AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
13,055 Commits 1 Branch 0 Tags 61 MiB
110a794e93
Commit Graph

13055 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Nicola Di Lieto
110a794e93 Add ChangeLog.d/new-mbedtls_x509_crt_parse_der_with_ext_cb_routine.txt 
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
 2020-05-29 23:27:47 +02:00
Nicola Di Lieto
e58b4638e5 Unsupported extension tests in test_suite_x509parse 
All combinations of critical or not, recognized or not by the
callback are now tested as requested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432647880

In addition pass the OID of the unsupported extension to be parsed
to the callback using the opaque pointer, which makes the tests fail
if the library forwards the wrong pointer to the callback, as
requested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432647392

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
 2020-05-29 23:11:28 +02:00
Nicola Di Lieto
565b52bb72 mbedtls_x509_crt_parse_der_with_ext_cb improvement 
Continue parsing when the callback fails to parse a non critical
exception. Also document the behaviour more extensively and pass
the callback error code to the caller unaltered.

See https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432630548
and https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r432630968

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
 2020-05-29 23:09:47 +02:00
Nicola Di Lieto
5659e7e889 Add opaque context to mbedtls_x509_crt_ext_cb_t 
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
 2020-05-28 23:41:38 +02:00
Nicola Di Lieto
17bb60c0f1 Tests for mbedtls_x509_crt_parse_der_with_ext_cb 
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
 2020-05-28 23:20:47 +02:00
Nicola Di Lieto
5f6ebdebdb Fix wrong parameter name in comment 
Detected by Travis
https://travis-ci.org/github/ARMmbed/mbedtls/jobs/692213150

/home/travis/build/ARMmbed/mbedtls/include/mbedtls/x509_crt.h:333:
warning: argument 'make_copy' of command @param is not found in the
argument list of mbedtls_x509_crt_parse_der_with_ext_cb(mbedtls_x509_crt
*chain, const unsigned char *buf, size_t buflen, int no_copy,
mbedtls_x509_crt_ext_cb_t cb)

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
 2020-05-28 23:20:46 +02:00
Nicola Di Lieto
2c3a917393 Minor style improvement 
Co-authored-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
 2020-05-28 23:20:46 +02:00
Nicola Di Lieto
4dbe5676af mbedtls_x509_crt_parse_der_with_ext_cb enhancement 
added make_copy parameter as suggested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r431233555

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
 2020-05-28 17:17:27 +02:00
Nicola Di Lieto
fae25a13d9 mbedtls_x509_crt_ext_cb_t definition changed 
As suggested in
https://github.com/ARMmbed/mbedtls/pull/3243#discussion_r431238005

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
 2020-05-28 17:17:27 +02:00
Nicola Di Lieto
fde98f7773 Rename mbedtls_x509_crt_parse_der_ext 
new name: mbedtls_x509_crt_parse_der_with_ext_cb

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
 2020-05-28 17:17:27 +02:00
ndilieto
6e24980cc6 Minor style and documentation improvements 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
 2020-05-28 17:17:27 +02:00
Nicola Di Lieto
502d4b4510 New mbedtls_x509_crt_parse_der_ext() routine 
This routine is functionally equivalent to mbedtls_x509_crt_parse_der(),
but it accepts an additional callback function which it calls with
every unsupported certificate extension.

Proposed solution to https://github.com/ARMmbed/mbedtls/issues/3241

Signed-off-by: Nicola Di Lieto <nicola.dilieto@gmail.com>
 2020-04-25 14:46:04 +02:00
Manuel Pégourié-Gonnard
b1c8e41ae3
Merge pull request #3209 from aurel32/fix-ecp_double_add_mxz 
Fix wrong modulo call in ecp_double_add_mxz
 2020-04-24 09:28:17 +02:00
Aurelien Jarno
66deb38d64 Fix wrong modulo call in ecp_double_add_mxz 
ecp_double_add_mxz wrongly does an MPI addition followed by a call to
MOD_MUL instead of MOD_ADD. This is more visible since the
mbedtls_mpi_xxx_mod functions have been added in commit 3b3b34f608
("Replace some macros by functions").

