cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-09-12 16:45:16 -04:00
Code Issues Packages Projects Releases Wiki Activity
18,809 Commits 7 Branches 115 Tags
Commit Graph

18809 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
tom-daubney-arm
24d60ad716
Merge branch 'mbedtls-2.28-restricted' into backport_asymmetric_encrypt_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-02-28 15:43:48 +00:00
David Horstmann
80de1475a1 Fix incorrect conflict resolution 
A return statement was missing in the wrapper generation script.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-28 15:16:44 +00:00
David Horstmann
10e44f3fd1 Add missing guards around exit label 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-28 14:17:49 +00:00
Manuel Pégourié-Gonnard
cb086af4bc
Merge pull request #8860 from gilles-peskine-arm/ecp-write-doc-2.28 
Backport 2.28: Document ECP write functions
 2024-02-28 11:04:27 +00:00
David Horstmann
6b01954e09
Merge pull request #1150 from tom-daubney-arm/backport_mac_buffer_protection 
[Backport] - MAC buffer protection
 2024-02-26 19:06:45 +00:00
David Horstmann
4e8215057c Generate test wrappers for psa_generate_random() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-26 18:26:06 +00:00
David Horstmann
65bf12ce6b Add buffer copying to psa_generate_random() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-26 18:26:00 +00:00
Thomas Daubney
be060f1e85 Suppress pylint 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-26 13:55:42 +00:00
Gilles Peskine
9721b868a2 Allow null buffers when the length is 0 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 12:38:16 +01:00
Gilles Peskine
84dc44b9b5 Note that ecp read/write functions don't support Curve448 yet 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 09:05:45 +01:00
Gilles Peskine
7ce99c0f3a mbedtls_ecp_write_key: document that this function doesn't detect unset data 
Fixes #8803.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 09:04:29 +01:00
Gilles Peskine
e65e98a1dc mbedtls_ecp_write_key: document and test smaller output buffer 
Document and test the current behavior, even if it is weird:

* For Weierstrass keys, the error is MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL,
  not MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL.
* For Weierstrass keys, a smaller output buffer is ok if the output fits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 09:02:44 +01:00
Gilles Peskine
75bb596de8 mbedtls_ecp_write_key: document and test larger output buffer 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 09:01:51 +01:00
Gilles Peskine
c2c74b9cef mbedtls_ecp_write_key: no FEATURE_UNAVAILABLE error 
When exporting a key, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE should not happen.
This error indicates that the curve is not supported, but that would prevent
the creation of the key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 08:54:25 +01:00
Bill Roberts
a4486ceff2
scripts/bump_version.sh: update pkgconfig version 
Bump the version number in pkgconfig/CMakeLists.txt so the package
config files stay in sync with the project VERSION.

This is Related to:
- aa4862a5e ("Bump the version number in CMakeLists.txt")

But changes were made to support CMake prior to version 3.0.

Signed-off-by: Bill Roberts <bill.roberts@arm.com>
 2024-02-23 09:09:17 -06:00
Bill Roberts
202a16329d
pkg-config: add initial pkg-config files 
Add three package config files for mbedtls, mbedcrypto and mbedx509.
Also update various project variables so the generated PC files have the
required data needed without hardcoding it everywhere.

This will help distros package the project following existing
conventsions between a normal and -devel package that includes the
headers and .pc files for pkg-config aware consumers.

This also squashes:
  - fff51cecc ("Update ChangeLog.d/pkg-config-files-addition.txt")

Fixes: #228
Signed-off-by: Bill Roberts <bill.roberts@arm.com>
 2024-02-23 09:07:59 -06:00
tom-daubney-arm
8eafe1525d
Merge branch 'mbedtls-2.28-restricted' into backport_mac_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-02-22 15:28:49 +00:00
Thomas Daubney
09cf4f2e78 Decouple if statement in psa_raw_key_agreement exit. 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-22 11:08:22 +00:00
Gilles Peskine
36e6bd6926
Merge pull request #8811 from gilles-peskine-arm/pk_import_into_psa-backports-2.28 
Backport 2.28: bugs fixed in "Implement mbedtls_pk_import_into_psa"
 2024-02-21 15:45:21 +00:00
Thomas Daubney
2ea8d8fa3c Revise how output allocation is checked 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-21 15:16:01 +00:00
Thomas Daubney
0736df33ac Check for output allocation before randomising 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-21 12:28:20 +00:00
David Horstmann
0ce9589e36
Merge pull request #1133 from davidhorstmann-arm/copying-aead-2.28 
[Backport 2.28] Copy buffers in AEAD
 2024-02-20 16:07:36 +00:00
Thomas Daubney
26d1c43821 Check output allocated before randomising 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-20 11:26:55 +00:00
Janos Follath
53e5adfca4
Merge pull request #8841 from BensonLiou/use_init_api-228 
use mbedtls_ssl_session_init() to init session variable
 2024-02-19 15:49:29 +00:00
Benson Liou
6805ff7892 use mbedtls_ssl_session_init() to init session variable 
Use mbedtls_ssl_session_init() to init variable just like
session-family APIs described

