Manuel Pégourié-Gonnard
350d4c3630
Merge pull request #327 from gilles-peskine-arm/psa-hash_compute
...
Implement psa_hash_compute and psa_hash_compare
2020-01-31 09:31:41 +01:00
Manuel Pégourié-Gonnard
ead19fecf9
Merge pull request #2975 from mpg/add-zlib-tests-dev
...
Add zlib tests and fix runtime bug
2020-01-31 09:22:24 +01:00
Janos Follath
b719d4bede
Merge pull request #2963 from jiblime/zlib-fix into development
2020-01-30 16:15:16 +00:00
Gilles Peskine
13faa2d920
Don't declare a parameter as const
...
An earlier commit fixed this for psa_hash_compare. psa_mac_verify had
the same flaw.
2020-01-30 16:32:21 +01:00
Manuel Pégourié-Gonnard
bc4da29d06
De-duplicate SHA1-independent test in ssl-opt.sh
...
The splitting of this test into two versions depending on whether SHA-1 was
allowed by the server was a mistake in
5d2511c4d4
- the test has nothing to do with
SHA-1 in the first place, as the server doesn't request a certificate from
the client so it doesn't matter if the server accepts SHA-1 or not.
2020-01-30 12:45:14 +01:00
Gilles Peskine
88e08464f5
Add dedicated test cases for psa_hash_compare
...
psa_hash_compare is tested for good cases and invalid-signature cases
in hash_compute_compare. Also test invalid-argument cases. Also run a
few autonomous test cases with valid arguments.
2020-01-30 12:27:14 +01:00
Gilles Peskine
29eb80d26c
Remove some spurious dependencies on MBEDTLS_SHA256_C
2020-01-30 12:27:14 +01:00
Gilles Peskine
fa710f5c6a
Don't declare a parameter as const
...
Whether a parameter should be const is an implementation detail of the
function, so don't declare a parameter of psa_hash_compare as
const. (This only applies to parameters themselves, not to objects
that pointer parameters points to.)
2020-01-30 12:27:14 +01:00
Gilles Peskine
1fb7aea9b3
Add command line option to hide warnings
2020-01-30 12:27:14 +01:00
Gilles Peskine
84b8fc8213
Use psa_hash_compute in psa_hmac_setup_internal
2020-01-30 12:27:14 +01:00
Gilles Peskine
7b8efaffaa
Add missing dependencies on MBEDTLS_MD_C
...
The PSA implementations of deterministic ECDSA, of all RSA signatures
and of RSA OAEP use the MD module.
2020-01-30 12:27:14 +01:00
Gilles Peskine
aead02cce9
Remove obsolete dependencies on MBEDTLS_MD_C
...
The PSA implementation of hash algorithms, HMAC algorithms and KDF
algorithms using HMAC no longer use the MD module.
2020-01-30 12:27:14 +01:00
Gilles Peskine
0a749c8fa3
Implement and test psa_hash_compute, psa_hash_compare
2020-01-30 12:27:12 +01:00
Gilles Peskine
afc9db8bb7
Fix version number recognition heuristics
...
The regexp was wrong, for example it matched "2.20x" but failed to
match "3.1".
Some test cases:
>>> def f(title):
... version_number = re.search(_version_number_re, title)
... if version_number:
... return not re.search(_incomplete_version_number_re,
... version_number.group(0))
... else:
... return False
...
>>> [(s, f(s.encode('ascii'))) for s in ['foo', 'foo 3', 'foo 3.', 'foo 3.1', 'foo 3.14', 'foo 3.2.1', 'foo 3.2.1alpha', 'foo 3.1.a', 'foo 3.a', 'foo 3.x.1']]
[('foo', False), ('foo 3', False), ('foo 3.', False), ('foo 3.1', True), ('foo 3.14', True), ('foo 3.2.1', True), ('foo 3.2.1alpha', True), ('foo 3.1.a', False), ('foo 3.a', False), ('foo 3.x.1', False)]
2020-01-30 11:38:01 +01:00
Jaeden Amero
79ef1d4e55
Merge pull request #2987 from AndrzejKurek/iotssl-2958-datagram-transport-simulated
...
Message transport mocks in ssl tests
2020-01-30 10:23:27 +00:00
Manuel Pégourié-Gonnard
77cbeff04c
Fix ssl-opt.sh for GnuTLS versions rejecting SHA-1
...
While the whole script makes (often implicit) assumptions about the version of
GnuTLS used, generally speaking it should work out of the box with the version
packaged on our reference testing platform, which is Ubuntu 16.04 so far.
With the update from Jan 8 2020 (3.4.10-4ubuntu1.6), the patches for rejecting
SHA-1 in certificate signatures were backported, so we should avoid presenting
SHA-1 signed certificates to a GnuTLS peer in ssl-opt.sh.
2020-01-30 11:22:57 +01:00
Manuel Pégourié-Gonnard
f712e163b0
Merge pull request #179 from mpg/sha512-no-sha384
...
