Commit graph

1560 commits

Author SHA1 Message Date
Hanno Becker
d4a872ee67 Rename internal MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG
This commit renames the test-only flag MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG to make it more transparent
that it's an internal flag, and also to content the testscript tests/scripts/check-names.pl which previously complained
about the macro occurring in a comment in `entropy.c` without being defined in a library file.
2017-09-14 08:04:13 +01:00
Hanno Becker
81535d0011 Minor style and typo corrections 2017-09-14 07:51:54 +01:00
Hanno Becker
476986547b Omit version from X.509 v1 certificates
The version field in an X.509 certificate is optional and defaults to v1, so it
may be omitted in this case.
2017-09-14 07:51:54 +01:00
Hanno Becker
418a62242b Extend tests/data_files/Makefile to include CRT's for CRT write test 2017-09-14 07:51:28 +01:00
Hanno Becker
5a4f172522 Add suffix for 1024-bit RSA key files
Previously, 2048-bit and 4096-bit RSA key files had their bitsize indicated in their filename, while the original
1024-bit keys hadn't. This commit unifies the naming scheme by always indicating the bitsize in the filename.
2017-09-07 15:40:30 +01:00
Hanno Becker
c8063c58f0 Correct Makefile in tests/data_files
The documentation of the target `all_final` was no longer accurate, and numerous non-file targets were missing in the
.PHONY section.
2017-09-07 15:30:12 +01:00
Hanno Becker
55b1a0af0c Add further tests for DER-encoded PKCS8-v2-DES encrypted RSA keys
For uniformity, this commit adds tests for DER encoded PKCS8-v2-DES encrypted RSA keys that were already present for
PKCS8-v2-3DES encrypted RSA keys.
2017-09-05 10:43:20 +01:00
Hanno Becker
7d108257a4 Add further tests for new RSA keys
For uniformity, this commit adds tests for DER encoded, SHA1-2DES and SHA1-RC4-128-encrypted RSA keys; for SHA1-3DES encrypted keys, these were already present.
2017-09-05 10:35:31 +01:00
Hanno Becker
8fdfc98676 Update keyfiles
This commit replaces the previous keyfiles with those generated by the commands added in the previous commit.
2017-09-05 10:08:37 +01:00
Hanno Becker
d16f6126c7 Add RSA key generation commands to test Makefile
This commit adds the commands used to generate the various RSA keys to tests/Makefile so that they can be easily
regenerated or modified, e.g. if larger key sizes or other encryption algorithms need to be tested in the future.
2017-09-05 10:08:37 +01:00
Hanno Becker
37c6b6b339 Add tests for encrypted 2048 and 4096-bit RSA keys 2017-08-26 09:22:14 +01:00
Simon Butcher
72ea31b026 Update version number to 2.6.0 2017-08-10 11:51:16 +01:00
Simon Butcher
bcfa6f42e3 Fix the check for max CA intermediates in ssl-opt.sh
The tests only work for a specific number for MBEDTLS_X509_MAX_INTERMEDIATE_CA
so the check has been changed to confirm the default value, and to show an error
otherwise.
2017-07-28 16:43:33 +01:00
Simon Butcher
efdfeeba6a Fix threshold checks for MBEDTLS_X509_MAX_INTERMEDIATE_CA 2017-07-28 12:15:13 +01:00
Simon Butcher
06b786372c Change a ssl-opt.sh script sanity checks
Change the check in ssl-opt.sh for MBEDTLS_X509_MAX_INTERMEDIATE_CA to
check config.h instead of the x509 headers.
2017-07-28 01:00:17 +01:00
Andres AG
7d6ec7bacc Add CRT DER tests with incorrect version 2017-07-27 21:44:34 +01:00
Andres AG
c124061681 Add CRL DER tests with incorrect version 2017-07-27 21:44:34 +01:00
Andres AG
6fb6d79a37 Add CSR DER tests with incorrect version 2017-07-27 21:44:34 +01:00
Ron Eldor
d922c78aa4 Move the git scripts to correct path
The git scripts were accidently put in `test` folder instead of `tests`.
Moved them to `tests` folder
2017-07-27 21:44:34 +01:00
Ron Eldor
bf007d297d Pre push hook script
Add git_hook folder, and pre-push script,
to be soft linked from .git/hooks/pre-push
2017-07-27 21:44:34 +01:00
Simon Butcher
2c4d558873 Fixes test for MBEDTLS_NO_UDBL_DIVISION
The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h
for the next test.

