cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-03 10:34:16 -04:00
Code Issues Packages Projects Releases Wiki Activity
22,387 Commits 7 Branches 115 Tags
Commit Graph

22387 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
4bb369c4eb Always enable MBEDTLS_TEST_HOOKS in TLS 1.3-only test configurations 
MBEDTLS_TEST_HOOKS is not supposed to change the behavior of the library, so
it's generally good to have it on in functional tests.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-29 17:48:20 +02:00
Nick Child
5f39767495 pkcs7: Fix imports 
Respond to feedback about duplicate imports[1] and new import style [2].

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r991355485
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#pullrequestreview-1138745361
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-10-28 12:38:41 -05:00
Nick Child
bb82ab764f pkcs7: Respond to feeback on parsing logic 
After recieving review on the pkcs7 parsing functions, attempt
to use better API's, increase consisitency and use better
documentation. The changes are in response to the following
comments:
 - use mbedtls_x509_crt_parse_der instead of mbedtls_x509_crt_parse [1]
 - make lack of support for authenticatedAttributes more clear [2]
 - increment pointer in pkcs7_get_content_info_type rather than after [3]
 - rename `start` to `p` for consistency in mbedtls_pkcs7_parse_der [4]

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992509630
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992562450
[3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992741877
[4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992754103

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-10-28 12:28:54 -05:00
Glenn Strauss
7db3124c00 Skip asn1 zeroize if freeing shallow pointers 
This skips zeroizing additional pointers to data.
(Note: actual sensitive data should still be zeroized when freed.)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-10-28 12:51:35 -04:00
Glenn Strauss
a4b4041219 Shared code to free x509 structs 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-10-28 12:51:35 -04:00
Nick Child
73621ef0f0 pkcs7: Improve verify logic and rebuild test data 
Various responses to feedback regarding the
pkcs7_verify_signed_data/hash functions. Mainly, merge these two
functions into one to reduce redudant logic [1]. As a result, an
identified bug about skipping over a signer is patched [2].

Additionally, add a conditional in the verify logic that checks if
the given x509 validity period is expired [3]. During testing of this
conditional, it turned out that all of the testing data was expired.
So, rebuild all of the pkcs7 testing data to refresh timestamps.

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r999652525
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r997090215
[3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967238206
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-10-28 11:24:25 -05:00
Dave Rodgman
b3166f4b2f Update Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-28 11:39:04 +01:00
Dave Rodgman
d7dfc0922e Update Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-28 11:38:05 +01:00
Dave Rodgman
169ae4f528 Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-28 11:24:29 +01:00
Ronald Cron
04e2133f45
Merge pull request #6482 from ronald-cron-arm/tls13-misc 
TLS 1.3: Update documentation for the coming release and misc
 2022-10-28 11:09:03 +02:00
Dave Rodgman
f00466e2e0 Build fix - remove line of dead code 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-28 09:22:28 +01:00
Jerry Yu
c3a7fa386e Update output message when certification verified fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-28 12:38:33 +08:00
Jerry Yu
ad9e99bd2e fix session resumption fail when hostname is not localhost 
Change-Id: Icb2f625bb11debb5c7cae36e34d7270f7baae4d5
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-28 12:30:58 +08:00
Yanray Wang
eaf46d1291 Add output of build version in ssl_server2 
Usage:
- By default, build version is printed out in the beginning of
ssl_server2 application.
- ./ssl_server2 build_version=1 only prints build verison and stop

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2022-10-28 10:53:50 +08:00
Yanray Wang
84645e92c6 Simplify code of adding output in ssl_client2 
- print build version macro defined in build_info.h directly
- Remove all the MBEDTLS_VERSION_C guards as build version
  information is always available in build_info.h

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2022-10-28 10:53:22 +08:00
Minos Galanakis
0c61a749b7 test_suite_bignum_mod_raw: Removed parameter for mbedtls_mpi_mod_modulus_setup() 
This patch updates the tests `mpi_mod_raw_cond_swap()` &
`mpi_mod_raw_cond_assign()` to use a non-zero modulus
when invoking `mbedtls_mpi_mod_modulus_setup()`

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-28 00:11:19 +01:00
Dave Rodgman
ce48c92c6c Credit Cryptofuzz in the changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 20:37:23 +01:00
Dave Rodgman
5d13e5e568 Improve changelog for ECDSA verify fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 20:34:21 +01:00
Dave Rodgman
683850b416
Update tests/suites/test_suite_ecdsa.function 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 20:24:46 +01:00
Dave Rodgman
cd7fe3ee14
Merge pull request #6487 from gilles-peskine-arm/legacy_or_psa-internal 2022-10-27 20:21:43 +01:00
Gilles Peskine
75c4eaf1f8
Merge pull request #5841 from aurel32/ecp_mul_mxz-timing-leak 
Fix a timing leak in ecp_mul_mxz()
 2022-10-27 19:46:48 +02:00
Minos Galanakis
4d4c98b1b9 bignum_mod: mbedtls_mpi_mod_modulus_setup() refactoring. 
This patch addresses more review comments, and fixes
a circular depedency in the `mbedtls_mpi_mod_modulus_setup()`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 17:47:26 +01:00
Dave Rodgman
66e05505b6 Support generating DER format certificates 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 17:41:40 +01:00
Przemek Stekiel
a380b06c26 Add fake dependency to test CI 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-27 14:15:26 +02:00
Minos Galanakis
771c47055f bignum_mod: Style changes 
This patch addresses review comments with regards to style of
`mbedtls_mpi_mod_modulus_setup/free()`.