Add option to build SHA-512 without SHA-384
2020-01-30 10:32:20 +01:00
Manuel Pégourié-Gonnard
2b9ebce4e1
Remove deprecated modules from config.py full
2020-01-30 10:16:15 +01:00
Andres Amaya Garcia
835b299e5e
Fix wording of deprecated docs for SSL2 and SSL3 features
2020-01-30 10:16:15 +01:00
Andres Amaya Garcia
e58532e1db
Favour DEPRECATED_REMOVED over DEPRECATED_WARNING
2020-01-30 10:16:15 +01:00
Andres Amaya Garcia
88c2cc7213
Deprecate MBEDTLS_SSL_PROTO_SSL3
2020-01-30 10:16:15 +01:00
Andres Amaya Garcia
09634248cb
Deprecate MBEDTLS_SSL_SRV_SUPPORT_SSLV2_CLIENT_HELLO
2020-01-30 10:16:13 +01:00
Manuel Pégourié-Gonnard
d020bfc396
Merge pull request #2949 from zfields/patch-1
...
[cmake] Propagate public headers
2020-01-30 09:53:16 +01:00
Janos Follath
8b38978b85
Merge pull request #349 from gilles-peskine-arm/coverity-20200115-crypto
...
Fix minor defects found by Coverity
2020-01-29 15:05:11 +00:00
Janos Follath
ba1150f822
Merge pull request #2995 from gilles-peskine-arm/coverity-20200115-tls into development
2020-01-29 14:51:24 +00:00
Manuel Pégourié-Gonnard
74ca84a7a9
Fix some whitespace issues
2020-01-29 09:46:49 +01:00
Gilles Peskine
907e95aa20
Clarify that what we're dropping is pkcs11-helper support
...
The PKCS11 module does not directly interface with PKCS#11 (also known
as Cryptoki), but with the pkcs11-helper library.
2020-01-29 09:40:32 +01:00
Andres Amaya Garcia
312431b398
Fix typo in doxy docs for ssl_pkcs11_sign()
2020-01-29 09:40:32 +01:00
Andres Amaya Garcia
b37268d916
Add missing docs to PKCS#11 public funcs
2020-01-29 09:40:32 +01:00
Andres Amaya Garcia
9fc82efc6c
Wrap PKCS1 module with DEPRECATED_REMOVED
2020-01-29 09:40:32 +01:00
Andres Amaya Garcia
99fc3876ed
Fix deprecated docs for PKCS1
2020-01-29 09:40:32 +01:00
Andres Amaya Garcia
0d6e108b13
Deprecate MBEDTLS_PKCS11_C functions
2020-01-29 09:40:32 +01:00
Andres Amaya Garcia
2047cd9ed6
Add ChangeLog entry for MBEDTLS_PKCS11_C deprecation
2020-01-29 09:40:32 +01:00
Andres Amaya Garcia
be3a4406d2
Deprecate MBEDTLS_PKCS11_C feature
2020-01-29 09:38:31 +01:00
Ercan Ozturk
d437309ae2
Fix debug message by using the correct function name called
2020-01-28 21:51:04 -08:00
Jack Lloyd
2e9eef4f7b
Final review comments
2020-01-28 14:43:52 -05:00
Gilles Peskine
a26079613a
Create a new level-2 section if needed
...
Automatically create a level-2 section for unreleased changes if needed.
2020-01-28 19:58:17 +01:00
Gilles Peskine
da14e8225e
Remove useless blank line removal in ChangeLog.write
...
The parsing functions eliminate blank lines, so there shouldn't be any
at this stage.
2020-01-28 19:27:54 +01:00
Gilles Peskine
37d670a1e1
Document read_main_file and simplify the logic a little
2020-01-28 19:27:54 +01:00
Gilles Peskine
974349d40e
Style: follow PEP8
2020-01-28 19:00:59 +01:00
Gilles Peskine
d8b6c77388
Use OrderedDict instead of reinventing it
2020-01-28 18:57:47 +01:00
Jaeden Amero
c0c92fea3d
Merge pull request #3008 from jp-bennett/development
...
Allow loading symlinked certificates
2020-01-28 15:55:33 +00:00
Jaeden Amero
bfc73bcfd2
Merge pull request #2988 from piotr-now/iotssl-2954-custom-io-callbacks-to-ssl-unit-test
...
Changes in custom IO callbacks used in unit tests
2020-01-28 14:46:13 +00:00
Piotr Nowicki
d796e19d3b
Fix memory allocation fail in TCP mock socket
...
Because two buffers were aliased too early in the code, it was possible that
after an allocation failure, free() would be called twice for the same pointer.
2020-01-28 13:04:21 +01:00
Janos Follath
4c987e2c83
Merge pull request #2993 from yanesca/bump-version-2.20.0
...
Bump version to Mbed TLS 2.20.0
2020-01-28 11:31:57 +00:00
Manuel Pégourié-Gonnard
042c5e4217
Merge pull request #3000 from gilles-peskine-arm/changelog-2.20.0
...
Add changelog entries for the crypto changes in 2.20.0
2020-01-28 09:38:30 +01:00
Manuel Pégourié-Gonnard
358462df85
Merge pull request #354 from mpg/fix-ecdsa-pointer-inc
...
Fix incrementing pointer instead of value
2020-01-28 09:26:28 +01:00
Jack Lloyd
60239753d2
Avoid memory leak when RSA-CRT is not enabled in build
2020-01-27 17:53:36 -05:00
Zachary J. Fields
96134effea
Update ChangeLog
2020-01-27 16:12:02 -06:00
Janos Follath
4c736fb6a8
Update Mbed Crypto SO version
...
The recent update changed the Mbed Crypto SO version, get Mbed TLS in
sync.
2020-01-27 16:37:14 +00:00