Also added comments to ARM Compiler 6 tests to better explain them.
2017-07-27 21:44:34 +01:00
Andres Amaya Garcia
f755bb3adf Remove MBEDTLS_TYPE_UDBL tests from all.sh 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
465db7eba1 Fix no 64-bit division test in all.sh 2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
9946783218 Add tests for 64 and 32-bit int types compilation 2017-07-27 21:44:33 +01:00
Gilles Peskine
b1a977f5a7 MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION
Changed the option to disable the use of 64-bit division, to an option
to disable the use of double-width division, whether that's 64 or 128-bit.
2017-07-27 21:44:33 +01:00
Andres Amaya Garcia
5e873fb464 Add all.sh test to force 32-bit compilation 2017-07-27 21:44:33 +01:00
Ron Eldor
5a21fd62bf fix for issue 1118: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-27 21:44:33 +01:00
Hanno Becker
3b1422e55e Check threshold for MBEDTLS_X509_MAX_INTERMEDIATE_CA in X509 tests
The X509 test suite assumes that MBEDTLS_X509_MAX_INTERMEDIATE_CA is below the
hardcoded threshold 20 used in the long certificate chain generating script
tests/data_files/dir-max/long.sh. This commit adds a compile-time check for
that.
2017-07-26 13:49:38 +01:00
Hanno Becker
e908c3de67 Improve Readme for long test certificate chains 2017-07-26 13:49:38 +01:00
Hanno Becker
a6bca9f19e Check value of MBEDTLS_X509_MAX_INTERMEDIATE_CA in ssl-opt.sh
Some tests in ssl-opt.sh assumes the value 8 for the maximal number
MBEDTLS_X509_MAX_INTERMEDIATE_CA of intermediate CA's. This commit adds a check
before conducting the respective tests.
2017-07-26 13:49:32 +01:00
Andres AG
eacc616a9c Add CRT DER tests with incorrect version 2017-07-26 12:13:13 +01:00
Andres AG
2a9fd0e5c7 Add CRL DER tests with incorrect version 2017-07-26 12:13:04 +01:00
Andres AG
ae7b1c4aed Add CSR DER tests with incorrect version 2017-07-26 12:12:53 +01:00
Ron Eldor
4d90d56dfe Move the git scripts to correct path
The git scripts were accidently put in `test` folder instead of `tests`.
Moved them to `tests` folder
2017-07-24 21:47:30 +01:00
Hanno Becker
47deec488f Move flag indicating presence of strong entropy to test code 2017-07-24 15:31:30 +01:00
Ron Eldor
fcb7491a49 Pre push hook script
Add git_hook folder, and pre-push script,
to be soft linked from .git/hooks/pre-push
2017-07-24 14:25:26 +02:00
Hanno Becker
c6deafc0d4 Omit RSA key generation test if no strong entropy is present
The RSA key generation test needs strong entropy to succeed. This commit captures the presence of a strong entropy
source in a preprocessor flag and only runs the key generation test if that flag is set.
2017-07-24 09:09:01 +01:00
Simon Butcher
51aaa99473 Fixes test for MBEDTLS_NO_UDBL_DIVISION
The test for MBEDTLS_NO_UDBL_DIVISION wasn't preserving it's own config.h
for the next test.