Fix that by using mbedtls_mpi_add_mod instead. The testsuite still
passes after that change.

Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
 2020-04-23 23:16:11 +02:00
danh-arm
494f6cb823
Merge pull request #3153 from kennethsoerensen/format-signedness 
Fix GCC format-signedness warnings
 2020-04-23 11:00:45 +01:00
Kenneth Soerensen
518d435e7b Fix GCC format-signedness warnings 
Signed-off-by: Kenneth Soerensen <knnthsrnsn@gmail.com>
 2020-04-22 16:01:48 +02:00
Manuel Pégourié-Gonnard
6bd4c79999
Merge pull request #3150 from irwir/fix_ssl_srv 
Simplify checks in ssl_write_certificate_request
 2020-04-22 09:31:00 +02:00
Gilles Peskine
5cac337228
Merge pull request #3208 from irwir/fix_md.c 
Fix "same actions in two cases of a switch statement" warning
 2020-04-21 16:25:20 +02:00
Gilles Peskine
dc9c47da6c
Merge pull request #3176 from aggarg/development 
Add support for const error description strings
 2020-04-21 13:57:11 +02:00
irwir
c9bc300724 Simplify bounds check in ssl_write_certificate_request 
It is sufficient to check for the strongest limit only. Using a smaller
type ensures there is no overflow (assuming size_t is at least 32 bits).

Fixes #2916

Signed-off-by: irwir <irwir@users.noreply.github.com>
 2020-04-21 14:51:08 +03:00
Gilles Peskine
e50c6edeee
Merge pull request #3210 from gilles-peskine-arm/ssl_context_info-fix_checks 
Re-generate a file
 2020-04-21 10:20:20 +02:00
Gaurav Aggarwal
6ea4fc7b53 Address review comments 
1. The functions mbedtls_high_level_strerr and mbedtls_low_level_strerr
   accept any error code and extract the high-level and low-level parts
   respectively.
2. Documentation updates.

Signed-off-by: Gaurav Aggarwal <aggarg@amazon.com>
 2020-04-20 16:03:46 -07:00
Gilles Peskine
3669208c8e Re-run generate_visualc_files.pl 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-04-20 21:44:57 +02:00
Jaeden Amero
3a7ca1d0cb
Merge pull request #3194 from piotr-now/serialized_to_file 
Saving the serialized context to a file
 2020-04-20 15:50:12 +01:00
Gilles Peskine
b72df54f9b
Merge pull request #2840 from k-stachowiak/check-bounds-of-test-intex-in-suites 
Add lower bound check to function index lookup
 2020-04-20 15:19:55 +02:00
Gilles Peskine
5a2710e9af
Merge pull request #3120 from gilles-peskine-arm/check-windows-files 
Check Windows files for sanity as well
 2020-04-20 13:59:27 +02:00
irwir
f0fec77e3e Fix "same actions in two cases of a switch statement" warning 
Resolves #3202

