ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-07-22 17:25:38 +08:00
Code Issues Releases Wiki Activity
20,509 Commits 173 Branches 272 Tags
Commit Graph

6853 Commits

Author SHA1 Message Date
Neil Armstrong
5ea65173fb Rm useless use of MD in ECDSA test functions 
We had a message in the data file, and were computing its hash in the
test function. It is more efficient (and simpler when it comes to
dependencies) to directly have the message hash in the data file.

It was probably this way because some test vectors provide the message
for the sake of all-in-one implementation that hash-and-sign at once.
But our API gets a hash as the input and signs it. In unit tests, this
should be reflected in the signature of the test function, which should
take a hash as input.

The changes to the .data file were done using the following python
script:

import hashlib

suite = 'ecdsa'

functions = {
        'ecdsa_det_test_vectors': (3, 4),
        'ecdsa_write_restart': (3, 4),
}

def hash_ctx(s):
    if s == 'MBEDTLS_MD_MD5':
        return hashlib.md5()
    if s == 'MBEDTLS_MD_SHA1':
        return hashlib.sha1()
    if s == 'MBEDTLS_MD_SHA224':
        return hashlib.sha224()
    if s == 'MBEDTLS_MD_SHA256':
        return hashlib.sha256()
    if s == 'MBEDTLS_MD_SHA384':
        return hashlib.sha384()
    if s == 'MBEDTLS_MD_SHA512':
        return hashlib.sha512()

def fix(l):
    parts = l.rstrip().split(":")

    fun = parts[0]
    if fun not in functions:
        return l

    (alg_idx, msg_idx) = functions[fun]

    alg_str = parts[alg_idx]
    if alg_str == "MBEDTLS_MD_NONE":
        return l
    h = hash_ctx(alg_str)

    msg_str = parts[msg_idx][1:-1]
    h.update(msg_str.encode('ascii'))
    msg_hash = h.hexdigest()
    msg_hash_str = '"' + msg_hash.upper() + '"'

    parts[msg_idx] = msg_hash_str
    return ":".join(parts) + '\n'

filename = 'tests/suites/test_suite_' + suite + '.data'
with open(filename) as f:
    lines = f.readlines()

lines = [fix(l) for l in lines]

with open(filename, 'w') as f:
    f.writelines(lines)

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-19 21:03:29 +02:00
Ronald Cron
d5b1eb51db
Merge pull request #6078 from yuhaoth/pr/add-tls13-paser-psk-kex-mode-ext 
TLS 1.3: PSK: Add parser of psk kex mode ext on server side
 2022-07-18 11:34:24 +02:00
Jerry Yu
c52e3bd93b Improve comment 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-14 10:49:47 +08:00
Jerry Yu
299e31f10e fix various issue 
- remove unused test case
- add alert message
- improve readabitlity

