Hanno Becker
a98511164f
Adapt ecdsa_verify_wrap() to new EC public key format
...
Previously, PSA used SubjectPublicKeyInfo structures to serialize EC public keys.
This has recently been changed to using ECPoint structures instead, but the wrapper
making PSA ECDSA verification available through Mbed TLS' PK API hasn't yet been
adapted accordingly - which is what this commit does.
Luckily, Mbed TLS' PK API offers two functions mbedtls_pk_write_pubkey()
and mbedtls_pk_write_pubkey_der(), the latter exporting a SubjectPublicKeyInfo
structure and the former exporting an ECPoint structure in case of EC public
keys. For the adaptation of the ECDSA wrapper ecdsa_verify_wrap() it is therefore
sufficient to use mbedtls_pk_write_pubkey() instead of mbedtls_pk_write_pubkey_der().
2019-01-28 11:45:19 +00:00
Manuel Pégourié-Gonnard
430a66f19a
Fix backwards config dependency on oid.c
...
The file oid.c had conditional inclusion of functions based on a config.h
define that belongs to X.509, which is backwards. For now, just include those
functions unconditionally and rely on the linker to garbage-collect them if
not used.
In the longer term X.509-specific functions are likely to be removed from
libmbedcrypto, but at this step the goal is to preserve the API (and even ABI)
of libmbedcrypto for as long as possible while separating the source trees of
Mbed Crypto and Mbed TLS.
2019-01-28 10:31:39 +01:00
Manuel Pégourié-Gonnard
c49ada41d4
Fix backwards include of x509.h in oid.h
...
As agreed during the workshop, temporarily move definitions to oid.h even if
they might not semantically belong here, as a short-term measure allowing to
build libmbecrypto on its own (without X.509 files present in the source tree)
but still provide all the things Mbed TLS currently expects, and more
specifically preserve the API and ABI exposed by libmbedtls.
2019-01-28 09:26:19 +01:00
Hanno Becker
2192c27720
Update crypto submodule to sibling PR
2019-01-25 15:18:46 +00:00
Hanno Becker
f99c2ec9d7
PSA: Adapt pk.c, pk_wrap.c, cipher.c to new key policy init API
2019-01-25 14:36:07 +00:00
Hanno Becker
e34f636f8d
PSA: Adapt cipher.c, pk.c, pk_wrap.c to new key slot allocation API
2019-01-25 14:31:06 +00:00
Hanno Becker
32809e8c70
PSA: Adapt ssl_server2 to modified key allocation API
2019-01-25 14:31:00 +00:00
Hanno Becker
9bd8842c77
PSA: Adapt ssl_server2 to hew key policy initialization API
2019-01-25 14:27:01 +00:00
Hanno Becker
1387124c89
PSA: Adapt ssl_client2 to new key policy initialization API
2019-01-25 14:26:26 +00:00
Hanno Becker
37519ea5f8
PSA: Adapt ssl_client2 to modified key slot allocation API
2019-01-25 14:26:01 +00:00
Hanno Becker
8d865dfe37
PSA: Adapt PK test suite to new key policy initialization API
2019-01-25 14:25:16 +00:00
Hanno Becker
353295ac70
PSA: Adapt PK test suite to modified key slot allocation mechanism
2019-01-25 14:25:00 +00:00
Hanno Becker
4a2949ba29
Update crypto submodule
...
Includes PRs #6 , #18 , #19 .
2019-01-25 14:23:06 +00:00
Andrzej Kurek
4b5686537f
Update crypto version to use new key allocation
2019-01-25 03:16:49 -05:00
Andrzej Kurek
4687ea0271
Revert .gitmodules update - point back to development
2019-01-25 03:15:37 -05:00
Antonin Décimo
36e89b5b71
Fix #2370 , minor typos and spelling mistakes
2019-01-24 10:37:40 +01:00
Andrzej Kurek
dae1768de7
Update .gitmodules file to point to a sibling branch in mbed-crypto
2019-01-23 06:38:45 -05:00
Simon Butcher
8e763329ad
Merge remote-tracking branch 'public/pr/2040' into development
2019-01-23 10:28:25 +01:00
Simon Butcher
442ca5710b
Merge remote-tracking branch 'public/pr/1375' into development
2019-01-23 10:27:05 +01:00
Simon Butcher
a3c821d143
Merge remote-tracking branch 'public/pr/2319' into development
2019-01-23 10:21:05 +01:00
Simon Butcher
38cb940692
Merge remote-tracking branch 'public/pr/2231' into development
2019-01-23 10:20:08 +01:00
Simon Butcher
0999ca3063
Merge remote-tracking branch 'public/pr/2326' into development
2019-01-23 10:19:25 +01:00
Simon Butcher
d4e327c4ff
Merge remote-tracking branch 'public/pr/2345' into development
2019-01-23 10:14:52 +01:00
Simon Butcher
d253bb49e7
Merge remote-tracking branch 'public/pr/2352' into development-psa
2019-01-23 09:43:50 +01:00
Andrzej Kurek
c847d9ff8d
Change PSA submodule url
2019-01-22 07:13:10 -05:00
Andrzej Kurek
7deba18576
Remove unnecessary "#" sign from PSA macros
2019-01-22 06:29:45 -05:00
Ron Eldor
574ac577b0
Specify server certificate to use in SHA-1 test
...
