cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-08 06:40:16 -04:00
Code Issues Packages Projects Releases Wiki Activity
16,909 Commits 7 Branches 115 Tags
Commit Graph

16909 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
c2e95fa2b3
Merge pull request #6394 from mprse/enc_types_2_28_backport 
Backport 2.28: Test TLS 1.2 builds with each encryption type
 2022-10-12 12:45:52 +02:00
Manuel Pégourié-Gonnard
8221f84034
Merge pull request #6402 from gilles-peskine-arm/config.py-python-version-2.28 
Add a note that config.py must remain compatible with Python 3.4
 2022-10-11 12:57:24 +02:00
Gilles Peskine
78c34c2d15 Add a note that config.py must remain compatible with Python 3.4 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-10 22:53:58 +02:00
Janos Follath
f9c91cea19
Merge pull request #6387 from gilles-peskine-arm/bignum-mbedtls_test_read_mpi_core-2.28 
Backport 2.28: don't introduce mbedtls_test_read_mpi_core
 2022-10-10 15:14:36 +01:00
Przemek Stekiel
0d72141ead Revert "Add MBEDTLS_CIPHER_MODE_AEAD dependency to auth_crypt_tv() test function" 
This reverts commit 802353c8071ca5a1604bdba45806d59dd48e4728.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-10 15:41:02 +02:00
Przemek Stekiel
fa6094185e Revert: Enable Key Wrapping mode for 128-bit block ciphers 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-10 14:34:09 +02:00
Przemek Stekiel
7aca4e44fe Fix session tickets related build flags in fuzz_server and ssl_server2 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-10 14:14:13 +02:00
Przemek Stekiel
97d5740b7a Fix MBEDTLS_SSL_TICKET_C, MBEDTLS_SSL_SESSION_TICKETS dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-10 14:08:51 +02:00
Przemek Stekiel
1834a2e985 Reword change log entry 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-10 14:03:16 +02:00
Przemek Stekiel
0a48eaebc6 Add changelog entry: tls 1.2 builds with single encryption type 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-06 12:18:27 +02:00
Przemek Stekiel
efc894bf54 Add GCM dependency to "Per-version suites: TLS 1.2" 
Test was failing with error:
unknown ciphersuite: 'TLS-RSA-WITH-AES-128-GCM-SHA256'

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-06 12:15:21 +02:00
Przemek Stekiel
802353c807 Add MBEDTLS_CIPHER_MODE_AEAD dependency to auth_crypt_tv() test function 
Test calls functions that require MBEDTLS_CIPHER_MODE_AEAD.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-06 12:10:53 +02:00
Przemek Stekiel
2b03880628 Enable Key Wrapping mode for 128-bit block ciphers 
This is done to make configuration consistent with upstream and get rid of warnings.
ssl_ticket.c:254:17: warning: implicit declaration of function ‘mbedtls_cipher_auth_encrypt_ext’

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-06 12:08:25 +02:00
Przemek Stekiel
169554c68f Adapt macro names: MBEDTLS_SSL_SOME_SUITES_USE_MAC->MBEDTLS_SSL_SOME_MODES_USE_MAC 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-06 10:53:20 +02:00
Przemek Stekiel
b79d0dd1ad test_suite_cmac.data: fix bug: use cipher type instead cipher id 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-05 12:20:23 +02:00
Przemek Stekiel
249fccafb5 test_suite_cipher.function: always include aes.h 
It is done to have MBEDTLS_ERR_AES_INVALID_INPUT_LENGTH macro available (used in tests)