Signed-off-by: irwir <irwir@users.noreply.github.com>
 2020-04-20 13:56:09 +03:00
Gilles Peskine
23352a39a9
Merge pull request #3177 from mpg/fix-overflow-benchmark-dev 
Fix arithmetic overflow in benchmark
 2020-04-20 12:02:45 +02:00
Gilles Peskine
bb6b163cb0
Merge pull request #3162 from mpg/sort-lists 
Improve formatting of lists in Makefile, CMakeLists.txt and .gitignore
 2020-04-20 10:16:32 +02:00
Gilles Peskine
5c34ee14d3
Merge pull request #3118 from gilles-peskine-arm/pylint-up-to-2.4-development 
Pass Pylint up to 2.4
 2020-04-20 09:47:40 +02:00
Piotr Nowicki
3de298f18f Saving the serialized context to a file 
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
 2020-04-17 16:26:43 +02:00
Piotr Nowicki
136bebf934 Add missing newline character 
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
 2020-04-17 14:47:33 +02:00
Manuel Pégourié-Gonnard
6ff11895f4 Sort lists in .gitignore files 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2020-04-17 11:58:54 +02:00
Manuel Pégourié-Gonnard
6f830251a1 Sort lists in CMakeLists.txt files 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2020-04-17 11:58:54 +02:00
Manuel Pégourié-Gonnard
10a5b535f1 Sort lists in Makefiles and have one item per line 
A file generated based on the output of `make list` from programs has been
re-generated.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2020-04-17 11:57:50 +02:00
Manuel Pégourié-Gonnard
5edd388da0 Get rid of a magic value in benchmark.c 
Also update its value while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2020-04-17 11:28:25 +02:00
Gilles Peskine
5f69cbe2cc
Merge pull request #3155 from ronald-cron-arm/unmet-dependencies-buffer-overflow-fix 
Unmet dependencies buffer overflow fix
 2020-04-17 10:08:14 +02:00
Jaeden Amero
31f4cd9de2
Merge pull request #3192 from AndrzejKurek/max_pathlen_overflow 
Guard from undefined behaviour in case of an INT_MAX max_pathlen
 2020-04-16 16:29:44 +01:00
Jaeden Amero
ed9e4779ab
Merge pull request #3127 from piotr-now/ssl_base64_dump 
Add program for deserializing from base64 code
 2020-04-16 12:00:25 +01:00
Piotr Nowicki
9978e6ee14 Add tests for the ssl_context_info program 
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
 2020-04-15 16:21:36 +02:00
Andrzej Kurek
1605074f97
Guard from undefined behaviour in case of an INT_MAX max_pathlen 
When parsing a certificate with the basic constraints extension
the max_pathlen that was read from it was incremented regardless
of its value. However, if the max_pathlen is equal to INT_MAX (which
is highly unlikely), an undefined behaviour would occur.
This commit adds a check to ensure that such value is not accepted
as valid. Relevant tests for INT_MAX and INT_MAX-1 are also introduced.
Certificates added in this commit were generated using the
test_suite_x509write, function test_x509_crt_check. Input data taken 
from the "Certificate write check Server1 SHA1" test case, so the generated
files are like the "server1.crt", but with the "is_ca" field set to 1 and
max_pathlen as described by the file name.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2020-04-15 06:15:45 -04:00
Janos Follath
a18c4f35c9
Merge pull request #686 from ARMmbed/merge-2.22.0-release-to-development 
Merge 2.22.0 release to development
 2020-04-14 16:21:53 +01:00
Piotr Nowicki
97dcb1c8f2 Add required configuration to the ssl_context_info 
Required:
  MBEDTLS_X509_CRT_PARSE_C
  MBEDTLS_ERROR_C

Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
 2020-04-14 16:40:48 +02:00
Piotr Nowicki
02cc3fb070 Add dynamic buffer allocation and size checking 
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
 2020-04-14 16:40:48 +02:00
Piotr Nowicki
bc876d4516 Rename program 'ssl_base64_dump' to 'ssl_context_info' 
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
 2020-04-14 16:40:48 +02:00
Piotr Nowicki
f86192f72a Add support for Microsoft Visual Studio 
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
 2020-04-14 16:40:48 +02:00
Piotr Nowicki
e5fa8b7cdf Add certificate printing 
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
 2020-04-14 16:40:42 +02:00
Manuel Pégourié-Gonnard
5d318cc22b
Merge pull request #3130 from gbryant-arm/generic-psk 
Clarify and simplify PSK
 2020-04-14 10:54:01 +02:00
Piotr Nowicki
4e192000fa Add session deserializing (not completed) 
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
 2020-04-14 10:46:23 +02:00
Piotr Nowicki
ab3ecd8ac2 Print more information and add TODOs 
Signed-off-by: Piotr Nowicki <piotr.nowicki@arm.com>
 2020-04-14 10:46:23 +02:00