Specify the SHA-1 server certificate to use in the SHA-1 test,
because now the default certificates use SHA256 certificates.
2019-01-17 00:36:42 +02:00
ILUXONCHIK
acfee8eb04
refactor CA and SRV certificates into separate blocks
2019-01-17 00:35:40 +02:00
ILUXONCHIK
2bd7f99685
refactor SHA-1 certificate defintions and assignment
...
As per refactoring suggestion that I made in #1520 .
2019-01-17 00:32:36 +02:00
ILUXONCHIK
d94b3e7368
refactor server SHA-1 certificate definition into a new block
2019-01-17 00:29:18 +02:00
ILUXONCHIK
2f27790565
define TEST_SRV_CRT_RSA_SOME in similar logic to TEST_CA_CRT_RSA_SOME
2019-01-17 00:25:26 +02:00
ILUXONCHIK
914df7937d
server SHA-256 certificate now follows the same logic as CA SHA-256 certificate
2019-01-17 00:25:26 +02:00
ILUXONCHIK
4d7082288f
add entry to ChangeLog
2019-01-17 00:17:55 +02:00
Jeffrey Martin
801217e057
update ChangLog credit
...
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-16 09:25:36 -06:00
Jeffrey Martin
d20a0e2d9f
update ChangLog per comments
...
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-15 09:01:31 -06:00
Andrzej Kurek
e57c1ea80a
Switch to the public crypto submodule url
2019-01-15 09:52:56 -05:00
Andrzej Kurek
c0a1be08a0
Fix indentation of documentation
2019-01-15 03:33:35 -05:00
Jeffrey Martin
d25fd8d4c9
MIPS register hints without $
for compatibility
...
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-14 18:01:40 -06:00
Jeffrey Martin
a661be3593
Add fix of #1722 to ChangLog
...
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-14 16:40:59 -06:00
Jeffrey Martin
2f70e4b2f9
add hints for mips registers that may need restore
...
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-14 16:40:18 -06:00
Andrzej Kurek
62594a8b12
pk_wrap: pass curve size instead of a larger size of the exported key
...
Whitespace fixes
2019-01-14 05:14:18 -05:00
Andrzej Kurek
93a38a3101
pk: wrap curve_id before passing it to PSA
...
Add a helper function in PSA utils
2019-01-14 05:09:46 -05:00
Andrzej Kurek
a62a58ece5
cipher: fixed key ownership scope
...
Indicate key ownership earlier, so that it gets destroyed on faulty policy setting.
2019-01-14 05:01:28 -05:00
Gilles Peskine
69f190e8dd
Rename test_memcheck to test_valgrind
...
Valgrind is what it does. `memcheck` is how it's implemented.
2019-01-10 18:29:15 +01:00
Gilles Peskine
a28db923d9
Support wildcard patterns with a positive list of components to run
...
Wildcard patterns now work with command line COMPONENT arguments
without --except as well as with. You can now run e.g.
`all.sh "check_*` to run all the sanity checks.
2019-01-10 18:29:15 +01:00
Gilles Peskine
53190e6160
Delete $OUT_OF_SOURCE_DIR under --force
...
The deletion of "$OUT_OF_SOURCE_DIR" had mistakenly been lumped
together with Yotta and then removed when Yotta support was removed.
Bring it back.
2019-01-10 18:29:15 +01:00
Gilles Peskine
d1174cf015
Fix sometimes-spurious warning about changed config.h
...
After backing up and restoring config.h, `git diff-files` may report
it as potentially-changed because it isn't sure whether the index is
up to date. Use `git diff` instead: it actually reads the file.
2019-01-10 18:29:15 +01:00
Gilles Peskine
c70637a5f0
all.sh: Update the maintainer documentation
2019-01-10 18:29:12 +01:00
Gilles Peskine
cc9f0b956e
Merge the code to call output_env.sh into pre_check_tools
...
It's all about tool detection.
2019-01-10 18:27:38 +01:00
Gilles Peskine
879642663a
all.sh: only check tools that are going to be used
...
Don't require openssl, mingw, etc. if we aren't going to run a
component that uses them.
2019-01-10 18:27:38 +01:00