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-05 11:51:36 +02:00
Przemek Stekiel
864b43d3aa Fix configuration requirements(MBEDTLS_SSL_CONTEXT_SERIALIZATION, MBEDTLS_SSL_SESSION_TICKETS) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-05 11:47:29 +02:00
Przemek Stekiel
9450dc7b6f Fix guards for mbedtls_ct_size_mask() and mbedtls_ct_memcpy_if_eq() 
Both functions are used when MBEDTLS_SSL_SOME_SUITES_USE_MAC is defined not MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-05 11:38:25 +02:00
Przemek Stekiel
e53527063b Add test components for tls 1.2 builds with single encryption type 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-05 11:37:54 +02:00
Gilles Peskine
30e0623c7c
Merge pull request #6388 from gabor-mezei-arm/6308_bp_228_missing_initialization_in_test 
[Backport 2.28]  Add initialization for structures in test
 2022-10-05 11:09:32 +02:00
Gilles Peskine
eca29e4148 Replace the output file atomically 
When writing the new .data file, first write the new content, then replace
the target. This way, there isn't a temporary state in which the file is
partially written. This temporary state can be misleading if the build is
interrupted. It's annoying if you're watching changes to the output and the
changes appear as emptying the file following by the new version appearing.
Now interrupted builds don't leave a file that appears to be up to date but
isn't, and when watching the output, there's a single transition to the new
version.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-04 15:22:27 +02:00
Gilles Peskine
34cb462882 Move the definition of data_t to a header file 
This way it can be used in helper functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-04 15:21:44 +02:00
Gilles Peskine
7db8e89da1 Allow test assertions on constant-flow scalar data 
When testing a function that is supposed to be constant-flow, we declare the
inputs as constant-flow secrets with TEST_CF_SECRET. The result of such a
function is itself a constant-flow secret, so it can't be tested with
comparison operators.

In TEST_EQUAL, TEST_LE_U and TEST_LE_S, declare the values to be compared as
public. This way, test code doesn't need to explicitly declare results as
public if they're only used by one of these macros.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-04 15:21:44 +02:00
Gilles Peskine
9538c9097e Remove incorrect comment 
This comment (which used to be attached to the implementation, and should
not have been moved to the header file) is incorrect: the library function
mbedtls_mpi_read_string preserves leading zeros as desired, but does not
create a zero-limb object for an empty string.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-04 15:21:44 +02:00
Gabor Mezei
1b5800d069
Add initialization for structures 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-28 15:45:59 +02:00
Gabor Mezei
92ca1bc481
Add initialization for structures 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-28 15:36:25 +02:00
Gabor Mezei
58a7a063f8
Add initialization for structures 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-09-28 15:32:08 +02:00
Gilles Peskine
662b301c27
Merge pull request #6309 from gilles-peskine-arm/all-sh-force-2.28 
Backport 2.28: Fix all.sh --force
 2022-09-23 17:04:09 +02:00
Gilles Peskine
7959858f4c Don't remove programs/fuzz/Makefile 
Other programs/*/Makefile are only created by CMake, but programs/fuzz has
its own Makefile in the repository. Fixes #6247.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-09-22 10:19:52 +02:00
Gilles Peskine
423dd13357 Don't try restoring a file if no backup is available 
This caused `all.sh --force` to fail on a clean build tree.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-09-22 10:19:51 +02:00
Manuel Pégourié-Gonnard
e9ff465709
Merge pull request #6302 from davidhorstmann-arm/2.28-syntax-highlighting-function-files 
[Backport 2.28] Use GitHub C syntax highlighting on test files
 2022-09-21 10:52:17 +02:00
David Horstmann
6af9ad321c Use GitHub C syntax highlighting on test files 
Add a .gitattributes file that tells GitHub to highlight all .function
files as if they were .c files. This aids in reviewing changes to tests.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-09-20 17:24:07 +01:00
Manuel Pégourié-Gonnard
7c7a3eaab5
Merge pull request #6290 from daverodgman/contributing_2.28 
Clarify legal requirements for contributions
 2022-09-16 09:02:06 +02:00
Dave Rodgman
769695eeb0 Clarify legal requirements for contributions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-15 19:07:10 +01:00
Dave Rodgman
1963d67ed0
Merge pull request #6276 from daverodgman/fixcopyright_2.28 
Backport 2.28: Correct copyright and license in crypto_spe.h
 2022-09-13 11:24:01 +01:00
Dave Rodgman
e3619d06c2 Correct copyright and license in crypto_spe.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-12 17:58:29 +01:00
Manuel Pégourié-Gonnard
1b36e1b4d7
Merge pull request #6246 from superna9999/6100-crash-in-test-suite-x509write-backport 
[Backport 2.28]Crash in test suite x509write config full no seedfile
 2022-09-01 11:18:41 +02:00
Neil Armstrong
11048661a5 Initialize mbedtls_x509write_csr struct before USE_PSA_INIT(), mbedtls_x509write_csr_free() will crash if uninitialized 
When USE_PSA_INIT() failed because lack of seedfile, mbedtls_x509write_csr_free()
crashed when called on an unitialized mbedtls_x509write_csr struct.

