cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-08 06:40:16 -04:00
Code Issues Packages Projects Releases Wiki Activity
16,884 Commits 7 Branches 115 Tags
Commit Graph

16884 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Rodgman
bcbe333fbc Paramaterise ecdsa_verify test case more clearly 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-23 10:42:33 +01:00
Dave Rodgman
b9579fd150 Minor tidy-up 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-23 10:42:33 +01:00
Dave Rodgman
78508c496c Changelog for ECDSA verify fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-23 10:42:33 +01:00
Dave Rodgman
622b048e3e Fix duplicate test names 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-23 10:42:33 +01:00
Dave Rodgman
c763e1775a Add missing newlines 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-23 10:42:33 +01:00
Dave Rodgman
4268731b2f Fix ECDSA signature verification edge-case 
For R and S equal to 1, ensure the public key is checked
for validity.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-23 10:42:33 +01:00
Dave Rodgman
535dccebdc Add unit tests for ECDSA with invalid public key 
Add tests for a case in ECDSA signing where an invalid public
key is accepted in signature verification.

Test data taken from the OSS-fuzz issue, and additional
generated with python-ecdsa.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-23 10:42:33 +01:00
Manuel Pégourié-Gonnard
7c7a3eaab5
Merge pull request #6290 from daverodgman/contributing_2.28 
Clarify legal requirements for contributions
 2022-09-16 09:02:06 +02:00
Dave Rodgman
769695eeb0 Clarify legal requirements for contributions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-15 19:07:10 +01:00
Dave Rodgman
1963d67ed0
Merge pull request #6276 from daverodgman/fixcopyright_2.28 
Backport 2.28: Correct copyright and license in crypto_spe.h
 2022-09-13 11:24:01 +01:00
Dave Rodgman
e3619d06c2 Correct copyright and license in crypto_spe.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-12 17:58:29 +01:00
Manuel Pégourié-Gonnard
1b36e1b4d7
Merge pull request #6246 from superna9999/6100-crash-in-test-suite-x509write-backport 
[Backport 2.28]Crash in test suite x509write config full no seedfile
 2022-09-01 11:18:41 +02:00
Neil Armstrong
11048661a5 Initialize mbedtls_x509write_csr struct before USE_PSA_INIT(), mbedtls_x509write_csr_free() will crash if uninitialized 
When USE_PSA_INIT() failed because lack of seedfile, mbedtls_x509write_csr_free()
crashed when called on an unitialized mbedtls_x509write_csr struct.

This moves mbedtls_x509write_csr_init before calling USE_PSA_INIT(),
which could probably fail, and uses the same flow in x509_csr_check()
and x509_csr_check_opaque().

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-30 15:56:40 +02:00
Gilles Peskine
250a612969
Merge pull request #6212 from tom-cosgrove-arm/explicit-warning-re-ct-conditions-not-0-or-1-2.28 
Backport 2.28: Be explicit about constant time bignum functions that must take a 0 or 1 condition value
 2022-08-22 17:24:10 +02:00
Dave Rodgman
906bdbb66e
Merge pull request #6215 from daverodgman/pr6185-backport 
Backprort: ssl_tls12_server: fix potential NULL-dereferencing
 2022-08-19 20:22:36 +01:00
Leonid Rozenboim
81e742333e ssl_tls12_server: fix potential NULL-dereferencing if local certificate was not set. 
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-08-19 13:42:08 +01:00
Tom Cosgrove
f211d824d7 Be explicit about constant time bignum functions that must take a 0 or 1 condition value 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-18 14:56:00 +01:00
Dave Rodgman
928527cba9
Merge pull request #5990 from zhangsenWang/mbedtls-2.28 
Backport 2.28: Re-enable 5 tests disabled because of an old OpenSSL bug
 2022-08-16 09:56:52 +01:00
Zhangsen Wang
9d5b399b5d rebase with latest 2.28 branch 2022-08-16 03:27:48 +00:00
Dave Rodgman
a77287f8fa
Merge pull request #6182 from wernerlewis/ecp_set_zero_2.28 
[Backport 2.28] Add tests for mbedtls_ecp_set_zero
 2022-08-11 16:43:11 +01:00
Dave Rodgman
3469f7a732
Merge pull request #6187 from daverodgman/backport-iar-fatal-warnings 
Backport 2.28: cmake: IAR support option( MBEDTLS_FATAL_WARNINGS)
 2022-08-09 13:50:23 +01:00
savent
a37f5c1da3 cmake: IAR support option( MBEDTLS_FATAL_WARNINGS) 
IAR toolchain makes some warning, forcing 'warning as error' is not for sure.

