cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-28 16:03:36 -04:00
Code Issues Packages Projects Releases Wiki Activity
31,231 Commits 7 Branches 115 Tags
Commit Graph

31231 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
b6bf370159 Assert that key ID ranges don't overlap 
Ensure that a key ID can't be in range for more than one of volatile keys,
persistent (i.e. user-chosen) keys or built-in keys.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-07-17 12:21:21 +02:00
Gilles Peskine
543909d894 Add a test for the built-in key range 
Restricting the built-in key range would be an API break since applications
can hard-code a built-in key value and expect that it won't clash with
anything else. Make it harder to accidentally break the API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-07-17 12:21:21 +02:00
Gilles Peskine
d72ad738bd Prevent mbedtls_psa_register_se_key with volatile keys 
mbedtls_psa_register_se_key() is not usable with volatile keys, since there
is no way to return the implementation-chosen key identifier which would be
needed to use the key. Document this limitation. Reject an attempt to create
such an unusable key. Fixes #9253.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-07-17 12:21:21 +02:00
Gilles Peskine
86c603702e Reorder blocks to avoid double negations 
Convert `#if !... A #else B #endif` to `#if ... B #else A`. No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-07-17 12:21:21 +02:00
Gilles Peskine
4804847b15 Make it possible to enable CTR_DRBG/PSA without a PSA AES driver 
Make it possible, but not officially supported, to switch the CTR_DRBG
module to PSA mode even if MBEDTLS_AES_C is defined. This is not really
useful in practice, but is convenient to test the PSA mode without setting
up drivers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-07-17 12:21:21 +02:00
Gilles Peskine
cd693c36fd MBEDTLS_STATIC_ASSERT: make it work outside of a function 
At the top level, the macro would have had to be used without a following
semicolon (except with permissive compilers that accept spurious semicolons
outside of a function), which is confusing to humans and indenters. Fix
that.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-07-17 12:21:21 +02:00
Sam Berry
602550162c Add TLS: password protected... to ignored_tests list 
Signed-off-by: Sam Berry <sam.berry@arm.com>
 2024-07-17 10:03:40 +01:00
Sam Berry
e2720447b6 Reverted requires_cipher_enabled AES 
Signed-off-by: Sam Berry <sam.berry@arm.com>
 2024-07-17 10:02:34 +01:00
Sam Berry
e7e5c7e4c1 Changed some tests to use requires_cipher_enabled 
I expect some will still skip due to `MBEDTLS_CIPHER_MODE_CBC` being unset.

Signed-off-by: Sam Berry <sam.berry@arm.com>
 2024-07-17 10:02:34 +01:00
Sam Berry
06b91be210 Added support for MD5 in requires_hash_alg 
Signed-off-by: Sam Berry <sam.berry@arm.com>
 2024-07-17 10:02:34 +01:00
Gilles Peskine
71a0e8c2cd
Merge pull request #9398 from davidhorstmann-arm/upgrade-python-dependencies-3.6 
[Backport 3.6] Upgrade python dependencies in requirements file
 2024-07-15 18:16:11 +00:00
David Horstmann
4e7ca644ce Upgrade python dependencies in requirements file 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-15 16:35:50 +01:00
Gilles Peskine
89a48ce267
Merge pull request #9392 from valeriosetti/backport-fix-psa_key_derivation_verify_bytes 
[Backport 3.6] psa: fix parameters' names of psa_key_derivation_verify_bytes()
 2024-07-15 11:01:01 +00:00
Tomás González
1fb69a9e91 tests/ssl_helpers: Check that message queue is popped 
mbedtls_test_mock_tcp_recv_msg is currently popping a message
queue and does not check if this was done correctly.

This extra check makes the test more complete/robust.

Signed-off-by: Tomás González <tomasagustin.gonzalezorlando@arm.com>
 2024-07-15 11:07:38 +01:00
Valerio Setti
d30cc09bc7 psa: fix parameters' names of psa_key_derivation_verify_bytes() 
PSA buffers and their length should follow a pattern for which
the latter is named after the former as <buffer_name>_length,
but this was not the case for psa_key_derivation_verify_bytes().

This makes life of crypto.h parsers (for automatic code generation)
harder. This commit aims at solving this problem.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-07-15 07:23:09 +02:00
Wenxing Hou
848bccf1ce Fix some typo for include folder 
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
 2024-07-12 11:38:53 +03:00
Michael Grand (TrustnGo)
83da5abdd6 Fix typo in platform_util.c 
Fix a typo in a conditional include.