Also added comments to ARM Compiler 6 tests to better explain them.
2017-07-23 13:42:36 +02:00
Hanno Becker
f058f34b5a Support negative dependencies in test cases
The entropy test suite uses a negative dependency "depends_on:!CONFIG_FLAG" for one of its tests. This kind of
dependency (running a test only if some configuration flag is not defined) is currently not supported and instead
results in the respective test case being dropped.

This commit adds support for negative dependencies in test cases.
2017-07-23 10:41:04 +01:00
Hanno Becker
75efa79201 Adapt generic test suite file to coding standard 2017-07-23 10:40:58 +01:00
Hanno Becker
910f662cd7 Increase readability of verbose test suite output 2017-07-23 10:40:53 +01:00
Hanno Becker
1b841cc9bf Correct typo in entropy test suite data 2017-07-23 10:40:46 +01:00
Hanno Becker
7e8e57c6d1 Initialize RSA context in RSA test suite before first potentially failing operation
The function `mbedtls_rsa_gen_key` from `test_suite_rsa.function` initialized a stack allocated RSA context only after
seeding the CTR DRBG. If the latter operation failed, the cleanup code tried to free the uninitialized RSA context,
potentially resulting in a segmentation fault. Fixes one aspect of #1023.
2017-07-23 10:40:29 +01:00
Andres Amaya Garcia
c327aa1542 Remove MBEDTLS_TYPE_UDBL tests from all.sh 2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
6fb65864a2 Fix no 64-bit division test in all.sh 2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
33264d7a96 Add tests for 64 and 32-bit int types compilation 2017-07-22 11:53:56 +02:00
Gilles Peskine
9a9adcd6aa MBEDTLS_NO_INT64_DIVISION -> MBEDTLS_NO_UDBL_DIVISION
Changed the option to disable the use of 64-bit division, to an option
to disable the use of double-width division, whether that's 64 or 128-bit.
2017-07-22 11:53:56 +02:00
Andres Amaya Garcia
dd29c2f2c3 Add all.sh test to force 32-bit compilation 2017-07-22 11:53:56 +02:00
Janos Follath
745bcf454f Fix typos 2017-07-21 14:04:31 +01:00
Ron Eldor
e1b92fee55 fix for issue 1118: check if iv is zero in gcm.
1) found by roberto in mbedtls forum
2) if iv_len is zero, return an error
3) add tests for invalid parameters
2017-07-20 00:11:24 +02:00
Manuel Pégourié-Gonnard
5be13d8fd1 Make test script more portable
seq isn't POSIX and isn't present by default on BSDs
2017-07-06 14:31:54 +02:00
Manuel Pégourié-Gonnard
9107b5fdd3 Improve comments 2017-07-06 12:16:25 +02:00
Manuel Pégourié-Gonnard
81bb6b6acf Add SSL tests for long cert chains 2017-07-06 11:58:41 +02:00
Manuel Pégourié-Gonnard
31458a1878 Only return VERIFY_FAILED from a single point
Everything else is a fatal error. Also improve documentation about that for
the vrfy callback.
2017-07-06 11:58:41 +02:00
Manuel Pégourié-Gonnard
d15795acd5 Improve behaviour on fatal errors
If we didn't walk the whole chain, then there may be any kind of errors in the
part of the chain we didn't check, so setting all flags looks like the safe
thing to do.
2017-07-06 11:58:41 +02:00
Manuel Pégourié-Gonnard
1beb048316 Add test for limit on intermediate certificates
Inspired by test code provided by Nicholas Wilson in PR #351.

The test will fail if someone sets MAX_INTERMEDIATE_CA to a value larger than
18 (default is 8), which is hopefully unlikely and can easily be fixed by
running long.sh again with a larger value if it ever happens.

