| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Prepare Release Candidate for Mbed TLS 2.24.0
|
|
Fix alignment where necessary and update ChangeLog header.
Signed-off-by: Janos Follath <janos.follath@arm.com>
|
|
Executed "./scripts/bump_version.sh --version 2.24.0"
Signed-off-by: Janos Follath <janos.follath@arm.com>
|
|
Executed scripts/assemble_changelog.py.
Signed-off-by: Janos Follath <janos.follath@arm.com>
|
|
|
|
Minor fixes in PSA code and tests
|
|
Always revoke certificate on CRL
|
|
PSA: add negative MAC tests
|
|
The documentation had the boolean meaning of the return value inverted.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
Add a ChangeLog entry for local Lucky13 variant
|
|
Return a name that more clearly returns nonzero=true=good, 0=bad. We'd
normally expect check_xxx to return 0=pass, nonzero=fail so
check_parity was a bad name.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
|
|
Add negative tests for psa_mac_verify_finish: too large, too small, or
a changed byte.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
An early draft of the PSA crypto specification required multipart
operations to keep working after destroying the key. This is no longer
the case: instead, now, operations are guaranteed to fail. Mbed TLS
does not comply yet, and still allows the operation to keep going.
Stop testing Mbed TLS's non-compliant behavior.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
Test psa_mac_sign_finish with a smaller or larger buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
Rely on Asan to detect a potential buffer overflow, instead of doing a
manual check. This makes the code simpler and Asan can detect
underflows as well as overflows.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
We expect PSA_MAC_FINAL_SIZE to be exact in this implementation, so
check it here.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
In the cleanup code for persistent_key_load_key_from_storage(), we
only attempt to reopen the key so that it will be deleted if it exists
at that point. It's intentional that we do nothing if psa_open_key()
fails here.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
Let static analyzers know that it's ok if remove() fails here.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
Let static analyzers know that it's ok if psa_its_remove() fails here.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
Let static analyzers know that it's ok if remove() fails here.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
|
|
Constant-flow copy of HMAC from variable position
|
|
If any of the TEST_ASSERT()s that are before the call to
mbedtls_pk_warp_as_opaque() failed, when reaching the exit label
psa_destroy_key() would be called with an uninitialized argument.
Found by Clang.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
|
|
Support building on e2k (Elbrus) architecture
|
|
Suggsted by @hanno-arm
Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
|
|
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
|
|
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
|
|
Fix bug in redirection of unit test outputs
|
|
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
|
|
Add support for password protected key files to ssl_server2 and ssl_client2
|
|
I might be wrong, but lcc's optimizer is curious about this,
and I am too: shouldn't we free allocated stuff correctly
before exiting `dh_genprime` in this certain point of code?
Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
|
|
Fix compat.sh with ubuntu 16.04 gnutls
|
|
After the changes of certificates, it's no longer needed.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
|
|
Replace server2.crt with server2-sha256.crt which, as the name implies, is
just the SHA-256 version of the same certificate.
Replace server1.crt with cert_sha256.crt which, as the name doesn't imply, is
associated with the same key and just have a slightly different Subject Name,
which doesn't matter in this instance.
The other certificates used in this script (server5.crt and server6.crt) are
already signed with SHA-256.
This change is motivated by the fact that recent versions of GnuTLS (or older
versions with the Debian patches) reject SHA-1 in certificates by default, as
they should. There are options to still accept it (%VERIFY_ALLOW_BROKEN and
%VERIFY_ALLOW_SIGN_WITH_SHA1) but:
- they're not available in all versions that reject SHA-1-signed certs;
- moving to SHA-2 just seems cleaner anyway.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
|
|
Recent GnuTLS packages on Ubuntu 16.04 have them disabled.
From /usr/share/doc/libgnutls30/changelog.Debian.gz:
gnutls28 (3.4.10-4ubuntu1.5) xenial-security; urgency=medium
* SECURITY UPDATE: Lucky-13 issues
[...]
- debian/patches/CVE-2018-1084x-4.patch: hmac-sha384 and sha256
ciphersuites were removed from defaults in lib/gnutls_priority.c,
tests/priorities.c.
Since we do want to test the ciphersuites, explicitly re-enable them in the
server's priority string. (This is a no-op with versions of GnuTLS where those
are already enabled by default.)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
|
|
Fix memory leak in mbedtls_md_setup with HMAC
|
|
Avoid replacing handle. stdout is defined as a macro on several platforms.
Signed-off-by: gufe44 <gu981@protonmail.com>
|
|
Update remaining copyright notices to use Linux Foundation guidance
|
|
Update copyright notices to newly added files since merge of original
PR #3546 "Update copyright notices to use Linux Foundation guidance".
Generated using the same script.
Signed-off-by: Dan Handley <dan.handley@arm.com>
|
|
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
|
|
* development:
Update copyright notices to use Linux Foundation guidance
Undef ASSERT before defining it to ensure that no previous definition has sneaked in through included files.
Add ChangeLog entry for X.509 CN-type vulnerability
Improve documentation of cn in x509_crt_verify()
Fix comparison between different name types
Add test: DNS names should not match IP addresses
Remove obsolete buildbot reference in compat.sh
Fix misuse of printf in shell script
Fix added proxy command when IPv6 is used
Simplify test syntax
Fix logic error in setting client port
ssl-opt.sh: include test name in log files
ssl-opt.sh: remove old buildbot-specific condition
ssl-opt.sh: add proxy to all DTLS tests
Signed-off-by: Dan Handley <dan.handley@arm.com>
|
|
Fix location of a ChangeLog entry file
|
|
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
|
|
all.sh component test_valgrind_constant_flow is now passing.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
|
|
Currently the new component in all.sh fails because
mbedtls_ssl_cf_memcpy_offset() is not actually constant flow - this is on
purpose to be able to verify that the new test works.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
|
