cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-06 21:54:52 -04:00
Code Issues Packages Projects Releases Wiki Activity
18,021 Commits 7 Branches 115 Tags
Commit Graph

18021 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Rodgman
c62e5c4885 Update changelog for 2.28 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 11:33:07 +01:00
Dave Rodgman
c34bea20d6 fix trailing whitespace 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 11:31:57 +01:00
Dave Rodgman
aac022dab4 Changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 11:31:53 +01:00
Dave Rodgman
584b62f89e code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 11:31:29 +01:00
Dave Rodgman
9d3b63396b Fix comment 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 11:31:29 +01:00
Dave Rodgman
5c047d9672 More dependency fixes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 11:31:29 +01:00
Dave Rodgman
36c8e581d6 Fix unused variable 
Fix when MBEDTLS_AES_SETKEY_ENC_ALT, MBEDTLS_AES_DECRYPT_ALT and
MBEDTLS_AES_ROM_TABLE set.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 11:31:29 +01:00
Dave Rodgman
dbae184ceb Fix unused variable if MBEDTLS_AES_SETKEY_ENC_ALT and MBEDTLS_AES_DECRYPT_ALT set 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 11:31:29 +01:00
Dave Rodgman
9b20aeaa17 Fix unused fn when MBEDTLS_AES_SETKEY_DEC_ALT and MBEDTLS_AES_SETKEY_ENC_ALT set 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 11:31:29 +01:00
Dave Rodgman
1e6f7708f2 Fix unused function when MBEDTLS_AES_SETKEY_ENC_ALT set 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-28 11:31:29 +01:00
David Horstmann
1e8086bd21 Add ChangeLog entry for string_to_names() fix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-27 17:34:58 +01:00
David Horstmann
5c019e0f65 Add regression testcase for string_to_names() 
Test against a string with no '=' or ',' in it, which previously caused
mbedtls_x509_string_to_names() to return 0.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-27 17:34:58 +01:00
David Horstmann
abaea614d2 Return an error when no name is parsed 
When less than 1 RDN is successfully parsed in
mbedtls_x509_string_to_names(), return an error. Previously this
returned success when a string containing neither '=' or ',' was
supplied.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-27 17:34:58 +01:00
Waleed Elmelegy
6a4af481e1 Replace struct access with local variable 
Replace struct access with local variable to minimize
differnces with development branch.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-06-27 14:07:57 +01:00
David Horstmann
4184e5c926 Move clarification to a separate note 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-27 12:22:00 +01:00
SlugFiller
e2d0614571 Support compilation using CLang on Windows 
Signed-off-by: SlugFiller <5435495+SlugFiller@users.noreply.github.com>
 2023-06-26 19:19:56 +03:00
David Horstmann
0e93877b66 Reword the description of mbedtls_net_free() 
This makes it clearer that the context itself is not being freed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-23 23:24:46 +01:00
Gilles Peskine
63b50b56cd
Merge pull request #7753 from lpy4105/backport-2.28/issue/renew_cert_2024-01-01 
Backport 2.28: Updating crt/crl files due to expiry before 2024-01-01
 2023-06-21 12:29:12 +02:00
Bence Szépkúti
e0dcd18a23
Merge pull request #7721 from DemiMarie/do-while-2.28 
[Backport 2.28] Add a do-while loop around a macro
 2023-06-21 11:31:48 +02:00
Manuel Pégourié-Gonnard
001a052e0f
Merge pull request #7712 from DemiMarie/backport-test-fix 
Backport 2.28: x509parse tests: Replace TEST_ASSERT with TEST_EQUAL
 2023-06-21 11:02:28 +02:00
Demi Marie Obenour
0e2074133a Add a do-while loop around macros 
This is good practice in C.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
 2023-06-20 11:45:26 -04:00
Demi Marie Obenour
5d7cd012ac x509parse tests: Replace TEST_ASSERT with TEST_EQUAL 
The latter gives much more informative errors.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
 2023-06-19 11:04:47 -04:00
Gilles Peskine
cc51e8a615
Merge pull request #7798 from valeriosetti/backport-7614 
Backport: crypto_config_test_driver_extension: handle PUBLIC_KEY the same way as KEY_PAIRs
 2023-06-19 16:50:15 +02:00
Valerio Setti
e20ec4f1dd crypto_config_test_driver_extension: treat PUBLIC_KEY the same way as KEY_PAIR 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 10:03:29 +02:00
Pengyu Lv
343ff1200d Fix typo and long line format 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
ea8027921b Update crl-rsa-pss-*.pem manually 
The rules will be in a seperate PR.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Jerry Yu
a69934f249 upgrade server9-bad-saltlen.crt 
