lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity
16,020 Commits 174 Branches 272 Tags
05ee09eae7adc42d7abfb7816ee4dba9457cc4c6
Commit Graph

16020 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Paul Elliott
d925ee0a6e Set ChangeLog version and release date 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-01 17:58:07 +01:00
Paul Elliott
bece7374ce Bump Library Version Number 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-01 17:52:07 +01:00
Paul Elliott
671233280e Build aggregated ChangeLog 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-01 17:37:55 +01:00
Paul Elliott
4128c2032e Merge remote-tracking branch 'restricted/development_2.x-restricted' into mbedtls-2.27.0rc0-pr 2021-07-01 17:26:38 +01:00
Dave Rodgman
ba940cc695 Merge pull request #4182 from gabor-mezei-arm/3258_implement_one-shot_MAC_and_cipher 
[Backport 2.x] Implement one-shot cipher
 2021-06-30 17:04:11 +01:00
Dave Rodgman
af9b4841fb Merge pull request #4605 from gabor-mezei-arm/3267_sign_verify_key_policies 
[Backport 2.x] Key policy extension for PSA_KEY_USAGE_SIGN/VERIFY_HASH
 2021-06-30 14:51:03 +01:00
gabor-mezei-arm
e4be8a3bea Remove obsolete comment 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-30 10:34:28 +02:00
gabor-mezei-arm
05dac4a20b Give a better name for struct member 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-30 10:31:18 +02:00
Dave Rodgman
0a4046e9ca Merge pull request #4736 from daverodgman/alert_bugfixes_2.x 
Backport 2.x: Fix alert raised for invalid fragment length
 2021-06-30 09:02:49 +01:00
Dave Rodgman
7ed75e21c9 Correct required config flag in ECJPAKE tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 21:15:58 +01:00
gabor-mezei-arm
252304594b Fix minor issues 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:06:30 +02:00
gabor-mezei-arm
a3669ac7e7 Restoring the multi-part cipher_verify_output() testing 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 18:58:42 +02:00
Gilles Peskine
bdba86f4d5 Merge pull request #4718 from nick-child-ibm/hash_len_devel 
Backport 2.x: pk.c: Ensure min hash_len in pk_hashlen_helper
 2021-06-29 18:16:51 +02:00
gabor-mezei-arm
3ea27325c9 Fix pylint issue 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 17:21:21 +02:00
gabor-mezei-arm
809634d5d9 Check the return status of the functions first 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 16:49:51 +02:00
gabor-mezei-arm
42373bdde7 Add buffer overflow check 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 16:49:51 +02:00
gabor-mezei-arm
6f8d43df20 Remove invalid buffer overflow check 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 16:39:49 +02:00
Dave Rodgman
0dfb7dbe15 TLS UNSUPPORTED_EXTENSION error code changes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 15:21:44 +01:00
Dave Rodgman
de8c91bbae Improve Changelog for TLS alert codes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 14:43:09 +01:00
gabor-mezei-arm
ea840dea61 Return iterator instead of list 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 15:42:57 +02:00
gabor-mezei-arm
912eca3847 Rename function 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 15:39:56 +02:00
Nick Child
8930e14f3a test_suite_pk.function: Do not use MD_MAX_SIZE 
In order to for tests to pass from the previous commit (which it mandatory for all pk verify/sign
functions to be given a hash_len that is exactly equal to the message digest length of md_alg) the
hash_len that is supplied to the fucntion cannot be MBEDTLS_MD_MAX_SIZE. This would result in all tests failing. Since the md alg for all of these funtions are SHA256, we can use mbedtls functions to get
the required length of a SHA256 digest (32 bytes). Then that number can be used for allocating the
hash buffer.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2021-06-29 09:31:06 -04:00
Nick Child
b6d5693be2 pk.c: Ensure hash_len equals hash in pk_hashlen_helper 
The function `pk_hashlen_helper` exists to ensure a valid hash_len is
used in pk_verify and pk_sign functions. This function has been
used to adjust to the corrsponding hash_len if the user passes in 0
for the hash_len argument based on the md algorithm given. If the user
does not pass in 0 as the hash_len, then it is not adjusted. This is
problematic if the user gives a hash_len and hash buffer that is less than the
associated length of the md algorithm. This error would go unchecked
and eventually lead to buffer overread when given to specific pk_sign/verify
functions, since they both ignore the hash_len argument if md_alg is not MBEDTLS_MD_NONE.