Current behaviour is suboptimal as flags are not set, but currently the goal
is only to document/test existing behaviour.
2017-07-06 11:57:31 +02:00
Simon Butcher
f2a597fa3d Update the version number to 2.5.1 2017-06-20 23:08:10 +01:00
Manuel Pégourié-Gonnard
b86b143030 Merge remote-tracking branch 'restricted/iotssl-1138-rsa-padding-check-restricted' into development-restricted
* restricted/iotssl-1138-rsa-padding-check-restricted:
  RSA PKCS1v1.5 verification: check padding length
2017-06-08 20:31:06 +02:00
Manuel Pégourié-Gonnard
1178ac5e77 Merge remote-tracking branch 'hanno/sliding_exponentiation' into development
* hanno/sliding_exponentiation:
  Adapt ChangeLog
  Abort modular inversion when modulus is one.
  Correct sign in modular exponentiation algorithm.
2017-06-08 19:46:30 +02:00
Manuel Pégourié-Gonnard
af63c21466 Fix issue in testing SHA-1 compile-time option 2017-06-08 17:51:08 +02:00
Hanno Becker
e6706e62d8 Add tests for missing CA chains and bad curves.
This commit adds four tests to tests/ssl-opt.sh:
(1) & (2): Check behaviour of optional/required verification when the
trusted CA chain is empty.
(3) & (4): Check behaviour of optional/required verification when the
client receives a server certificate with an unsupported curve.
2017-06-07 11:26:59 +01:00
Manuel Pégourié-Gonnard
ddc6e52cc1 Merge remote-tracking branch 'gilles/iotssl-1223/development' into development
* gilles/iotssl-1223/development:
  Fix FALLBACK_SCSV parsing
2017-06-06 20:11:36 +02:00
Manuel Pégourié-Gonnard
383a118338 Merge remote-tracking branch 'gilles/IOTSSL-1330/development' into development
* gilles/IOTSSL-1330/development:
  Changelog entry for the bug fixes
  SSLv3: when refusing renegotiation, stop processing
  Ignore failures when sending fatal alerts
  Cleaned up double variable declaration
  Code portability fix
  Added changelog entry
  Send TLS alerts in many more cases
  Skip all non-executables in run-test-suites.pl
  SSL tests: server requires auth, client has no certificate
  Balanced braces across preprocessor conditionals
  Support setting the ports on the command line
2017-06-06 19:22:41 +02:00
Gilles Peskine
f11d33b2df Cleaned up negative test predicate for test case
The test infrastructure does support negative predicates for test
cases, thanks to Andreas for letting me know.
2017-06-06 19:16:18 +02:00
Gilles Peskine
2a458daa11 all.sh: test with SHA-1 enabled
Enabling SHA-1 for certificates is deprecated but we still want it to work.

Thanks to @andresag01
2017-06-06 18:44:14 +02:00
Gilles Peskine
5d2511c4d4 SHA-1 deprecation: allow it in key exchange
By default, keep allowing SHA-1 in key exchange signatures. Disabling
it causes compatibility issues, especially with clients that use
TLS1.2 but don't send the signature_algorithms extension.

SHA-1 is forbidden in certificates by default, since it's vulnerable
to offline collision-based attacks.
2017-06-06 18:44:14 +02:00
Gilles Peskine
fd14bca6dc Document test data makefile 2017-06-06 18:44:14 +02:00
Gilles Peskine
4fa6bed0c6 X.509 tests: obey compile-time SHA-1 support option
There is now one test case to validate that SHA-1 is rejected in
certificates by default, and one test case to validate that SHA-1 is
supported if MBEDTLS_TLS_DEFAULT_ALLOW_SHA1 is #defined.
2017-06-06 18:44:14 +02:00
Gilles Peskine
62469d95e2 Allow SHA-1 in test scripts 2017-06-06 18:44:14 +02:00
Gilles Peskine
bc70a1836b Test that SHA-1 defaults off
Added tests to validate that certificates signed using SHA-1 are
rejected by default, but accepted if SHA-1 is explicitly enabled.
2017-06-06 18:44:14 +02:00
Gilles Peskine
2dc81a0cbc Test that X.509 verification rejects SHA-256 by default 2017-06-06 18:44:13 +02:00
Gilles Peskine
ef86ab238f Allow SHA-1 in X.509 and TLS tests
SHA-1 is now disabled by default in the X.509 layer. Explicitly enable
it in our tests for now. Updating all the test data to SHA-256 should
be done over time.
2017-06-06 18:44:13 +02:00
Gilles Peskine
f040a17604 Added SHA256 test certificates
With SHA-1 deprecation, we need a few certificates using algorithms in
the default support list. Most tests still use SHA-1 though.