Upgrade scripts
```python
import subprocess
from asn1crypto import pem, x509,core

output_filename="server9-bad-saltlen.crt"
tmp_filename="server9-bad-saltlen.crt.tmp"
tmp1_filename="server9-bad-saltlen.crt.tmp1"

subprocess.check_call(rf''' openssl x509 -req -extfile server5.crt.openssl.v3_ext \
        -passin "pass:PolarSSLTest" -CA test-ca.crt -CAkey test-ca.key \
        -set_serial 24 -days 3650 \
        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:max \
        -sigopt rsa_mgf1_md:sha256 -sha256 \
        -in server9.csr -out {output_filename}
''',shell=True)

with open(output_filename,'rb') as f:
    _,_,der_bytes=pem.unarmor(f.read())
    target_certificate=x509.Certificate.load(der_bytes)

with open(tmp_filename,'wb') as f:
    f.write(target_certificate['tbs_certificate'].dump())

subprocess.check_call(rf'openssl dgst -sign test-ca.key -passin "pass:PolarSSLTest" \
                        -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:32 \
                        -sigopt rsa_mgf1_md:sha256 -out {tmp1_filename} {tmp_filename}',
                        shell=True)

with open(tmp1_filename,'rb') as f:
    signature_value= core.OctetBitString(f.read())

with open(output_filename,'wb') as f:
    target_certificate['signature_value']=signature_value
    f.write(pem.armor('CERTIFICATE',target_certificate.dump()))
```

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
33536d170e Update server9*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
3ed1653df4 Add server9-bad-{mgfhash,saltlen}.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
4ac61a92cc Add rules to generate server9*.crt 
Except for server9-bad-saltlen.crt and
server9-bad-mgfhash.crt.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Jerry Yu
7d7b735514 Update server1-nospace.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-19 11:41:12 +08:00
Jerry Yu
4e573497d7 Update v1 crt files 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
124b75a09a Update cert_example_multi_nocn.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
5539dcb2d4 Add rules to generate cert_example_multi_nocn.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
fce773e0e9 Update server5.[e]ku-*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
0158966a73 Add rules to generate server5.[e]ku-*.crt 
Since cert_write in mbedtls-2.28 doesn't support
write ext_key_usage extension, the commands are
added just for alignment with development.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
5a4cc39f39 Update server2.ku-*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
4b7447cf45 Add rules to generate server2.ku-*.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
6acdd5c624 Add rule for server2-badsign.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Jerry Yu
233c93b44d Update test-ca2.ku-*.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
34cfc35ce9 Fix the rule for server5-ss-forgeca.crt 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 11:41:12 +08:00
Jerry Yu
8e0cc70e38 Add the rule and update server6-ss-child.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-19 11:41:12 +08:00
Jerry Yu
2aa312b136 Update server5-selfsigned.crt 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-19 11:41:12 +08:00
Pengyu Lv
e1136d5eb4 Update test-ca2.crt[.der] and server5.crt[.der] 
Update these files to match the data in `library/certs.c`.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-19 10:17:21 +08:00
Gilles Peskine
d5f4039227
Merge pull request #7739 from davidhorstmann-arm/2.28-fix-iar-typo 
[Backport 2.28] Fix typo in CMakeList.txt in IAR compiler flags
 2023-06-15 19:23:56 +02:00
David Horstmann
7435651068 Reword changelog entry 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-15 14:09:05 +01:00
Pengyu Lv
41bb446d12 Update TEST_CA_CRT_EC_PEM and TEST_CA_CRT_EC_DER 
To retain the ABI compatibility, we need the DER
data to be in the exact size of 520 bytes. So,
these data are regenerated by unsetting the
'critical' flag of 'basic_constraints' extension,
though the extension should be critical for this
CA according to RFC5280 section 4.2.1.9.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-15 15:41:30 +08:00
Pengyu Lv
04da85f0f4 Update TEST_SRV_CRT_EC_PEM and TEST_SRV_CRT_EC_DER 
Regenerate server5.crt[.der] until we got the
DER data in the size of 547 bytes to maintain
the ABI compatibility.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-15 13:01:35 +08:00
Pengyu Lv
1fca541a5f Remove redundant PHONY targets 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-14 09:55:51 +08:00
Pengyu Lv
a640339243 Fix long line format 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-06-14 09:55:51 +08:00