This moves mbedtls_x509write_csr_init before calling USE_PSA_INIT(),
which could probably fail, and uses the same flow in x509_csr_check()
and x509_csr_check_opaque().

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-30 15:56:40 +02:00
Gilles Peskine
250a612969
Merge pull request #6212 from tom-cosgrove-arm/explicit-warning-re-ct-conditions-not-0-or-1-2.28 
Backport 2.28: Be explicit about constant time bignum functions that must take a 0 or 1 condition value
 2022-08-22 17:24:10 +02:00
Dave Rodgman
906bdbb66e
Merge pull request #6215 from daverodgman/pr6185-backport 
Backprort: ssl_tls12_server: fix potential NULL-dereferencing
 2022-08-19 20:22:36 +01:00
Leonid Rozenboim
81e742333e ssl_tls12_server: fix potential NULL-dereferencing if local certificate was not set. 
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-08-19 13:42:08 +01:00
Tom Cosgrove
f211d824d7 Be explicit about constant time bignum functions that must take a 0 or 1 condition value 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-18 14:56:00 +01:00
Dave Rodgman
928527cba9
Merge pull request #5990 from zhangsenWang/mbedtls-2.28 
Backport 2.28: Re-enable 5 tests disabled because of an old OpenSSL bug
 2022-08-16 09:56:52 +01:00
Zhangsen Wang
9d5b399b5d rebase with latest 2.28 branch 2022-08-16 03:27:48 +00:00
Dave Rodgman
a77287f8fa
Merge pull request #6182 from wernerlewis/ecp_set_zero_2.28 
[Backport 2.28] Add tests for mbedtls_ecp_set_zero
 2022-08-11 16:43:11 +01:00
Dave Rodgman
3469f7a732
Merge pull request #6187 from daverodgman/backport-iar-fatal-warnings 
Backport 2.28: cmake: IAR support option( MBEDTLS_FATAL_WARNINGS)
 2022-08-09 13:50:23 +01:00
savent
a37f5c1da3 cmake: IAR support option( MBEDTLS_FATAL_WARNINGS) 
IAR toolchain makes some warning, forcing 'warning as error' is not for sure.

Signed-off-by: savent <savent_gate@outlook.com>
 2022-08-09 10:54:13 +01:00
Werner Lewis
55a3285faf Add test case for mbedtls_ecp_set_zero 
Tests function with various ECP point conditions, covering freshly
initialized, zeroed, non-zero, and freed points.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-08 17:24:24 +01:00
Gilles Peskine
2c08ac7842
Merge pull request #6157 from daverodgman/chacha-psa-defines-backport 
backport 2.28: MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C are needed when PSA_WANT_ALG_CHACHA20_POLY1305 is defined
 2022-08-05 11:03:49 +02:00
Gilles Peskine
da126214ce
Merge pull request #6071 from wernerlewis/bignum_test_radix_2.28 
[Backport 2.28] Remove radix argument from bignum test functions
 2022-08-05 11:01:13 +02:00