This commit, adds a conditional to `pk_hashlen_helper` so that an
error is thrown if the user specifies a hash_length (not 0) and it is
not equal to the expected for the associated message digest algorithm.
This aligns better with the api documentation where it states "If
hash_len is 0, then the length associated with md_alg is used instead,
or an error returned if it is invalid"

Signed-off-by: Nick Child <nick.child@ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
 2021-06-29 09:31:06 -04:00
gabor-mezei-arm
e4b7499f74 Refactor handlibg of the key usage flags 
Move implicit usage flags handling to the StorageKey class.
Create a subclass for test case data.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 15:29:24 +02:00
gabor-mezei-arm
61739e3fd3 Fix changelog entry 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 11:22:34 +02:00
gabor-mezei-arm
5071a2e30e Use regexp pattern instaed of string 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 11:19:41 +02:00
gabor-mezei-arm
7e0d724d40 Keep the imported classes sorted 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 11:17:14 +02:00
gabor-mezei-arm
7b302089b1 Update key policy testing test cases 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 11:08:47 +02:00
gabor-mezei-arm
5eca4f2bb5 Rename test cases 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 11:07:34 +02:00
gabor-mezei-arm
659af9e2f3 Remove unneeded test case parameter 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 11:06:16 +02:00
Dave Rodgman
dd5f624f32 Fix TLS alert codes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 09:45:08 +01:00
gabor-mezei-arm
7a163603ea Add changelog entry 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 21:36:58 +02:00
gabor-mezei-arm
805c735a8b Move key type validation to crypto_knowledge 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 21:36:58 +02:00
gabor-mezei-arm
5ea30377d3 Refactor key generation 
Remove the key builder and use iterator instead of lists.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 21:36:58 +02:00
gabor-mezei-arm
acfcc18697 Rename variables and funcions 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 19:39:31 +02:00
gabor-mezei-arm
e84d321317 Use string in dict instead of Expr object 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 16:54:11 +02:00
gabor-mezei-arm
4781263704 Remove unnecessary test cases 
It is enough only one test case for a key type, algorithm pair when
testing the implicit usage flags.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 16:41:36 +02:00
gabor-mezei-arm
927742ec71 Add better name for variables 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 16:41:35 +02:00
gabor-mezei-arm
705c452fd0 Simplify code 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 16:41:35 +02:00
gabor-mezei-arm
6c18541a5e Fix comment 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 16:41:31 +02:00
gabor-mezei-arm
79df41dfca Remove unneeded test case parameter 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 15:37:36 +02:00
gabor-mezei-arm
58e510f201 Simplify test function 
Use the updated usage flags as expected.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 15:37:36 +02:00
gabor-mezei-arm
ff03fd6213 Rename function to conform to the library 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 15:37:36 +02:00
gabor-mezei-arm
7907be3f32 Give better name for test cases 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 15:37:36 +02:00
gabor-mezei-arm
7d2ec9a223 Fix generated file modification 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 15:28:36 +02:00
gabor-mezei-arm
bce8527698 Fix test case duplication 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 15:28:36 +02:00
gabor-mezei-arm
b92d61b7e6 Fix pylint issues 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 15:28:36 +02:00
gabor-mezei-arm
de25402300 Fix tests 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 15:28:36 +02:00
gabor-mezei-arm
044fefcdfb Add test case generation for usage extensions when loading keys 
Add test cases validating that if a stored key only had the hash policy,
then after loading it psa_get_key_attributes reports that it also has the
message policy, and the key can be used with message functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 15:28:36 +02:00
gabor-mezei-arm
15c1f03f78 Add key usage policy extension support for key generation 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-28 15:28:34 +02:00