Commit graph

828 commits

Author SHA1 Message Date
Hanno Becker
a4af1c47d2 Correct sign in modular exponentiation algorithm.
The modular exponentiation function  handled the sign incorrectly. This commit fixes this and a test case which should have caught it.
2017-04-18 09:07:45 +01:00
Andres AG
d1cc7f6f34 Fix buffer overflow in mbedtls_mpi_write_string()
Fix a buffer overflow when writting a string representation of an MPI
number to a buffer in hexadecimal. The problem occurs because hex
digits are written in pairs and this is not accounted for in the
calculation of the required buffer size when the number of digits is
odd.
2017-03-02 21:34:21 +00:00
Andres AG
99acfc4521 Fix failing pkparse test case
The first three test cases from test_suites_pkparse.data failed because
the key file they read requires DES to be read. However, MBEDTLS_DES_C
was missing from the dependency list.
2017-03-02 16:01:08 +00:00
Janos Follath
28fff14113 Add invalid key tests for curve SECP224K1
This curve has special arithmetic on 64 bit platforms and an untested
path lead to trying to free a buffer on the stack.

For the sake of completeness, a test case for a point with non-affine
coordinates has been added as well.
2017-02-28 18:41:39 +00:00
Janos Follath
ea7054a00c Add unit tests for X509 certificate date parsing 2017-02-28 14:23:12 +00:00
Simon Butcher
fc794ff2b7 Merge branch 'iotssl-1071-ca-flags'
Fixes a regression introduced by an earlier commit that modified
x509_crt_verify_top() to ensure that valid certificates that are after past or
future valid in the chain are processed. However the change introduced a change
in behaviour that caused the verification flags MBEDTLS_X509_BADCERT_EXPIRED and
MBEDTLS_BADCERT_FUTURE to always be set whenever there is a failure in the
verification regardless of the cause.

The fix maintains both behaviours:

 * Ensure that valid certificates after future and past are verified
 * Ensure that the correct verification flags are set.
2017-02-27 19:06:05 +00:00
Simon Butcher
0278a38f10 Merge branch 'iotssl-1077-dos-crl'
Modifies the function mbedtls_x509_crl_parse() to ensure that a CRL in PEM
format with trailing characters after the footer does not result in the
execution of an infinite loop.
2017-02-26 01:16:02 +00:00
Andres Amaya Garcia
6a54336897 Fix integer overflows in buffer bound checks
Fix potential integer overflows in the following functions:
  * mbedtls_md2_update() to be bypassed and cause
  * mbedtls_cipher_update()
  * mbedtls_ctr_drbg_reseed()
This overflows would mainly be exploitable in 32-bit systems and could
cause buffer bound checks to be bypassed.
2017-02-15 23:31:07 +02:00
Andres AG
49d29337fa Add tests for overreads in pem_read_buffer() 2017-02-15 23:31:07 +02:00
Janos Follath
4c006cdb1c Update library version number to 2.4.1 2017-02-15 22:55:55 +02:00
Andres AG
342889fdbe Remove unused var warnings in windows unittests 2017-02-15 09:08:26 +00:00
Andres AG
9060d4da08 Fix generate_code.pl to handle escaped : 2017-02-02 14:38:13 +00:00
Andres AG
9f430c15d8 Add tests for out flags from x509_crt_verify_top()
The tests load certificate chains from files. The CA chains contain a
past or future certificate and an invalid certificate. The test then
checks that the flags set are MBEDTLS_X509_BADCERT_EXPIRED or
MBEDTLS_X509_BADCERT_FUTURE.
2017-01-20 13:52:01 +00:00
Andres AG
a39db394db Add test for infinite loop in CRL parse 2017-01-19 17:10:51 +00:00
Janos Follath
1808dc01bd Update library version number to 2.4.1 2016-12-13 16:00:52 +00:00
Andres AG
9c94b6951c Add tests for overreads in pem_read_buffer() 2016-11-21 11:03:40 +00:00
Andres AG
ea67eeb4e8 Remove unused var warnings in windows unittests 2016-11-10 17:22:12 +00:00
Simon Butcher
16c54ee9c8 Update library version number to 2.4.0 2016-10-16 19:34:39 +01:00
Simon Butcher
9800a058ae Merge branch 'development' 2016-10-13 17:25:56 +01:00
Simon Butcher
488c08c00b Merge branch fixing date validity in X.509 2016-10-13 16:13:09 +01:00
Janos Follath
f45dab1939 Fix global variable shadowing 2016-10-13 13:54:48 +01:00
Simon Butcher
6437b221a3 Fix stdio redirection memory leak in test suites 2016-10-13 13:54:48 +01:00
Janos Follath
e5dc202469 Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 13:54:48 +01:00
Janos Follath
d7b9049806 Fix memory leaks in CMAC tests 2016-10-13 13:53:56 +01:00
Andres AG
fe4db8f575 Fix memory leak in test_suite_cmac.function 2016-10-13 13:53:56 +01:00
Janos Follath
2d9c46767a Fix minor style issues in test framework 2016-10-13 13:53:13 +01:00
Simon Butcher
33388669ec Fix to test output in test suites
Fixes the test suites to consistently use mbedtls_fprintf to output to
stdout or stderr.

