cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-13 17:15:25 -04:00
Code Issues Packages Projects Releases Wiki Activity
18,410 Commits 7 Branches 115 Tags
Commit Graph

18410 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
3a11771bae Pacify pylint 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-08 11:17:09 +02:00
Gilles Peskine
e008890afa Update generated files 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-07 19:20:34 +02:00
Gilles Peskine
937b91eb6f Fix boolean options in the wrong section 
Boolean options that modify the behavior of a module are supposed to be in
the "feature support" section, not in the "configuration options" support:
that section is documented to contain commented-out definitions with a
value, for which the comment contains the default version. In particular,
merely uncommenting a definition in the "configuration options" section is
not supposed to change anything.

Move the offending boolean options to the proper section.

This causes those options to be enabled by `config.py full` unless
explicitly excluded. For the moved options:

* Everest is already explicitly excluded.
* The ALT options need to link against a custom function, so exclude them.
* `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE` is ok for testing, and is
  currently never tested in `all.sh`. With this commit, we will now test the
  library with it enabled in configurations based on `full`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-07 17:40:16 +02:00
Yanray Wang
4b0b97e18b pkwrite: zeroize buf containing info of private key 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-06 10:36:17 +08:00
Yanray Wang
c9d5ea9a9c pkwrite.c: write ChangeLog accurately 
The heap memory is used for both RSA and EC keys. So removing `RSA`
in the ChangeLog.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-06 10:32:44 +08:00
Yanray Wang
b59b7c643b pkwrite.c: call calloc and free properly 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-06 10:32:35 +08:00
Yanray Wang
79873bcf56 pkwrite: add Changelog entry 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-06 10:32:22 +08:00
Yanray Wang
a8f00508fe pkwrite.c: add a cleanup label to save code size 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-06 10:32:04 +08:00
Yanray Wang
7bbca1363f pkwrite.c: save stack usage for pk_write_key_pem 
mbedtls_pk_write_key_pem would allocate 5679 bytes in writing a DER
encoded RSA private key. To save stack usage significantly, we use
heap memory instead.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-06 10:30:36 +08:00
Yanray Wang
217416a76e pkwrite.c: save stack usage for pk_write_pubkey_pem 
mbedtls_pk_write_pubkey_pem would allocate 2086 bytes in writing a DER
encoded RSA public key. To save stack usage significantly, we use
heap memory instead.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-09-06 10:28:09 +08:00
Gilles Peskine
f0accf28ea
Merge pull request #1054 from waleed-elmelegy-arm/backport-add-new-pkcs5-pbe2-ext-fun 
Backport 2.28: Add new pkcs5 pbe2 ext fun
 2023-09-05 18:52:21 +02:00
Dave Rodgman
06c466d869
Merge pull request #8158 from tom-cosgrove-arm/rename-assert_compare-to-test_assert_compare-2.28 
Backport 2.28: Rename test macros ASSERT_COMPARE(), ASSERT_ALLOC() and ASSERT_ALLOC_WEAK()
 2023-09-05 10:18:39 +00:00
Tom Cosgrove
5c46332184
Merge pull request #8146 from tom-cosgrove-arm/define-psa-macros-to-1-2.28 
Backport 2.28: Define all PSA_xxx macros to 1 rather than have them empty, for consistency
 2023-09-04 22:26:54 +01:00
Waleed Elmelegy
525e355563 Change pkcs5 test dependencies from MBEDTLS_SHA1_C to MBEDTLS_MD_CAN_SHA1 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-04 18:20:32 +01:00
Waleed-Ziad Maamoun-Elmelegy
09f0a97d74 Fix typo in pkcs5.c 
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-04 18:02:14 +01:00
Waleed Elmelegy
d2a03cb6b8 Fix mbedtls_pkcs5_pbes test function failure 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-04 18:01:42 +01:00
Waleed Elmelegy
dffb1e3d66 Improve mbedtls_pkcs5_pbes2_ext changelog description 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-04 17:57:23 +01:00
Waleed Elmelegy
dcad168acf Improve mbedtls_pkcs5_pbes2_ext function test data 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-04 17:56:39 +01:00
Waleed Elmelegy
7aeb6e7610 Add changelog entry for new mbedtls_pkcs5_pbe2_ext function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-04 17:52:15 +01:00
Waleed Elmelegy
7d8f95b4e2 Improve mbedtls_pkcs5_pbes2_ext function signature comments 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-04 17:50:53 +01:00
Waleed Elmelegy
d4e57c3623 Fix unused parameters warnings when MBEDTLS_CIPHER_PADDING_PKCS7 is disabled 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-04 17:50:18 +01:00
Waleed Elmelegy
23ae41626c Fix heap overflow issue in pkcs5_pbes2 testing functions 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-04 17:47:09 +01:00
Waleed Elmelegy
b66cb65410 Add new mbedtls_pkcs5_pbe2_ext function 
Add new mbedtls_pkcs5_pbe2_ext function to replace old
function with possible security issues.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-04 17:46:26 +01:00
Gilles Peskine
894258f03c ssl-opt.sh doesn't actually use OPENSSL_LEGACY: remove unused function 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-04 15:47:37 +02:00
