Andrzej Kurek
70737ca827
ssl_tls: add key destruction upon generator failure
2019-01-28 07:49:56 -05:00
Andrzej Kurek
c929a82a6b
Implement tls_prf_generic using the PSA API
2019-01-28 07:49:56 -05:00
Jaeden Amero
7b9575c654
Merge remote-tracking branch 'origin/pr/2376' into development-psa
...
Resolve conflict in updating crypto submodule by manually pointing the
submodule to 2169a5e54d
("PSA: Adapt pk.c, pk_wrap.c, cipher.c to new
key policy init API").
2019-01-28 12:28:49 +00:00
Andrzej Kurek
5615dabeef
ssl_tls: remove line breaks from a debug message
2019-01-28 07:04:19 -05:00
Andrzej Kurek
e85414edd0
ssl-opt: add a check for PSA computation of digest of ServerKeyExchange
2019-01-28 07:04:19 -05:00
Andrzej Kurek
814feffd15
Whitespace, logging and documentation fixes
...
Introduce a psa_status_t status to handle return values.
Add a debug message with API usage description.
2019-01-28 07:04:19 -05:00
Andrzej Kurek
d6db9be598
Adapt mbedtls_ssl_get_key_exchange_md_tls1_2 to PSA hashing
2019-01-28 07:04:19 -05:00
Hanno Becker
af01b4b387
Update crypto submodule to sibling commit
2019-01-28 11:47:25 +00:00
Hanno Becker
a98511164f
Adapt ecdsa_verify_wrap() to new EC public key format
...
Previously, PSA used SubjectPublicKeyInfo structures to serialize EC public keys.
This has recently been changed to using ECPoint structures instead, but the wrapper
making PSA ECDSA verification available through Mbed TLS' PK API hasn't yet been
adapted accordingly - which is what this commit does.
Luckily, Mbed TLS' PK API offers two functions mbedtls_pk_write_pubkey()
and mbedtls_pk_write_pubkey_der(), the latter exporting a SubjectPublicKeyInfo
structure and the former exporting an ECPoint structure in case of EC public
keys. For the adaptation of the ECDSA wrapper ecdsa_verify_wrap() it is therefore
sufficient to use mbedtls_pk_write_pubkey() instead of mbedtls_pk_write_pubkey_der().
2019-01-28 11:45:19 +00:00
Hanno Becker
2192c27720
Update crypto submodule to sibling PR
2019-01-25 15:18:46 +00:00
Hanno Becker
f99c2ec9d7
PSA: Adapt pk.c, pk_wrap.c, cipher.c to new key policy init API
2019-01-25 14:36:07 +00:00
Hanno Becker
e34f636f8d
PSA: Adapt cipher.c, pk.c, pk_wrap.c to new key slot allocation API
2019-01-25 14:31:06 +00:00
Hanno Becker
32809e8c70
PSA: Adapt ssl_server2 to modified key allocation API
2019-01-25 14:31:00 +00:00
Hanno Becker
9bd8842c77
PSA: Adapt ssl_server2 to hew key policy initialization API
2019-01-25 14:27:01 +00:00
Hanno Becker
1387124c89
PSA: Adapt ssl_client2 to new key policy initialization API
2019-01-25 14:26:26 +00:00
Hanno Becker
37519ea5f8
PSA: Adapt ssl_client2 to modified key slot allocation API
2019-01-25 14:26:01 +00:00
Hanno Becker
8d865dfe37
PSA: Adapt PK test suite to new key policy initialization API
2019-01-25 14:25:16 +00:00
Hanno Becker
353295ac70
PSA: Adapt PK test suite to modified key slot allocation mechanism
2019-01-25 14:25:00 +00:00
Hanno Becker
4a2949ba29
Update crypto submodule
...
Includes PRs #6 , #18 , #19 .