Signed-off-by: savent <savent_gate@outlook.com>
 2022-08-09 10:54:13 +01:00
Werner Lewis
55a3285faf Add test case for mbedtls_ecp_set_zero 
Tests function with various ECP point conditions, covering freshly
initialized, zeroed, non-zero, and freed points.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-08 17:24:24 +01:00
Gilles Peskine
2c08ac7842
Merge pull request #6157 from daverodgman/chacha-psa-defines-backport 
backport 2.28: MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C are needed when PSA_WANT_ALG_CHACHA20_POLY1305 is defined
 2022-08-05 11:03:49 +02:00
Gilles Peskine
da126214ce
Merge pull request #6071 from wernerlewis/bignum_test_radix_2.28 
[Backport 2.28] Remove radix argument from bignum test functions
 2022-08-05 11:01:13 +02:00
Gilles Peskine
f222b8e041
Merge pull request #6161 from daverodgman/backport-cert-symlink 
Backport 2.28: x509_crt: handle properly broken links when looking for certificates
 2022-08-03 13:05:31 +02:00
Gilles Peskine
ddc3845782
Merge pull request #6168 from mman/mbedtls-2.28 
Use double quotes to include private header file psa_crypto_cipher.h
 2022-08-03 13:05:00 +02:00
Martin Man
43dedd8afe Use double quotes to include private header file psa_crypto_cipher.h 
Signed-off-by: Martin Man <mman@martinman.net>
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
 2022-08-02 13:36:18 +02:00
Zhangsen Wang
1c981f5c84 skip test with openssl client because it will timeout with certain seed due to an openssl bug 
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
 2022-08-02 06:18:40 +00:00
Werner Lewis
df336842a9 Use upper case for bignum string comparison 
Test data which is compared as a hex string now uses upper case to
match output of mbedtls_mpi_write_string() output. This removes usage
of strcasecmp().

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-01 15:57:06 +01:00
Werner Lewis
d487776a61 Remove radix from added test cases 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-01 15:57:06 +01:00
Werner Lewis
3d52e445cc Fix formatting in bignum test functions 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-01 15:57:06 +01:00
Werner Lewis
3e005f3efc Remove remaining bignum radix args 
Functions which are not covered by script, changes made to use radix
16.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-01 15:57:06 +01:00
Werner Lewis
955a0bb18f Remove radix arg from bignum tests 
Cases where radix was explictly declared are removed in most cases,
replaced using script. bignum arguments are represented as hexadecimal
strings. This reduces clutter in test data and makes bit patterns
clearer.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-01 15:57:06 +01:00
Werner Lewis
24b6078306 Remove radix arg from mbedtls_test_read_mpi 
All uses have radix argument removed, using script.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-01 15:57:02 +01:00
Bence Szépkúti
454fdc2501
Merge pull request #6160 from tom-cosgrove-arm/fix-typos-in-md-files-2.28 
Backport 2.28: Fix typographical errors in .md files found by cspell
 2022-08-01 10:06:31 +02:00
Dave Rodgman
62067bc82f
Merge pull request #6156 from daverodgman/microblaze-littleendian-backport-2.28 
Microblaze littleendian backport 2.28
 2022-07-29 17:08:16 +01:00
Dave Rodgman
6f227ee8e8 Remove use of lstat 
lstat is not available on some platforms (e.g. Ubuntu 16.04). In this
particular case stat is sufficient.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-29 14:27:52 +01:00
Dave Rodgman
626b37859c Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-29 14:27:52 +01:00
Dave Rodgman
2958bb3761 Spelling and grammar improvements 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-29 14:27:52 +01:00
Dave Rodgman
168bcd684b Don't increase failure count for dangling symlinks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-29 14:27:52 +01:00
Eduardo Silva
32ffb2b8bc x509_crt: handle properly broken links when looking for certificates 
On non-windows environments, when loading certificates from a given
path through mbedtls_x509_crt_parse_path() function, if a symbolic
link is found and is broken (meaning the target file don't exists),
the function is returning MBEDTLS_ERR_X509_FILE_IO_ERROR which is
not honoring the default behavior of just skip the bad certificate file
and increase the counter of wrong files.

The problem have been raised many times in our open source project
called Fluent Bit which depends on MbedTLS:

https://github.com/fluent/fluent-bit/issues/843#issuecomment-486388209

The expected behavior is that if a simple certificate cannot be processed,
it should just be skipped.

This patch implements a workaround with lstat(2) and stat(2) to determinate
first if the entry found in the directory is a symbolic link or not, if is
a simbolic link, do a proper stat(2) for the target file, otherwise process
normally. Upon find a broken symbolic link it will increase the counter of
not processed certificates.

Signed-off-by: Eduardo Silva <eduardo@treaure-data.com>
 2022-07-29 14:27:50 +01:00
Tom Cosgrove
c71bc7b7d3 Fix typographical errors in .md files found by cspell 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-07-29 13:54:52 +01:00
Dave Rodgman
8934db7b8e
Merge pull request #6143 from tom-cosgrove-arm/fix-comments-in-docs-and-comments-2.28 
Backport 2.28: Fix a/an typos in doxygen and other comments
 2022-07-29 12:59:14 +01:00
Summer Qin
aba50444d3 Add MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C 
MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C are needed
when PSA_WANT_ALG_CHACHA20_POLY1305 is defined

Signed-off-by: Summer Qin <summer.qin@arm.com>
 2022-07-29 11:46:20 +01:00
Dave Rodgman
7d4a8da1b7 Add Changelog entry 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-29 11:34:26 +01:00
Kazuyuki Kimura
90b99bf964 fix issue #2020 
Fixed a bug that the little-endian Microblaze does not work when MBEDTLS_HAVE_ASM is defined.

Signed-off-by: Kazuyuki Kimura <kim@wing.ocn.ne.jp>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-29 11:33:57 +01:00
Tom Cosgrove
5205c976da Fix a/an typos in doxygen and other comments 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-07-28 06:12:08 +01:00
Dave Rodgman
5048045f25
Merge pull request #6096 from tom-cosgrove-arm/bn_mul-fix-x86-pic-compilation-for-gcc-4-2.28 
Backport 2.28: bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5
 2022-07-21 17:34:52 +01:00
Dave Rodgman
59dca4b136
Merge pull request #6110 from daverodgman/add-missing-break-2.28 
Add missing break - backport 2.28
 2022-07-21 15:25:49 +01:00