The generation process for the new certificates is recorded in the makefile.
2017-06-06 18:44:13 +02:00
Hanno Becker
8435c381bd Remove use of size zero array in ECJPAKE test suite
The ECJPAKE test suite uses a size zero array for the empty password
used in the tests, which is not valid C. This commit fixes this.

This originally showed up as a compilation failure on Visual Studio
2015, documented in IOTSSL-1242, but can also be observed with GCC
when using the -Wpedantic compilation option.
2017-06-05 15:10:59 +01:00
Andres AG
a3b9adb6bd Add negative testing for mbedtls_pem_read_buffer() 2017-05-30 16:54:23 +01:00
Gilles Peskine
d50177fdf3 Fix FALLBACK_SCSV parsing
Fixed a bug in ssl_srv.c when parsing TLS_FALLBACK_SCSV in the
ciphersuite list that caused it to miss it sometimes. Reported by Hugo
Leisink as issue #810. Fix initially by @andreasag01; this commit
isolates the bug fix and adds a non-regression test.
2017-05-16 17:53:03 +02:00
Simon Butcher
9f77017a8d Updated version number to 2.5.0 2017-05-16 10:22:37 +01:00
Janos Follath
89baba2375 Add tests for the CA suppression option 2017-05-16 10:22:37 +01:00
Andres Amaya Garcia
d3f0f5e1c8 Fix check-doxy-blocks.pl to run from root dir
Modify tests/scripts/check-doxy-blocks.pl to ensure that:
  * It can only be run from the mbed TLS root directory.
  * An error code is returned to the environment when a potential error
    in the source code is found.
2017-05-12 00:16:50 +01:00
Andres AG
5c79d25d94 Add PK tests to avoid hashlen overflow for RSA 2017-05-11 21:58:25 +01:00
Manuel Pégourié-Gonnard
c1380de887 RSA PKCS1v1.5 verification: check padding length
The test case was generated by modifying our signature code so that it
produces a 7-byte long padding (which also means garbage at the end, so it is
essential in to check that the error that is detected first is indeed the
padding rather than the final length check).
2017-05-11 13:10:13 +02:00
Hanno Becker
4bcb4914c5 Abort modular inversion when modulus is one.
The modular inversion function hangs when provided with the modulus 1. This commit refuses this modulus with a BAD_INPUT error code. It also adds a test for this case.
2017-05-08 14:47:04 +01:00
Gilles Peskine
1cc8e3472a Send TLS alerts in many more cases
The TLS client and server code was usually closing the connection in
case of a fatal error without sending an alert. This commit adds
alerts in many cases.