Also redirects output from the tests to /dev/null to avoid confusing
output if the test suite code or library outputs anything to stdout.
2016-10-13 13:53:13 +01:00
Simon Butcher
8739aa9403 Fix exit and formatting in CMAC test suite
Minor fixes following review.
2016-10-13 13:53:13 +01:00
Simon Butcher
c3db62fd51 Extend test coverage of CMAC
Expands tests to include NULL tests and successive calls to
mbedtls_cipher_cmac_update() and mbedtls_cipher_cmac_reset().
2016-10-13 13:53:13 +01:00
Simon Butcher
f394e09431 Clean up and minor fixes following review
Minor fixes following review including:
    * formatting changes including indentation and code style
    * corrections
    * removal of debug code
    * clarification of code through variable renaming
    * memory leak
    * compiler warnings
2016-10-13 13:51:12 +01:00
Simon Butcher
937fddbfcb Introduce a CMAC specific test suite 2016-10-13 13:51:11 +01:00
Andres AG
42547d0cf7 Set selftest verbose flag to boost coverage 2016-10-13 13:48:48 +01:00
Simon Butcher
1c8b33ad19 Merge branch 'development' 2016-10-13 13:40:41 +01:00
Janos Follath
e709f7c9e0 Fix global variable shadowing 2016-10-13 13:20:12 +01:00
Simon Butcher
e019296ab7 Fix stdio redirection memory leak in test suites 2016-10-13 10:03:08 +01:00
Janos Follath
ef44178474 Restore P>Q in RSA key generation (#558)
The PKCS#1 standard says nothing about the relation between P and Q
but many libraries guarantee P>Q and mbed TLS did so too in earlier
versions.

This commit restores this behaviour.
2016-10-13 00:25:07 +01:00
Janos Follath
99d09d2747 Fix memory leaks in CMAC tests 2016-10-12 15:32:54 +01:00
Andres AG
c4424c0a69 Fix memory leak in test_suite_cmac.function 2016-10-12 15:32:53 +01:00
Janos Follath
d444358247 Fix memory leaks in CMAC tests 2016-10-12 14:31:01 +01:00
Andres AG
8abc6b86f9 Fix memory leak in test_suite_cmac.function 2016-10-12 00:40:16 +01:00
Andres AG
e0af995f12 Add test for bounds in X509 DER write funcs 2016-10-11 14:07:48 +01:00
Janos Follath
8ca53b51c5 Fix minor style issues in test framework 2016-10-11 12:25:34 +01:00
Simon Butcher
2573136fa8 Fix to test output in test suites
Fixes the test suites to consistently use mbedtls_fprintf to output to
stdout or stderr.

Also redirects output from the tests to /dev/null to avoid confusing
output if the test suite code or library outputs anything to stdout.
2016-10-11 12:25:34 +01:00
Simon Butcher
bd8d221920 Fix exit and formatting in CMAC test suite
Minor fixes following review.
2016-10-11 12:25:04 +01:00
Simon Butcher
33183fd408 Extend test coverage of CMAC
Expands tests to include NULL tests and successive calls to
mbedtls_cipher_cmac_update() and mbedtls_cipher_cmac_reset().
2016-10-11 12:25:04 +01:00
Simon Butcher
69283e51d5 Clean up and minor fixes following review
Minor fixes following review including:
    * formatting changes including indentation and code style
    * corrections
    * removal of debug code
    * clarification of code through variable renaming
    * memory leak
    * compiler warnings
2016-10-06 12:49:58 +01:00
Simon Butcher
d812fa69d9 Introduce a CMAC specific test suite 2016-10-05 14:19:18 +01:00
Andres AG
4b76aecaf3 Add check for validity of date in x509_get_time() 2016-09-28 14:32:54 +01:00
Andres AG
93012e8bce Set selftest verbose flag to boost coverage 2016-09-27 17:29:22 +01:00
Simon Butcher
b7f45c54a7 Fixes for entropy test suite for some configurations
Changes to allow the entropy tests to work for configurations without an
entropy seed file (MBEDTLS_ENTROPY_NV_SEED), and with no entropy sources
configured (MBEDTLS_TEST_NULL_ENTROPY).
2016-09-15 18:42:26 +01:00