mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-04 15:39:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
20,804 Commits 170 Branches 263 Tags
Commit Graph

6979 Commits

Author SHA1 Message Date
Andrzej Kurek
780dc18f74 Refactor test_suite_ssl tests to enable cache setting 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:18:28 -04:00
Manuel Pégourié-Gonnard
4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection 
Permissions 2a: TLS 1.2 ciphersuite selection
 2022-07-04 12:37:02 +02:00
Paul Elliott
41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf 
Turn off stdio buffering with setbuf()
 2022-07-04 10:12:22 +01:00
Ronald Cron
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk 
Refactor signature algorithm chooser
 2022-07-04 09:10:08 +02:00
Neil Armstrong
6931e439e4 Fix Handshake select ECDH-RSA- test dependencies 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 18:30:10 +02:00
Paul Elliott
bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints 
Add accessors to config DN hints for cert request
 2022-07-01 17:23:14 +01:00
Neil Armstrong
c67e6e96f8 Depends on MBEDTLS_X509_REMOVE_INFO disable for double Opaque keys test requiring cert infos to determine selected key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 15:48:10 +02:00
Gabor Mezei
dc3f3bb8b1
Initilize variable 
Coverity scan detected a problem of an uinitilized variable.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-07-01 15:06:34 +02:00
Jerry Yu
7ac0d498de remove force_version for client 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-01 19:29:30 +08:00
Manuel Pégourié-Gonnard
790ab52ee0
Merge pull request #5962 from gilles-peskine-arm/storage-format-doc-202206 
Documentation about storage format compatibility
 2022-07-01 12:21:17 +02:00
Jerry Yu
52b7d923fe fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-01 18:12:44 +08:00
Neil Armstrong
7999cb3896 Remove auth_mode=required and client crt_file/key_file when testing server authentication 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 09:51:33 +02:00
Neil Armstrong
4b10209568 Use different certs for double opaque keys and check certificate issuer CN 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 09:48:09 +02:00
Neil Armstrong
1948a20796 Cleanup Order & Title of Opaque TLS tests, fix RSA- test definition 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 18:05:57 +02:00
Gilles Peskine
6497b5a1d1 Add setbuf platform function 
Add a platform function mbedtls_setbuf(), defaulting to setbuf().

The intent is to allow disabling stdio buffering when reading or writing
files with sensitive data, because this exposes the sensitive data to a
subsequent memory disclosure vulnerability.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 17:01:40 +02:00
Ronald Cron
cb67e1a890
Merge pull request #5917 from gilles-peskine-arm/asn1write-0-fix 
Improve ASN.1 write tests
 2022-06-30 15:42:16 +02:00
Neil Armstrong
167d82c4df Add dual keys Opaque ssl-opt tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 11:32:00 +02:00
Neil Armstrong
36b022334c Reorganize Opaque ssl-opt tests, pass key_opaque_algs=, add less wrong negative server testings 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 11:16:53 +02:00
Neil Armstrong
b2c3b5be2d Fix depends on handshake_ciphersuite_select tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 10:49:04 +02:00
Neil Armstrong
db13497490 Reorganize & add more handshake_ciphersuite_select to test all MBEDTLS_KEY_EXCHANGE_XXX cases 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 09:06:28 +02:00
Zhangsen Wang
9b64546eb2 Update tests/ssl-opt.sh, delete 1 blank line. 
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com>
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
 2022-06-30 02:35:18 +00:00
Paul Elliott
f6a56cf5ff
Merge pull request #939 from ronald-cron-arm/tls13-add-missing-overread-check 
TLS 1.3: Add missing overread check
 2022-06-29 17:01:14 +01:00
Werner Lewis
ec0193d019 Update test to cover move-decrypt sequence 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-29 16:17:50 +01:00
Werner Lewis
dd76ef359d Refactor AES context to be shallow-copyable 
Replace RK pointer in AES context with a buffer offset, to allow
shallow copying. Fixes #2147.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-29 16:17:50 +01:00
Dave Rodgman
5b50f38f92
Merge pull request #934 from gilles-peskine-arm/mpi-0-mod-2 
Fix null pointer dereference in mpi_mod_int(0, 2)
 2022-06-29 15:02:59 +01:00
Jerry Yu
aae28f178b add tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:21:32 +08:00
Jerry Yu
a0bb906c9f fix handshake_version test fail. 
when both tls13 and tls12 are enabled, the
test will fail.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:09 +08:00
Jerry Yu
f55886a217 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:46 +08:00
Jerry Yu
a6076aa8b8 Revert temp test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:45 +08:00
Jerry Yu
7ab7f2b184 Remove pkcs1 from certificate_verify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:44 +08:00
Ronald Cron
7898fd456a
Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server 
TLS 1.3 server: Send dummy change_cipher_spec records

The internal CI PR-merge job ran successfully thus good to go.
 2022-06-29 09:47:49 +02:00
Glenn Strauss
bd10c4e2af Test accessors to config DN hints for cert request 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-06-29 02:54:28 -04:00
Zhangsen Wang
87a9c86d87 Re-enable five tests disabled because of an old OpenSSL bug 
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
 2022-06-29 02:23:22 +00:00
Gilles Peskine
d86abf2392
Merge pull request #5861 from wernerlewis/csr_subject_comma 
Fix output of commas and other special characters in X509 DN values
 2022-06-28 21:00:49 +02:00
Neil Armstrong
2407279fa4 Add tests with specific hash for handshake_ciphersuite_select positive tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-28 18:12:17 +02:00
Neil Armstrong
ed917bf548 Update description for negative key_opaque_algs tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-28 18:12:17 +02:00
Neil Armstrong
8c52ed8d1e Add negative testing of ciphersuite selection using Opaque algs & usage 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-28 18:12:17 +02:00
Neil Armstrong
eb4390b27c Add Cipersuite selection negative testing by using invalid algs for server-side opaque key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-28 18:10:48 +02:00
Gabor Mezei
9e4b7bd199
Do not force TLS 1.3 on client side for TLS 1.3 middlebox compatibility tests 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-28 16:22:14 +02:00
Gabor Mezei
f7044eaec8
Fix name 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-28 16:01:49 +02:00
Ronald Cron
585cd70d04 tests: ssl: Fix coverity deadcode issue 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:21:13 +02:00
Ronald Cron
b94854f8e3
Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests 
TLS 1.3: Enable and add tests
 2022-06-28 09:15:17 +02:00
Gilles Peskine
5969a4b5e0 Don't call memcpy(NULL, 0) which has undefined behavior 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 23:59:53 +02:00
Dave Rodgman
f5b7082f6e
Merge pull request #5811 from polhenarejos/bug_x448 
Fix order value for curve x448
 2022-06-27 13:47:24 +01:00
Werner Lewis
9b0e940135 Fix case where final special char exceeds buffer 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 12:01:22 +01:00
Werner Lewis
31ecb9600a Add tests for exceeded buffer size 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 11:23:43 +01:00
Werner Lewis
b33dacdb50 Fix parsing of special chars in X509 DN values 
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 11:19:50 +01:00
Ronald Cron
cf600bc07c Comment fixes 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:28:49 +02:00
Ronald Cron
e7b9b6b380 tls13: Add checks of overread check failures 
In Certificate message parsing tests with
invalid vector lengths, add checks that the
parsing failed on the expected overread check.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:28:49 +02:00
Ronald Cron
e3dac4aaa1 tls13: Add Certificate msg parsing tests with invalid vector lengths 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:28:42 +02:00