Added one test case to detect that we send the alert, where a server
complains that the client's certificate is from an unknown CA (case
tracked internally as IOTSSL-1330).
2017-05-03 16:28:34 +02:00
Gilles Peskine
071db41627 Skip all non-executables in run-test-suites.pl
The script was blacklisting extensions. Rather than keep adding to the
extensions, whitelist executables.
2017-05-03 16:26:47 +02:00
Gilles Peskine
fd8332e15f SSL tests: server requires auth, client has no certificate
Added explicit test cases where the client has no certificate but the
server requires one.
2017-05-03 16:25:07 +02:00
Gilles Peskine
f93c7d3ab0 Support setting the ports on the command line
Added command line arguments --port and --proxy-port to choose the
ports explicitly instead of deriving them from the PID. This
facilitates debugging e.g. with Wireshark.
2017-04-26 16:41:55 +02:00
Hanno Becker
a4af1c47d2 Correct sign in modular exponentiation algorithm.
The modular exponentiation function  handled the sign incorrectly. This commit fixes this and a test case which should have caught it.
2017-04-18 09:07:45 +01:00
Andres AG
d1cc7f6f34 Fix buffer overflow in mbedtls_mpi_write_string()
Fix a buffer overflow when writting a string representation of an MPI
number to a buffer in hexadecimal. The problem occurs because hex
digits are written in pairs and this is not accounted for in the
calculation of the required buffer size when the number of digits is
odd.
2017-03-02 21:34:21 +00:00
Andres AG
99acfc4521 Fix failing pkparse test case
The first three test cases from test_suites_pkparse.data failed because
the key file they read requires DES to be read. However, MBEDTLS_DES_C
was missing from the dependency list.
2017-03-02 16:01:08 +00:00
Janos Follath
28fff14113 Add invalid key tests for curve SECP224K1
This curve has special arithmetic on 64 bit platforms and an untested
path lead to trying to free a buffer on the stack.

For the sake of completeness, a test case for a point with non-affine
coordinates has been added as well.
2017-02-28 18:41:39 +00:00
Janos Follath
ea7054a00c Add unit tests for X509 certificate date parsing 2017-02-28 14:23:12 +00:00
Simon Butcher
fc794ff2b7 Merge branch 'iotssl-1071-ca-flags'
Fixes a regression introduced by an earlier commit that modified
x509_crt_verify_top() to ensure that valid certificates that are after past or
future valid in the chain are processed. However the change introduced a change
in behaviour that caused the verification flags MBEDTLS_X509_BADCERT_EXPIRED and
MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in the
verification regardless of the cause.

The fix maintains both behaviours:

 * Ensure that valid certificates after future and past are verified
 * Ensure that the correct verification flags are set.
2017-02-27 19:06:05 +00:00
Simon Butcher
0278a38f10 Merge branch 'iotssl-1077-dos-crl'
Modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM
format with trailing characters after the footer does not result in the
execution of an infinite loop.
2017-02-26 01:16:02 +00:00
Simon Butcher
9cfdf2caa7 Merge branch 'development-restricted' 2017-02-15 23:55:22 +02:00
Andres Amaya Garcia
6a54336897 Fix integer overflows in buffer bound checks
Fix potential integer overflows in the following functions:
  * mbedtls_md2_update() to be bypassed and cause
  * mbedtls_cipher_update()
  * mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-15 23:31:07 +02:00
Andres AG
49d29337fa Add tests for overreads in pem_read_buffer() 2017-02-15 23:31:07 +02:00
Andres AG
13fb6e7271 Add DTLS test to check 6 byte record ctr is cmp
Add a test to ssl-opt.sh to ensure that in DTLS a 6 byte record counter
is compared in ssl_check_ctr_renegotiate() instead of a 8 byte one as in
the TLS case. Because currently there are no testing facilities to check
that renegotiation routines are triggered after X number of input/output
messages, the test consists on setting a renegotiation period that
cannot be represented in 6 bytes, but whose least-significant byte is 2.
If the library behaves correctly, the renegotiation routines will be
executed after two exchanged.
2017-02-15 23:26:35 +02:00
Simon Butcher
ba6aa63578 Fix all.sh test builds with recent glibc and clang
Fixes strict C99 builds in all.sh with glibc version >2.19 where platform support
wasn't being compiled in automatically.

Also fixes C99 syntax with armclang.
2017-02-15 23:25:08 +02:00
Simon Butcher
53716395b2 Clarify use of armcc in all.sh 2017-02-15 23:23:22 +02:00
Andres AG
0911f0880c Add -march argument to armc6 build tests 2017-02-15 23:23:22 +02:00