2019-01-25 14:23:06 +00:00
Andrzej Kurek
4b5686537f
Update crypto version to use new key allocation
2019-01-25 03:16:49 -05:00
Andrzej Kurek
4687ea0271
Revert .gitmodules update - point back to development
2019-01-25 03:15:37 -05:00
Antonin Décimo
36e89b5b71
Fix #2370 , minor typos and spelling mistakes
2019-01-24 10:37:40 +01:00
Andrzej Kurek
dae1768de7
Update .gitmodules file to point to a sibling branch in mbed-crypto
2019-01-23 06:38:45 -05:00
Simon Butcher
8e763329ad
Merge remote-tracking branch 'public/pr/2040' into development
2019-01-23 10:28:25 +01:00
Simon Butcher
442ca5710b
Merge remote-tracking branch 'public/pr/1375' into development
2019-01-23 10:27:05 +01:00
Simon Butcher
a3c821d143
Merge remote-tracking branch 'public/pr/2319' into development
2019-01-23 10:21:05 +01:00
Simon Butcher
38cb940692
Merge remote-tracking branch 'public/pr/2231' into development
2019-01-23 10:20:08 +01:00
Simon Butcher
0999ca3063
Merge remote-tracking branch 'public/pr/2326' into development
2019-01-23 10:19:25 +01:00
Simon Butcher
d4e327c4ff
Merge remote-tracking branch 'public/pr/2345' into development
2019-01-23 10:14:52 +01:00
Simon Butcher
d253bb49e7
Merge remote-tracking branch 'public/pr/2352' into development-psa
2019-01-23 09:43:50 +01:00
Andrzej Kurek
c847d9ff8d
Change PSA submodule url
2019-01-22 07:13:10 -05:00
Andrzej Kurek
7deba18576
Remove unnecessary "#" sign from PSA macros
2019-01-22 06:29:45 -05:00
Jeffrey Martin
801217e057
update ChangLog credit
...
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-16 09:25:36 -06:00
Jeffrey Martin
d20a0e2d9f
update ChangLog per comments
...
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-15 09:01:31 -06:00
Andrzej Kurek
e57c1ea80a
Switch to the public crypto submodule url
2019-01-15 09:52:56 -05:00
Andrzej Kurek
c0a1be08a0
Fix indentation of documentation
2019-01-15 03:33:35 -05:00
Jeffrey Martin
d25fd8d4c9
MIPS register hints without $
for compatibility
...
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-14 18:01:40 -06:00
Jeffrey Martin
a661be3593
Add fix of #1722 to ChangLog
...
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-14 16:40:59 -06:00
Jeffrey Martin
2f70e4b2f9
add hints for mips registers that may need restore
...
Signed-off-by: Jeffrey Martin <Jeffrey_Martin@rapid7.com>
2019-01-14 16:40:18 -06:00
Andrzej Kurek
62594a8b12
pk_wrap: pass curve size instead of a larger size of the exported key
...
Whitespace fixes
2019-01-14 05:14:18 -05:00
Andrzej Kurek
93a38a3101
pk: wrap curve_id before passing it to PSA
...
Add a helper function in PSA utils
2019-01-14 05:09:46 -05:00
Andrzej Kurek
a62a58ece5
cipher: fixed key ownership scope
...
Indicate key ownership earlier, so that it gets destroyed on faulty policy setting.
2019-01-14 05:01:28 -05:00
Gilles Peskine
69f190e8dd
Rename test_memcheck to test_valgrind
...
Valgrind is what it does. `memcheck` is how it's implemented.
2019-01-10 18:29:15 +01:00
Gilles Peskine
a28db923d9
Support wildcard patterns with a positive list of components to run
...
Wildcard patterns now work with command line COMPONENT arguments
without --except as well as with. You can now run e.g.
`all.sh "check_*` to run all the sanity checks.
2019-01-10 18:29:15 +01:00
Gilles Peskine
53190e6160
Delete $OUT_OF_SOURCE_DIR under --force
...
The deletion of "$OUT_OF_SOURCE_DIR" had mistakenly been lumped
together with Yotta and then removed when Yotta support was removed.
Bring it back.
2019-01-10 18:29:15 +01:00
Gilles Peskine
d1174cf015
Fix sometimes-spurious warning about changed config.h
...
After backing up and restoring config.h, `git diff-files` may report
it as potentially-changed because it isn't sure whether the index is
up to date. Use `git diff` instead: it actually reads the file.
2019-01-10 18:29:15 +01:00
Gilles Peskine
c70637a5f0
all.sh: Update the maintainer documentation
2019-01-10 18:29:12 +01:00
Gilles Peskine
cc9f0b956e
Merge the code to call output_env.sh into pre_check_tools
...
It's all about tool detection.
2019-01-10 18:27:38 +01:00
Gilles Peskine
879642663a
all.sh: only check tools that are going to be used
...
Don't require openssl, mingw, etc. if we aren't going to run a
component that uses them.
2019-01-10 18:27:38 +01:00
Gilles Peskine
5331c6e0b1
all.sh: only look for armcc if it is used
...
Only look for armcc if component_build_armcc is to be executed,
instead of requiring the option --no-armcc.
You can still pass --no-armcc, but it's no longer required when
listing components to run. With no list of components or an exclude
list on the command line, --no-armcc is equivalent to having
build_armcc in the exclude list.
2019-01-10 18:27:38 +01:00