Commit graph

23438 commits

Author SHA1 Message Date
Tom Cosgrove
de85725507 Don't use cast-assignment in ssl_server.c
Would have used mbedtls_put_unaligned_uint32(), but alignment.h is in library/.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-02-03 16:38:05 +00:00
Aditya Deshpande
9b45f6bb68 Fix more argc checks
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-02-03 16:15:30 +00:00
Gilles Peskine
10ada35019
Merge pull request #7022 from daverodgman/3DES-warning
Improve warnings for DES/3DES
2023-02-03 16:41:34 +01:00
Gilles Peskine
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3
Parsing v3 extensions from a CSR - v.2
2023-02-03 16:41:11 +01:00
Manuel Pégourié-Gonnard
f5e2331f8a Use TEST_EQUAL when applicable in test_suite_md
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:51:03 +01:00
Manuel Pégourié-Gonnard
b707bedca4 Avoid unnecessary copy in test_suite_md
Also avoids buffer with an arbitrary size while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:32:41 +01:00
Manuel Pégourié-Gonnard
4ba98f5350 Use MBEDTLS_MD_MAX_SIZE in test_suite_md
Not only was the size of 100 arbitrary, it's also not great for testing:
using MBEDTLS_MD_MAX_SIZE will get us an ASan error if it ever is too
small.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:25:53 +01:00
Manuel Pégourié-Gonnard
c90514ee11 Use MD type not string to in MD test data
For all test that want to use a hash, identify it by its numerical type
rather than a string. The motivation is that when we isolate the
MD-light subset from the larger MD, it won't have support for string
identifiers. Do the change for all tests, not just those that will
exercise functions in MD-light, for the sake of uniformity and because
numerical identifiers just feel better.

Note: mbedtls_md_info_from_string is still tested in md_info().

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-03 12:13:10 +01:00
Gilles Peskine
80c552556a
Merge pull request #6791 from yanrayw/6675-change-some-key-generation-funcs-to-static
TLS 1.3: Key Generation: change some key generation functions to static
2023-02-03 11:56:35 +01:00
Gilles Peskine
753ad17a41
Merge pull request #6982 from aditya-deshpande-arm/check-files-characters
check_files.py: Allow specific Box Drawing characters to be used
2023-02-03 11:46:06 +01:00
Gilles Peskine
e2db23d741
Merge pull request #6902 from yanrayw/6651-enable-cipher-suite-names-consistent
compat.sh: report and filter cipher suite names consistently
2023-02-03 11:38:31 +01:00
Manuel Pégourié-Gonnard
bae8d2ae13
Merge pull request #7028 from daverodgman/sizeof-brackets
Fix use of sizeof without brackets
2023-02-03 10:29:56 +01:00
Manuel Pégourié-Gonnard
d56def5c30
Merge pull request #6946 from valeriosetti/issue6856
driver-only ECDSA: fix testing disparities in ecp, random, se_driver_hal
2023-02-03 08:51:04 +01:00
Yanray Wang
f206c1493b Remove duplicate mbedtls_platform_zeroize for tls13_early_secrets
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-03 13:55:47 +08:00
Yanray Wang
131ec931eb Remove the additional dot in output of compat.sh
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-03 12:13:04 +08:00
Gilles Peskine
34c43a871f Make the fields of mbedtls_pk_rsassa_pss_options public
This makes it possible to verify RSA PSS signatures with the pk module,
which was inadvertently broken since Mbed TLS 3.0. Fixes #7040.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-02 23:06:37 +01:00
Dave Rodgman
fdbfaafc2f Additional warnings in cipher.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 13:44:31 +00:00
Dave Rodgman
23caf02c5b Update warnings in cipher.h
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 13:17:34 +00:00
Dave Rodgman
6dd757a8ba Fix use of sizeof without brackets
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 12:40:50 +00:00
Dave Rodgman
c04515b83c Improve warnings for DES/3DES
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 10:47:58 +00:00
Valerio Setti
00c1ccb08c depends.py: fix typo and slightly reorganized code
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-02 11:33:31 +01:00
Aditya Deshpande
3b18a29c13 Amend changelog entry
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-02-02 09:06:00 +00:00
Nick Child
282d50493a pkcs7: Remove duplicate oid condition
MBEDTLS_OID_PKCS7_ENCRYPTED_DATA was listed twice in
the oid conditional. Remove one of them.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-02-01 18:32:55 +00:00
Gilles Peskine
24c6f49530
Merge pull request #7005 from tom-cosgrove-arm/fix-doxygen-typos-in-new-bignum
Fix typos in doxygen commands in new bignum modules
2023-02-01 19:05:04 +01:00
David Horstmann
a43e332fe4 Fix near-tautological repetition in ChangeLog
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-02-01 13:39:57 +00:00
Aditya Deshpande
ebb2269f68 Allow whole Box Drawings range
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-02-01 13:30:26 +00:00
Gilles Peskine
a193986aab
Merge pull request #6942 from ucko/2023a-bignum
mbedtls_mpi_sub_abs: Skip memcpy when redundant (#6701).
2023-02-01 11:36:25 +01:00
Tom Cosgrove
8a1f784ece Fix typos in doxygen commands in new bignum modules
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-02-01 08:43:54 +00:00
Yanray Wang
a12cecbe47 Modify some comments in ssl_tls13_keys.c
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-02-01 14:29:51 +08:00
Pengyu Lv
c92df3ba59 all.sh: test_m32_xx is not supported on arm64 host
test_m32_xxx tests are x86 specific, but the support
function only identifies a 64-bit system. So the tests
will be run on arm64 host and cause a test failure.
This change restricts those tests to amd64/x86_64
only.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-02-01 10:50:50 +08:00
Nick Child
3bd17f2f58 pkcs7: Use end_issuer_and_sn where appropriate
There were some areas where `end_signer` were being
used when it makes more sense to use `end_issuer_and_sn`,
as pointed out by demiobenour@gmail.com.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-31 20:42:26 +00:00
Aaron M. Ucko
a2b674f9a7 Simplify ChangeLog entry for mbedtls_mpi_sub_abs fix.
Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
2023-01-31 15:31:18 -05:00
Gilles Peskine
c567b74e6e
Merge pull request #6964 from davidhorstmann-arm/code-style-improvements
Improvements to code style script
2023-01-31 21:22:57 +01:00
Gilles Peskine
f6b9823422
Merge pull request #6979 from daverodgman/const-time-asm-vol
Inhibit compiler from optimising out const-time asm
2023-01-31 11:28:45 +01:00
Gilles Peskine
470f10cfc5
Merge pull request #6941 from gabor-mezei-arm/6375_quasi-reduction_function
Add function to fix quasi-reduction
2023-01-31 11:25:25 +01:00
Nick Child
a0c15d0fec pkcs7/test: Add test cases for pkcs7 with 3 signers
Previously, a loop in pkcs7_get_signers_info_set was not
getting covered by tests. This was because when there are
two or less signers, the loop will not execute.
Therefore, add new data files for another signer and use
three signers to generate a new pkcs7 DER file. Add a test
case to make sure that verification is still successfula and
use the test script to create ASN1 errors throoughout the
stucture:
./generate_pkcs7_tests.py ../data_files/pkcs7_data_3_signed.der