Signed-off-by: Michael Grand (TrustnGo) <m.grand@trustngo.tech>
 2024-07-11 17:31:22 +03:00
Ronald Cron
71ff969ca2
Merge pull request #9383 from ronald-cron-arm/move-mbedtls-crypto-modules-3.6 
[Backport 3.6] Backport of the framework submodule update in PR 9340
 2024-07-10 15:09:48 +00:00
Ronald Cron
eebe477c3f Update framework submodule 
Update framework submodule as
in PR 9340 against development.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-07-10 12:18:22 +02:00
Gilles Peskine
3e419b06da
Merge pull request #9375 from davidhorstmann-arm/move-test-data-files-to-framework-3.6 
[Backport 3.6] Move test data files to framework
 2024-07-09 12:47:05 +00:00
Ronald Cron
dda4382f22 Update the framework submodule to the merge of PR18 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-07-09 09:04:31 +02:00
David Horstmann
55e4c36f55 Update framework submodule 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-08 15:36:48 +01:00
David Horstmann
77074905bb Update generated tls13 testcase script 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-08 15:36:48 +01:00
David Horstmann
d762d94dfb Move variable into generated bash 
Move the DATA_FILES_PATH_VAR variable into the generated bash rather
than only variablising it in the python that generates the test script.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-08 15:36:48 +01:00
David Horstmann
316beb349d Simplify path in audit-validity-dates.py 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-08 15:36:48 +01:00
David Horstmann
72edc66437 Simplify data_files path in compat test generation 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-08 15:36:48 +01:00
David Horstmann
5ab92be10a Use variable for data_files path in ssl-opt.sh 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-08 15:36:48 +01:00
David Horstmann
79c8a65be3 Replace data_files path with variable in compat.sh 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-08 15:36:48 +01:00
David Horstmann
7d0e5d20ab Correct redundant framework/../framework paths 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-08 15:36:48 +01:00
David Horstmann
3e00faf166 Fix line-too-long in generate_tls13_compat_tests.py 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-08 15:36:48 +01:00
David Horstmann
5282ecddaa Update directory-climbing path in context-info.sh 
A path containing '../../' was defined in relation to a directory in the
tests/data_files directory. Since this has been moved to
framework/data_files, we must update the path to refer correctly to the
same location as before.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-08 15:36:48 +01:00
David Horstmann
9c4dd4ee6f Update paths pointing to tests/data_files 
These now point to framework/data_files instead.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-08 15:36:46 +01:00
David Horstmann
099f49230c Move some files to framework repository 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-08 15:33:58 +01:00
Gilles Peskine
422a276c5e
Merge pull request #9045 from Troy-Butler/handle-null-args 
[Backport 3.6] Fix NULL argument handling in mbedtls_xxx_free() functions
 2024-07-04 14:50:59 +00:00
Gilles Peskine
41204b86d8
Merge pull request #9272 from sezrab/silence-3.6 
[Backport 3.6] Silence gcc 12.2.0 warning
 2024-07-04 14:49:41 +00:00
Gilles Peskine
c03041844b
Merge pull request #9341 from gilles-peskine-arm/psa_cipher_decrypt-ccm_star-iv_length_enforcement-3.6 
Backport 3.6: psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes
 2024-07-04 14:39:29 +00:00
Gilles Peskine
acef7b3894
Merge pull request #9132 from andre-rosa/check-overflow-when-reading-padding-len-on-aes-128-cbc-decryption-for-mbedtls-3.6 
Backport 3.6: Add invalid `padding_len` check in `get_pkcs_padding`
 2024-07-03 14:41:17 +00:00
Ronald Cron
e2ae1b44f1
Merge pull request #9301 from gilles-peskine-arm/test_suite_config-booleans-3.6 
Backport 3.6: Report configuration settings in the outcome file
 2024-07-03 13:10:18 +00:00
Gilles Peskine
b47c3b3111 psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes 
Credit to Cryptofuzz. Fixes #9314.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-07-03 09:42:35 +02:00
Sam Berry
f231386f7f Corrected header line of analyze_driver_vs_reference 
The header line said “driver vs reference” whereas the error line said
“reference -> driver”. Updated the header line to be consistent with the
error line.

Signed-off-by: Sam Berry <sam.berry@arm.com>
 2024-07-02 15:10:58 +01:00
Gilles Peskine
4e69485b65 Update framework after merge of #28 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-07-01 15:31:40 +02:00
Gilles Peskine
c7d9b2b586 psa_open_key does not lock the key in memory 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-24 18:31:37 +02:00
Gilles Peskine
3343e78655 Document the key store design 
Include the proposed dynamic and fully-static key stores that are
currently proposed in https://github.com/Mbed-TLS/mbedtls/pull/9240
and https://github.com/Mbed-TLS/mbedtls/pull/9302

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-24 16:59:45 +02:00
Tom Cosgrove
71b58180cd
Merge pull request #9273 from eleuzi01/backport-8389 
[Backport 3.6] Use CMAKE_C_SIMULATE_ID when available to determine compiler
 2024-06-24 11:28:37 +00:00
Paul Elliott
9bfe69a815
Merge pull request #9274 from eleuzi01/backport-9250 
[Backport 3.6] Fix compiler warnings in test_suite_pk.function
 2024-06-24 10:40:49 +00:00
Manuel Pégourié-Gonnard
087d007040
Merge pull request #9305 from valeriosetti/issue9126-backport 
[Backport 3.6] Do not perform adjustments on legacy crypto from PSA, when MBEDTLS_PSA_CRYPTO_CLIENT && !MBEDTLS_PSA_CRYPTO_C
 2024-06-24 07:30:36 +00:00
Valerio Setti
3b665626e8 changelog: add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-06-21 13:40:16 +02:00
Valerio Setti
3153ae47a9 config_psa: do not update legacy symbols in client-only PSA build 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-06-21 13:40:16 +02:00
Gilles Peskine
a9a2c73b7e Update generate_config_tests.py 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-21 00:01:20 +02:00
Gilles Peskine
112673f106 Add some missing handling for generated test_suite_config.*.data 
Fixes the files not being generated in the build tree.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-21 00:01:20 +02:00