Gilles Peskine
9bb5d495e8 Detect GnuTLS support for TLS-RSA-WITH-NULL-SHA256 
TLS-RSA-WITH-NULL-SHA256, like other SHA256-based cipher suites, was first
introduced in TLS 1.2. Mbed TLS accepts it in earlier protocol versions as
well. This is technically a bug, which older versions of GnuTLS also have.
GnuTLS 3.4.7 fixed this bug. Adapt compat.sh to automatically omit
TLS-RSA-WITH-NULL-SHA256 in invalid protocol versions if GnuTLS doesn't
support it. It's already not included in invalid protocol versions in
OpenSSL interoperability testing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-04 15:47:17 +02:00
Tom Cosgrove
a240fe3c19 Fix code style 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-04 11:29:39 +01:00
Tom Cosgrove
ba3b14dad9 For tests, rename TEST_BUFFERS_EQUAL() to TEST_MEMORY_COMPARE() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-04 11:23:02 +01:00
Tom Cosgrove
cd5a7c76f2 Rename the length argument to TEST_CALLOC() to be the more accurate item_count 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-04 11:20:39 +01:00
Tom Cosgrove
30ceb23f3e For tests, rename TEST_CALLOC_OR_FAIL() to just TEST_CALLOC() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-04 11:20:19 +01:00
Tom Cosgrove
20e27de0bb For tests, rename ASSERT_ALLOC_WEAK() to TEST_CALLOC_OR_SKIP() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-04 11:09:08 +01:00
Tom Cosgrove
1357502bca For tests, rename ASSERT_ALLOC() to TEST_CALLOC_OR_FAIL() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-04 11:05:59 +01:00
Tom Cosgrove
f88ee8b007 For tests, rename ASSERT_COMPARE() to TEST_BUFFERS_EQUAL() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-04 11:04:40 +01:00
Dave Rodgman
9302684155
Merge pull request #8145 from tom-cosgrove-arm/check-mbedtls_platform_zeroize-calls-2.28 
Backport 2.28: Check mbedtls_platform_zeroize() calls
 2023-09-03 11:22:03 +00:00
Tom Cosgrove
5ffb19741d config-wrapper-zeroize-memset.h should be user-config-zeroize-memset.h and not include mbedtls_config.h 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-01 14:44:11 +01:00
Tom Cosgrove
95b5d79cbf Move the description of MBEDTLS_TEST_DEFINES_ZEROIZE to before its use 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-01 14:44:09 +01:00
Tom Cosgrove
7f18f44053 Move zeroize-as-memset into a config file under tests/ 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-01 14:43:48 +01:00
Tom Cosgrove
73285cc075 Define all PSA_xxx macros to 1 rather than have them empty, for consistency 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-01 13:07:39 +01:00
Tom Cosgrove
5117062bb6 Add a build to all.sh to check mbedtls_platform_zeroize() calls 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-01 11:24:27 +01:00
Tom Cosgrove
f7829b099d Fix incorrect use of mbedtls_platform_zeroize() in tests 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-01 11:24:27 +01:00
Tom Cosgrove
43210b56f3 Add the ability to verify mbedtls_platform_zeroize() calls with -Wsizeof-pointer-memaccess 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-01 11:24:27 +01:00
Paul Elliott
12a2bfc970
Merge pull request #8096 from davidhorstmann-arm/2.28-initialize-struct-get-other-name 
[Backport 2.28] Coverity fix: Set `type_id` in `x509_get_other_name()`
 2023-08-31 14:10:06 +00:00
Gilles Peskine
4ee11a074f
Merge pull request #8132 from davidhorstmann-arm/2.28-fix-unnecessary-include-prefixes 
[Backport 2.28] Fix unnecessary header prefix in tests
 2023-08-31 07:32:29 +00:00
Gilles Peskine
e6771ed9de
Merge pull request #8128 from yanrayw/2.28-7094-collect-compatsh-test-cases 
Backport 2.28: check_test_cases.py: support to collect test cases for compat.sh
 2023-08-31 07:30:21 +00:00
David Horstmann
1804a15342 Fix unnecessary header prefix in tests 
Remove unnecessary "../library" prefix from test suite include. This
aligns the test suite with the development branch

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-08-30 15:48:30 +01:00
Yanray Wang
930cbeeb5b check_test_cases: add a comment to explain idx in walk_compat_sh 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-08-30 18:33:47 +08:00
Yanray Wang
b2cd07ce09 compat: list all test cases properly 
When calling `add_xxx_ciphersuites`, we have to set MODE properly.
This commit adjusts order to address this issue in list_test_case
which matches what we do in a normal execution.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-08-30 13:44:54 +08:00
Yanray Wang
8aba83bf22 compat.sh: return $? in option --list-test-case to handle error case 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-08-30 11:41:37 +08:00
Yanray Wang
67fe2644ae check_test_cases.py: do not redirect stderr to stdout 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-08-30 11:41:28 +08:00
Yanray Wang
8844844582 check_test_cases.py: use check_output to capture error and return 
This commit includes:
 - use subprocess.check_output to report error and capture return
   value
 - add comment as a reminder for option --list-test-case

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-08-30 11:41:18 +08:00
Yanray Wang
9412a46ab6 check_test_cases.py: simplify how to store test case description 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-08-30 11:40:53 +08:00