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-13 23:06:36 +08:00
Paul Elliott
81c69b547a Revert "Revert "Revert "Add generated files for 3.2.0 release""" 
This reverts commit 185d24ba0ee032324802f91366bfe1dd29d26d4a.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-12 11:29:34 +01:00
Jerry Yu
fe52e55301 redirect stderr output in ubuntu22.04 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-12 09:53:37 +00:00
Jerry Yu
e36397d13b add tests for psk_key_exchange_mode 
To confirm, psk_key_exchange_modes were received and
parsed.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-12 09:53:36 +00:00
Paul Elliott
cd08ba0326 Bump version to 3.2.1 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-12 10:51:55 +01:00
Dave Rodgman
185d24ba0e Revert "Revert "Add generated files for 3.2.0 release"" 
This reverts commit 7adb8cbc0ea0bda539b4d1e9aaf9334bf965c8ec.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-12 10:51:44 +01:00
Paul Elliott
7adb8cbc0e Revert "Add generated files for 3.2.0 release" 
This reverts commit cb21f2eab302b6661405c502ee92f8b8a1f41ae4.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 18:18:30 +01:00
Paul Elliott
cb21f2eab3 Add generated files for 3.2.0 release 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 13:56:01 +01:00
Paul Elliott
20362cd1ca Bump library and so versions for 3.2.0 release 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 13:56:01 +01:00
Paul Elliott
9a8d78419f Fixup test tls13_server_certificate_msg_invalid_vector_len 
The parameters for init_handshake_options had changed on the development
branch after this test was created, so fixing up this test in order to
correct build failures after merge.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 11:34:14 +01:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Paul Elliott
6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash 
Fix DTLS 1.2 session resumption
 2022-07-06 15:03:36 +01:00
Paul Elliott
826762e315
Merge pull request #5765 from leorosen/fix-some-resource-leaks 
Fix resource leaks
 2022-07-05 23:12:02 +01:00
Dave Rodgman
c6a4a1cc13
Merge pull request #6011 from gabor-mezei-arm/coverity_22_07_01 
Fix uninitialised memory access in test
 2022-07-05 13:59:34 +01:00
Andrzej Kurek
ddb8cd601d test_suite_ssl: Fix handshake options cleanup 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 16:07:28 -04:00
Andrzej Kurek
9dc4402afa test_suite_ssl: zeroize the cache pointer in case if the struct memory gets reused 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:40:15 -04:00
Andrzej Kurek
1e085686ec test_suite_ssl: remove unnecessary user data checks 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:40:09 -04:00
Andrzej Kurek
3d0d501517 test_suite_ssl: prefer ASSERT_ALLOC over malloc 
Fix formatting for option initialization
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:39:34 -04:00
Andrzej Kurek
92d7417d89 Formatting fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek
e11acb2c9b test_suite_ssl: add proper cache cleanup 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek
e8ad0d7d42 Disable bad session id length test in TLS 1.3 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek
456a109edb test_suite_ssl: add required dependencies for default handshake parameters 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek
6e518ab086 test_suite_ssl: add missing options cleanup 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek
ed58b50ea6 test_suite_ssl: add missing MBEDTLS_SSL_SERVER_C dependency 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek
626a931bb9 test_suite_ssl: Add missing arguments in endpoint initialization 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Andrzej Kurek
514683abdc Add a test with a bad session_id_len that makes cache setting fail 
Force a bad session_id_len before handshake wrapup. This should
result in a forced jump to a clean up of a serialized session.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:18:29 -04:00
Andrzej Kurek
780dc18f74 Refactor test_suite_ssl tests to enable cache setting 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:18:28 -04:00
Manuel Pégourié-Gonnard
4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection 
Permissions 2a: TLS 1.2 ciphersuite selection
 2022-07-04 12:37:02 +02:00
Paul Elliott
41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf 
Turn off stdio buffering with setbuf()
 2022-07-04 10:12:22 +01:00
Ronald Cron
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk 
Refactor signature algorithm chooser
 2022-07-04 09:10:08 +02:00
Neil Armstrong
6931e439e4 Fix Handshake select ECDH-RSA- test dependencies 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 18:30:10 +02:00
Paul Elliott
bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints 
Add accessors to config DN hints for cert request
 2022-07-01 17:23:14 +01:00
Neil Armstrong
c67e6e96f8 Depends on MBEDTLS_X509_REMOVE_INFO disable for double Opaque keys test requiring cert infos to determine selected key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 15:48:10 +02:00
Gabor Mezei
dc3f3bb8b1
Initilize variable 
Coverity scan detected a problem of an uinitilized variable.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-07-01 15:06:34 +02:00
Jerry Yu
7ac0d498de remove force_version for client 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-01 19:29:30 +08:00
Manuel Pégourié-Gonnard
790ab52ee0
Merge pull request #5962 from gilles-peskine-arm/storage-format-doc-202206 
Documentation about storage format compatibility
 2022-07-01 12:21:17 +02:00
Jerry Yu
52b7d923fe fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-01 18:12:44 +08:00
Neil Armstrong
7999cb3896 Remove auth_mode=required and client crt_file/key_file when testing server authentication 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 09:51:33 +02:00
Neil Armstrong
4b10209568 Use different certs for double opaque keys and check certificate issuer CN 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 09:48:09 +02:00
Neil Armstrong
1948a20796 Cleanup Order & Title of Opaque TLS tests, fix RSA- test definition 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 18:05:57 +02:00
Gilles Peskine
6497b5a1d1 Add setbuf platform function 
Add a platform function mbedtls_setbuf(), defaulting to setbuf().

The intent is to allow disabling stdio buffering when reading or writing
files with sensitive data, because this exposes the sensitive data to a
subsequent memory disclosure vulnerability.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 17:01:40 +02:00
Ronald Cron
cb67e1a890
Merge pull request #5917 from gilles-peskine-arm/asn1write-0-fix 
Improve ASN.1 write tests
 2022-06-30 15:42:16 +02:00
Neil Armstrong
167d82c4df Add dual keys Opaque ssl-opt tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 11:32:00 +02:00
Neil Armstrong
36b022334c Reorganize Opaque ssl-opt tests, pass key_opaque_algs=, add less wrong negative server testings 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 11:16:53 +02:00
Neil Armstrong
b2c3b5be2d Fix depends on handshake_ciphersuite_select tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 10:49:04 +02:00
Neil Armstrong
db13497490 Reorganize & add more handshake_ciphersuite_select to test all MBEDTLS_KEY_EXCHANGE_XXX cases 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 09:06:28 +02:00
Paul Elliott
f6a56cf5ff
Merge pull request #939 from ronald-cron-arm/tls13-add-missing-overread-check 
TLS 1.3: Add missing overread check
 2022-06-29 17:01:14 +01:00