This results in the loop being executed.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 19:30:38 +00:00
Aditya Deshpande
d05aa0fc60 Add changelog entry
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 17:22:07 +00:00
Aditya Deshpande
644a5c0b2b Fix bugs in example programs: change argc == 0 to argc < 2
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 16:48:13 +00:00
Nick Child
77bc726972 pkcs7: Fix typo in comment
Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 16:46:10 +00:00
Nick Child
951f700909 pkcs7/test: Allocate hash dynamically
Rather than using a static array, use the md_info
size to allocate dynamically.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 16:45:04 +00:00
Nick Child
c547447deb pkcs7/test: Let verify take dynamic number of certs
Previously there were two test functions for verify.
One allowed for the verification of one certificate and
the other allowed for verification of two certificates.

Merge these two functions into one function that can take
any number of certificates as an argument.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 16:45:04 +00:00
Nick Child
ec81709516 pkcs7: Ensure all data in asn1 structure is accounted for
Several PKCS7 invalid ASN1 Tests were failing due to extra
data bytes or incorrect content lengths going unnoticed. Make
the parser aware of possible malformed ASN1 data.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 16:44:58 +00:00
Nick Child
4983ddf747 test/pkcs7: Add more tests for better coverage
Add test calls to raw asn1 data with slight syntatical errors
Increases %branches covered from 70.4% to 87.7%.
Add a script which serves as documentation for how these new test
cases were generated:
 ./generate_pkcs7_tests.py ../data_files/pkcs7_data_cert_signed_sha256.der
 ./generate_pkcs7_tests.py ../data_files/pkcs7_data_multiple_signed.der

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 15:55:44 +00:00
Nick Child
b781770b3e test/pkcs7: Add helper function
In the future, tests will be added which take in a char buffer
and buflen. Rather than duplicate code, have tests which
read from file and from buffer use the same helper function

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 15:55:44 +00:00
Nick Child
e8a811650b test/pkcs7: Add test for expired cert
PKCS7 verification should fail if the signing cert is expired.
Add test case for this condition.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 15:55:44 +00:00
Nick Child
ff2746fa56 test/pkcs7: Add test for wrong hash alg
Add a test to verify a hash which uses a different digest
algorithm than the one specified in the pkcs7.

Signed-off-by: Nick Child <nick.child@ibm.com>
2023-01-30 15:55:44 +00:00
Gilles Peskine
6759eb2c5f Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-30 15:55:44 +00:00
Gabor Mezei
db1607fa69
Remove unneeded include
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-01-30 16:27:48 +01:00
Aditya Deshpande
15b6dd0fb4 Modify comments to make them more inclusive
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 13:46:58 +00:00
Aditya Deshpande
ea637081dd Allow specific Box Drawing UTF characters that are used in Markdown trees in check_files.py
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 13:19:32 +00:00