It also removes a test check which was triggering a use-after-free.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 12:36:24 +01:00
Minos Galanakis
dd365a526f test_suite_bignum: Updated mpi_mod_setup() test 
This patch updates the `mpi_mod_setup()` test suite
to check for incosistencies in the montgomery constant
data's lifecycle.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 11:43:54 +01:00
Minos Galanakis
8b33363315 bignum_mod: Updated modulus lifecycle with mm and rr. 
This patch updates the `mbedtls_mpi_mod_modulus_setup/free()`
methods to precalculate mm and rr(Montgomery const squared) during
setup and zeroize it during free.

A static `set_mont_const_square()` is added to manage the memory allocation
and parameter checking before invoking the
`mbedtls_mpi_core_get_mont_r2_unsafe()`

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 11:43:54 +01:00
Minos Galanakis
760f5d6b6b bignum_mod: Updated mbedtls_mpi_mod_modulus_setup/free with new fields 
At the current state, those fields are initialised to 0, NULL.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 11:43:54 +01:00
Hanno Becker
cd860dfe02 bignum_mod: Added Montgomery constants 
This patch adds the Montgomery constants to the `mbedtls_mpi_mont_struct`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 11:43:54 +01:00
Gilles Peskine
9603daddaa
Merge pull request #6230 from tom-cosgrove-arm/issue-6223-core-add 
Bignum: extract core_add from the prototype
 2022-10-27 11:25:27 +02:00
Ronald Cron
77e15e8a2c
Merge pull request #6460 from xkqian/tls13_add_early_data_preparatory 
Internal and Open CI merge job ran successfully. Good to go.
 2022-10-27 10:40:56 +02:00
Przemek Stekiel
120ed8f8fa Add comments to explan the purpose of the reference component 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-27 10:29:15 +02:00
Przemek Stekiel
5f6f32a0ad Remove hidden option to skip ssl-opt and compat tests 
Also remove compat tests from reference component as results from this run are not included in outcome file.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-27 08:24:43 +02:00
Gilles Peskine
88f5fd9099
Merge pull request #6479 from AndrzejKurek/depends-py-no-psa 
Enable running depends.py in a configuration without MBEDTLS_USE_PSA_CRYPTO and remove perl dependency scripts
 2022-10-26 20:02:57 +02:00
Gilles Peskine
3a9ebd69c3 Declare legacy_or_psa.h as private 
We think we're likely to change these macros. So make them *only* for
internal use, not just "mostly".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-26 18:03:14 +02:00
Gilles Peskine
49540ac529 Move copyright notice out of the Doxygen documentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-26 18:02:56 +02:00
Przemek Stekiel
4d13c833da analyze_outcomes.py: remove components and ignore parameters 
Use a dictionary to specify optional parameters for each task.
If the task is not specified then all tasks are executed.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-26 16:12:01 +02:00
Ronald Cron
85b9e09525 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-26 15:18:37 +02:00
Ronald Cron
c9176a03a7
Merge pull request #6410 from gilles-peskine-arm/psa-pkparse-pkwrite-3.2 
PSA with RSA requires PK_WRITE and PK_PARSE
 2022-10-26 14:57:36 +02:00
Gilles Peskine
d4d080b41b
Merge pull request #6407 from minosgalanakis/minos/6017_add_montgomery_constant_squared 
Bignum: Added pre-calculation of Montgomery constants
 2022-10-26 14:28:16 +02:00
Ronald Cron
4f7feca0dc
Merge pull request #6391 from davidhorstmann-arm/fix-x509-get-name-cleanup 
The Open CI ran successfully thus I think we can ignore the internal CI.
 2022-10-26 14:27:54 +02:00
Andrzej Kurek
29c002ebdf Remove unused perl dependency scripts 
curves.pl, depends-hashes.pl, key-exchanges.pl and depends-pkalgs.pl are now superseded by depends.py.
Update all references to them accordingly.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-26 08:26:58 -04:00
Andrzej Kurek
7cb0077c5d Add all.sh components running depends.py without MBEDTLS_USE_PSA_CRYPTO 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-26 08:26:58 -04:00
Manuel Pégourié-Gonnard
3e0ea98b7c
Merge pull request #6451 from mpg/fix-can-exercise 
Fix can_exercise() for RSA and hashes
 2022-10-26 10:18:52 +02:00
Xiaokang Qian
72dbfef6e4 Improve coding styles 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-26 06:33:57 +00:00
Xiaokang Qian
4ef4c89af2 Fix CI failure in build_info.h 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-26 02:48:47 +00:00
Gilles Peskine
b06f0717b3 PSA service config build: disable more modules not used by PSA 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-25 21:06:11 +02:00
Gilles Peskine
649e04e3d1 PSA service config build: note why we aren't disabling cipher and md 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-25 21:05:57 +02:00
Gilles Peskine
1f10807837 Disable pk in the PSA service config build 
It's not needed as a feature. It gets reenabled automatically in
build_info.h like pk_write and pk_parse, but that's an implementation
detail.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-25 21:02:56 +02:00
Gilles Peskine
78bffd1ff5 Fix spelling of a disabled option 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-25 21:02:33 +02:00