lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-11-09 18:00:58 +03:00
Code Activity
25,003 Commits 176 Branches 276 Tags
c18cd89b718a664b4c31c29c8eaa573360d8670c
Commit Graph

25003 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Tom Cosgrove
42dfac6ae8 Rename variables and update comments in mpi_core_mla test 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 11:27:39 +01:00
Tom Cosgrove
a043aeb95c Rename variables and update comments in mpi_core_sub test 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 11:27:39 +01:00
Tom Cosgrove
eceb4ccfc3 Rename variables and update comments in mpi_core_add_if test 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 11:27:31 +01:00
Tom Cosgrove
1b2947a614 Remove mbedtls_ prefix from bignum test cases 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-02 10:24:55 +01:00
Andrzej Kurek
216baca131 pkcs5: improve error handling 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:15:34 -04:00
Andrzej Kurek
e3d544c58f Minor PKCS5 improvements 
Add consts, more elegant size calculation and 
variable initialization.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:07:15 -04:00
Andrzej Kurek
7a32072038 Setup / deinitialize PSA in pk tests only if no MD is used 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:07:15 -04:00
Andrzej Kurek
3d0dfb99c9 Change the pkcs5_pbkdf2_hmac deprecation approach 
The shared part has now been extracted and will
be used regardless of the deprecation define.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:07:15 -04:00
Andrzej Kurek
f000471c66 Add missing MD dependency for pkcs5_pbkdf2_hmac 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:07:15 -04:00
Andrzej Kurek
11265d78bb Remove PKCS5 from the ref config in the migration script 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:06:54 -04:00
Andrzej Kurek
26909f348f Add PSA initialization and teardown to tests using pkcs5 
If PSA is defined and there is no MD - an initialization
is required.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:05:37 -04:00
Andrzej Kurek
a57267c758 Add a possibility to call PSA_INIT without MBEDTLS_PSA_CRYPTO_C 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:05:37 -04:00
Andrzej Kurek
37a17e890c Enable PKCS5 in no-md builds in all.sh 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:05:33 -04:00
Andrzej Kurek
345a92b321 Adjust PKCS5 dependencies in check_config 
It's possible to build PKCS5 with PSA instead of MD
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek
65bf73ed6a Enable HMAC in config_psa.h regardless of MD availability 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek
ed98e95c81 Adjust pkcs5 test dependencies 
Hashing via PSA is now supported 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek
890e78ae66 Deprecate mbedtls_pkcs5_pbkdf2_hmac 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Andrzej Kurek
dd36c76f09 Provide a version of pkcs5_pbkdf2_hmac without MD usage 
Use the new implementation locally
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-02 04:03:25 -04:00
Manuel Pégourié-Gonnard
97fc247d6a Merge pull request #6232 from AndrzejKurek/pkcs12-no-md 
Remove MD dependency from pkcs12 module
 2022-09-02 09:43:13 +02:00
Nick Child
62b2d7e7d4 pkcs7: Support verification of hash with multiple signers 
Make `mbedtls_pkcs7_signed_hash_verify` loop over all signatures in the
PKCS7 structure and return success if any of them verify successfully.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Daniel Axtens
3538479faa pkcs7: support multiple signers 
Rather than only parsing/verifying one SignerInfo in the SignerInfos
field of the PKCS7 stucture, allow the ability to parse and verify more
than one signature. Verification will return success if any of the signatures
produce a match.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
8a10f66692 test/pkcs7: Add init for PSA tests 
Initialize the PSA subsystem in the test functions.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
5d881c36ea pkcs7: Change copyright 
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
45525d3768 pkcs7: Fix dependencies for pkcs7 tests 
Fixes include removing PEM dependency for greater
coverage when PEM config is not set and defining
test dependencies at the appropriate level.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
6427b34dec pkcs7.c: Use pkcs7_get_version for signerInfo 
The function pkcs7_get_version can be used again
when parsing the version of the signerInfo. Both
require that the version be equal to 1. The
pkcs7_get_version function will return error
if the found value is not the expected version
as opposed to mbedtls_asn1_get_int which does not.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
6671841d91 pkcs7.c: Do not ignore return value of mbedlts_md 
CI was failing due to the return value of mbedtls_md being ignored.
If this function does fail, return early and propogate the md error.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Manuel Pégourié-Gonnard
600bd30427 Avoid unwanted eol conversion of test data 
Also, text files don't need to be generated by the Makefile.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
390e61a47a pkcs7.h: Make pkcs7 fields private 
All fields in the mbedtls_pkcs7 struct have been made private with MBEDTLS_PRIVATE.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nick Child
c448c94fe3 pkcs7: pkcs7_get_content_info_type should reset *p on error 
The function `pkcs7_asn1_get_tag` should return an update pointer only
on success. Currently, the pointer is being updated on a failure case.
This commit resets *p to start if the first call to
mbedtls_asn1_get_tag fails.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-01 19:45:41 -05:00
Nayna Jain
136c6aa467 mbedtls: add pkcs7 test data 
This commit adds the static test data generated by
commands from Makefile.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
 2022-09-01 19:45:41 -05:00
Nayna Jain
106a0afc5a pkcs7: provide fuzz harness 
This allows for pkcs7 fuzz testing with OSS-Fuzz.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
 2022-09-01 19:45:41 -05:00
Daniel Axtens
aa91d4ef0b pkcs7: build under CMake 
The patch updates CMakeLists.txt to include pkcs7.

Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-09-01 19:45:41 -05:00
Nayna Jain
ca07f06024 mbedtls: add pkcs7 in generate_errors.pl 
This patch updates the generate_errors.pl to handle
PKCS7 code as well.

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
 2022-09-01 19:45:41 -05:00
Nayna Jain
673a226698 pkcs7: add support for signed data 
OpenSSL provides APIs to generate only the signted data
format PKCS7 i.e. without content type OID. This patch
adds support to parse the data correctly even if formatted
only as signed data

Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
 2022-09-01 19:45:41 -05:00
Nayna Jain
c9deb184b0 mbedtls: add support for pkcs7 
PKCS7 signing format is used by OpenPOWER Key Management, which is
using mbedtls as its crypto library.

This patch adds the limited support of pkcs7 parser and verification
to the mbedtls. The limitations are:

* Only signed data is supported.
* CRLs are not currently handled.
* Single signer is supported.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
 2022-09-01 19:45:33 -05:00
Tuvshinzaya Erdenekhuu
7714368667 Remove unused variable 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-09-01 17:11:14 +01:00
Tuvshinzaya Erdenekhuu
08b223443f Add new tests 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-09-01 16:18:00 +01:00
Tuvshinzaya Erdenekhuu
fe7524de03 Make minor style change 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-09-01 16:07:18 +01:00
Tom Cosgrove
b0fb17a829 Use ASSERT_COMPARE() instead of memcmp() in new tests 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-01 15:04:43 +01:00
Andrzej Kurek
e16e6edfce Remove the dependency on MD_MAX_SIZE from PKCS12 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-01 08:57:59 -04:00
Andrzej Kurek
7bd12c5d5e Remove MD dependency from pkcs12 module 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-01 08:57:41 -04:00
Tom Cosgrove
9339f05a81 Swap arguments of TEST_EQUAL() where it improves readability 
Especially for a sequence of similar lines of test code, or where the result of
an expression is being compared to a short integer (especially 0 or 1).

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-01 13:02:53 +01:00
Manuel Pégourié-Gonnard
0777ec1625 Merge pull request #6109 from superna9999/6100-crash-in-test-suite-x509write 
Crash in test suite x509write config full no seedfile
 2022-09-01 11:18:30 +02:00
Tom Cosgrove
f0b2231fcd Update comments at the end of montmul following Gilles' feedback 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-31 17:57:34 +01:00
Tom Cosgrove
5eefc3db3f Move macros to come before function declarations 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-31 17:16:50 +01:00
Werner Lewis
aaf3b79bbb Use Python 3.5 style typing for dependencies 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-31 17:16:44 +01:00
Tom Cosgrove
630110ab23 Fix documentation where ciL should be biL 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-31 17:15:04 +01:00
Tom Cosgrove
ed43c6caeb In add_if(), B MAY be aliased to A. Also update another comment for consistency. 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-31 17:15:04 +01:00
Tom Cosgrove
9354990a54 Don't use multiplication by condition in even a semi-constant time function 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-08-31 17:15:02 +01:00
Werner Lewis
466f036326 Add dependencies attribute to BaseTarget 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-08-31 17:01:38 +01:00