Signed-off-by: Benson Liou <benson.liou@sony.com>
 2024-02-17 00:19:10 +08:00
Gilles Peskine
049ea32931 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-15 15:32:47 +01:00
Thomas Daubney
3c0c6b1c4b Conditionally include exit label 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-15 14:25:08 +00:00
Thomas Daubney
db5d607cb1 Generate test wrappers 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-15 14:18:02 +00:00
Thomas Daubney
9da359fc65 Add buffer protection to psa_key_derivation_key_agreement 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-15 14:15:46 +00:00
Thomas Daubney
4304276539 Add buffer protection to psa_raw_key_agreement 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-15 13:47:08 +00:00
David Horstmann
a9cc4cd1cb
Merge pull request #1179 from Ryan-Everett-arm/key-derivation-buffer-protection-backport 
[Backport] Add buffer copying to the Key Derivation API
 2024-02-15 11:54:28 +00:00
Paul Elliott
7ebb3c5d01 Add metatests for failing TEST_EQUAL and TEST_LE_* 
After getting caught with deadlock issues when these tests fail, add a
metatest to test them failing.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-02-14 15:07:40 +00:00
Gilles Peskine
039c903e7b
Merge pull request #8818 from forkiee2/mbedtls-2.28 
Backport 2.28: move entropy init prior arguments number recognition
 2024-02-14 13:43:32 +00:00
Tom Cosgrove
75c8e61ce0
Merge pull request #8814 from gilles-peskine-arm/rsa-bitlen-fix-2.28 
Backport 2.28: Fix mbedtls_pk_get_bitlen for a key size that is not a multiple of 8
 2024-02-14 11:18:28 +00:00
PiotrBzdrega
c609654665 newline at end of changelog file 
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
 2024-02-13 22:12:23 +01:00
David Horstmann
eb77b6f418 Add session config bit for KEEP_PEER_CERTIFICATE 
This config option decides whether the session stores the entire
certificate or just a digest of it, but was missing from the
serialization config bitflag.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-13 18:59:07 +00:00
David Horstmann
a2fd778868
Merge pull request #1148 from tom-daubney-arm/backport_hash_buffer_protection 
[Backport] - Hash buffer protection
 2024-02-13 18:17:57 +00:00
PiotrBzdrega
14e4727d0e fill out missing dot in changelog 
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
 2024-02-13 17:09:40 +01:00
PiotrBzdrega
7c1cd5ae1c move entropy init prior arguments number recognition 
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
 2024-02-13 16:59:05 +01:00
Janos Follath
09cd7dd96a
Merge pull request #8660 from ivq/fix_ecp_comment 
Fix a comment in ecp
 2024-02-13 12:12:10 +00:00
Gilles Peskine
0196f4886a Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes 
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 17:00:48 +01:00
Gilles Peskine
c89f9ceb41 Don't define pk_sign_verify in configurations where it's unused 
In some configurations (e.g. ECDH but no ECDSA or RSA), the PK module is
useful but cannot perform any signatures. Then modern GCC complains:

```
../source/tests/suites/test_suite_pk.function: In function ‘test_pk_sign_verify’:
../source/tests/suites/test_suite_pk.function:1136:12: error: array subscript 0 is outside array bounds of ‘unsigned char[0]’ [-Werror=array-bounds]
../source/tests/suites/test_suite_pk.function:1094:19: note: while referencing sig’
…
```

This fixes test-ref-configs.pl with a modern GCC (specifically with
config-thread.h).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 14:33:41 +01:00
Gilles Peskine
0af7a90329 depends.py: set unique configuration names in outcome file 
Set unique configuration names in the outcome file. This was lost in the
rewrite from depends-*.pl to depends.py.

Fix #7290

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 14:30:59 +01:00
Thomas Daubney
2b614f9dad Generate all test wrappers 
One was missed due to typo

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 13:07:48 +00:00
Thomas Daubney
d8adccf45d Generate test wrappers 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 13:07:43 +00:00
Thomas Daubney
1a6137bbac Implement safe buffer copying in asymm. encryption 
Use local copy buffer macros to implement safe
copy mechanism in asymmetric encryption API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 13:03:16 +00:00
Thomas Daubney
480347d682 Add mac not NULL check before calling memset 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00
Thomas Daubney
301491d70c Modify allocation in sign_finish 
Allocate immediately after declaration.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00
Thomas Daubney
f298f657c4 Fix code style 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00
Thomas Daubney
2bb3a1fa25 Conditionally include exit label 
...on functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:21:46 +00:00