:00
k-stachowiak 0fd3021204 Update change log 2019-02-11 09:41:23 +01:00
Peter Kolbus 16015ddd59 all.sh: Test MBEDTLS_MPI_WINDOW_SIZE=1
There were no tests for a non-default MPI window size. Add one.

Change-Id: Ic08fbc9161d0b3ee67eb3c91f9baf602646c9dfe
2019-02-05 16:42:45 +01:00
Peter Kolbus f5d153daf0 Fix DEADCODE in mbedtls_mpi_exp_mod()
In mbedtls_mpi_exp_mod(), the limit check on wsize is never true when
MBEDTLS_MPI_WINDOW_SIZE is at least 6. Wrap in a preprocessor guard
to remove the dead code and resolve a Coverity finding from the
DEADCODE checker.

Change-Id: Ice7739031a9e8249283a04de11150565b613ae89
2019-02-05 16:42:27 +01:00
k-stachowiak 4d2982091b Correct code formatting in the timing test suites 2019-02-05 10:03:31 +01:00
k-stachowiak 16373da579 Apply imperiative style in the changelog entry 2019-02-05 10:03:20 +01:00
Jaeden Amero bdc807dbe8 Merge remote-tracking branch 'origin/pr/2343' into mbedtls-2.7 2019-01-30 15:45:15 +00:00
Jaeden Amero 9033e541a6 Merge remote-tracking branch 'origin/pr/2234' into mbedtls-2.7 2019-01-30 15:29:00 +00:00
Jaeden Amero d3841737e9 Merge remote-tracking branch 'origin/pr/2356' into mbedtls-2.7 2019-01-30 14:55:35 +00:00
Jaeden Amero 18fe25614a Merge remote-tracking branch 'origin/pr/2359' into mbedtls-2.7 2019-01-30 14:47:22 +00:00
k-stachowiak 523d2d23b8 Improve wording in the ChangeLog 2019-01-29 12:55:28 +01:00
k-stachowiak 9368113607 Reduce the timing tests complexity 2019-01-29 12:54:10 +01:00
Simon Butcher d09324ac58 Merge remote-tracking branch 'public/pr/2264' into mbedtls-2.7 2019-01-23 10:58:08 +01:00
Simon Butcher 32331305dd Merge remote-tracking branch 'public/pr/1797' into mbedtls-2.7 2019-01-23 10:56:40 +01:00
Simon Butcher 12b60bc702 Merge remote-tracking branch 'public/pr/2341' into mbedtls-2.7 2019-01-23 09:53:29 +01:00
Simon Butcher c5b6c2f877 Merge remote-tracking branch 'public/pr/2296' into mbedtls-2.7 2019-01-23 09:51:48 +01:00
Jeffrey Martin f7fe144082
update ChangLog credit
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-16 09:26:15 -06:00
Jeffrey Martin 55ab90d40e
update ChangLog per comments
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-15 09:02:14 -06:00
Jeffrey Martin 44fbf91f01
Backport #1949 into mbedtls-2.7
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-14 18:13:06 -06:00
Hanno Becker 6950ebb31f Document psk_list parameter of ssl_server2 example program 2019-01-14 09:27:04 +00:00
Gilles Peskine 9f55364ec7 Rename test_memcheck to test_valgrind
Valgrind is what it does. `memcheck` is how it's implemented.
2019-01-10 18:29:37 +01:00
Gilles Peskine ff7238f4ad Support wildcard patterns with a positive list of components to run
Wildcard patterns now work with command line COMPONENT arguments
without --except as well as with. You can now run e.g.
`all.sh "check_*` to run all the sanity checks.
2019-01-10 18:29:37 +01:00
Gilles Peskine 30bc385124 Add missing protection on __aeabi_uldiv check under --keep-going
Partial backport of 2adb375c50
"Add option to avoid 64-bit multiplication"
2019-01-10 18:29:37 +01:00
Gilles Peskine c780095901 Delete $OUT_OF_SOURCE_DIR under --force even without Yotta
The deletion of "$OUT_OF_SOURCE_DIR" had mistakenly been lumped
together with Yotta.
2019-01-10 18:29:37 +01:00