Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merge development 2.x into 3.0 (Apr 19) #4366

Merged
merged 65 commits into from
Apr 19, 2021
Merged

Merge development 2.x into 3.0 (Apr 19) #4366

merged 65 commits into from
Apr 19, 2021

Conversation

gilles-peskine-arm
Copy link
Contributor

Update development_2.x in development_3.0. Includes #4318 which fixes an issue whereby #4174 + #4344 breaks the CI.

TRodziewicz and others added 30 commits March 4, 2021 18:19
@TRodziewicz
Fix EC J-PAKE failing when the payload is all-bits-zero
9edff74 
Fix function mbedtls_ecp_mul_shortcuts() to skip multiplication when m
is 0 and simply assignt 0 to R. Additionally fix ecjpake_zkp_read() to
return MBEDTLS_ERR_ECP_INVALID_KEY when the above condintion is met.

Fix Mbed-TLS#1792

Signed-off-by: TRodziewicz <[email protected]>
@tomasz-rodziewicz-mobica
ecjpake_zkp_read() now returns ...BAD_INPUT_DATA when r len == 0 and …
782a7ea 
…test follows that

Signed-off-by: TRodziewicz <[email protected]>
@mstarzyk-mobica
Allow changelog entries to have URLs exceeding 80 char limit.
6e47055 
Signed-off-by: Mateusz Starzyk <[email protected]>
@mstarzyk-mobica
Compile URL matching regex before using it in the loop.
9ee8166 
Signed-off-by: Mateusz Starzyk <[email protected]>
@mstarzyk-mobica
Use raw string + binary matching for URL regex.
c8f4489 
Long URLs are allowed only if they are alone on their lines.

Signed-off-by: Mateusz Starzyk <[email protected]>
@mstarzyk-mobica
Move URL matching regex to method definition.
5172605 
Signed-off-by: Mateusz Starzyk <[email protected]>
@mstarzyk-mobica
Move URL regexes to class scope.
3cfed58 
Refer to URL regexes by 'self' argument.

Signed-off-by: Mateusz Starzyk <[email protected]>
@mstarzyk-mobica
Fix error message for long lines with URLs.
9b31ad6 
Fix typo.
Remove line break in string's code formatting, to enable
searching the code for particular string.

Signed-off-by: Mateusz Starzyk <[email protected]>
@ronald-cron-arm
psa: hash: Fix is_hash_accelerated signature
56c9a94 
Signed-off-by: Ronald Cron <[email protected]>
@ronald-cron-arm
psa: include: Fix comments
e31fd11 
Signed-off-by: Ronald Cron <[email protected]>
@ronald-cron-arm
psa: include: Merge crypto_builtin_hash.h and crypto_builtin_cipher.h
06c84ca 
Signed-off-by: Ronald Cron <[email protected]>
@ronald-cron-arm
psa: include: Clarify scope of crypto_builtin/driver_contexts.h
dd3b539 
Signed-off-by: Ronald Cron <[email protected]>
@ronald-cron-arm
psa: include: Update and improve multipart-op struct design notes
980230e 
Signed-off-by: Ronald Cron <[email protected]>
@gilles-peskine-arm
Add a few unit tests for mbedtls_mpi_read_string with leading zeros
b13a26c 
Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
Fix and simplify sign handling in mbedtls_mpi_read_string
80f5673 
Move the handling of the sign out of the base-specific loops. This
both simplifies the code, and corrects an edge case: the code in the
non-hexadecimal case depended on mbedtls_mpi_mul_int() preserving the
sign bit when multiplying a "negative zero" MPI by an integer, which
used to be the case but stopped with PR Mbed-TLS#2512.

Fix Mbed-TLS#4295. Thanks to Guido Vranken for analyzing the cause of the bug.
Credit to OSS-Fuzz.

Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
Unit test function for mbedtls_ecp_muladd
ca91ee4 
Write a simple unit test for mbedtls_ecp_muladd().

Add just one pair of test cases. Mbed-TLS#2 fails since PR Mbed-TLS#3512. Thanks to
Philippe Antoine (catenacyber) for the test case, found by ecfuzzer.

Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
Create a header file for ECP internal functions
80ba850 
This header file will contain declarations of functions that are not
part of the public ABI/API, and must not be called from other modules,
but can be called from unit tests.

Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
Add unit tests for fix_negative
618be2e 
Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
Fix an incorrect comment about fix_negative
349b372 
We're subtracting multiples of 2^bits, not 2^(bits+32).

Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
Fix low-probability arithmetic error in ECC
ff6a32d 
Fix the subtraction in fix_negative, which was incorrectly not looking
for a carry. This caused the result to be wrong when the least
significant limb of N was 0. Fix Mbed-TLS#4296.

The bug was introduced by d10e8fa
"Optimize fix_negative". Thanks to Philippe Antoine (catenacyber) for
reporting the bug which was found by his EC differential fuzzer.
Credit to OSS-Fuzz.

Signed-off-by: Gilles Peskine <[email protected]>
@ronald-cron-arm
psa: Export "internally" mbedtls_cipher_info_from_psa
93d356c 
Export "internally" mbedtls_cipher_info_from_psa to be
able to use it in psa_crypto_cipher.c.

Signed-off-by: Ronald Cron <[email protected]>
@ronald-cron-arm
psa: aead: Fix status initialization
004f917 
Signed-off-by: Ronald Cron <[email protected]>
@ronald-cron-arm
psa: aead: Move key resolution
197c2fd 
As we want to do Mbed TLS aead operations as a
driver does, aead operations should not access
the key slot as key slots are not available to
drivers.

First step in this PR: move key resolution from
aead operation setup to psa_aead_encrypt/decrypt
APIs.

Signed-off-by: Ronald Cron <[email protected]>
@ronald-cron-arm
psa: aead: Isolate key slot unlock from operation abort
7dbd800 
As we want to do Mbed TLS aead operations as a
driver does, aead operations should not access
the key slot as key slots are not available to
drivers.

Second step in this PR: do not unlock the key slot
as part of operation abort.

Signed-off-by: Ronald Cron <[email protected]>
@tomasz-rodziewicz-mobica
Fix the Changelog and extend tests to cover the hash of all-bits zero
5feb670 
Signed-off-by: TRodziewicz <[email protected]>
@tomasz-rodziewicz-mobica
Remove trailing spaces
20ad475 
Signed-off-by: TRodziewicz <[email protected]>
@ronald-cron-arm
psa: aead: Remove key slot from operation context
9f31017 
Signed-off-by: Ronald Cron <[email protected]>
@ronald-cron-arm
psa: aead: Implement aead operations as a driver entry point
215633c 
Signed-off-by: Ronald Cron <[email protected]>
@ronald-cron-arm
psa: Add psa_crypto_aead.[hc]
7ceee8d 
Signed-off-by: Ronald Cron <[email protected]>
@ronald-cron-arm
psa: aead: Move AEAD driver entry points to psa_crypto_aead.c
46f9178 
Signed-off-by: Ronald Cron <[email protected]>
gilles-peskine-arm and others added 18 commits April 9, 2021 16:46
@gilles-peskine-arm
Merge pull request Mbed-TLS#4297 from gilles-peskine-arm/ecp-add-fix-…
9a1c092 
…202104

Fix ECP arithmetic bug and read of zero-padded negative number
@gilles-peskine-arm
mbedtls_mpi_read_string("-0") no longer produces a "negative zero"
fd4fab0 
Signed-off-by: Gilles Peskine <[email protected]>
@gilles-peskine-arm
Explain the problem in more concrete terms
8f28c24 
Don't try to make the reader guess what a “negative zero” might mean.

Signed-off-by: Gilles Peskine <[email protected]>
@tomasz-rodziewicz-mobica
Remove deprecated things from hashing modules
c75d9f5 
Signed-off-by: TRodziewicz <[email protected]>
@tomasz-rodziewicz-mobica
fix error.c - now it's autogenerated
48f6d0d 
Signed-off-by: TRodziewicz <[email protected]>
@tomasz-rodziewicz-mobica
fix error.c - second try
9a86843 
Signed-off-by: TRodziewicz <[email protected]>
@tomasz-rodziewicz-mobica
Changelog added
0961e3d 
Signed-off-by: TRodziewicz <[email protected]>
@mpg
Merge pull request Mbed-TLS#4323 from gilles-peskine-arm/ecp-add-fix-…
528b0a6 
…changelog-development

Changelog entry for mbedtls_mpi_read_string("-0")
@gilles-peskine-arm
Merge pull request Mbed-TLS#4257 from ronald-cron-arm/psa-aead
09c916a 
Add PSA crypto driver delegation for AEAD single shot PSA APIs - 1
@mpg
Merge pull request Mbed-TLS#4334 from TRodziewicz/origin/remove_old_f…
c039514 
…unc_from_hashing

Remove deprecated things from hashing modules
@gilles-peskine-arm
Merge pull request Mbed-TLS#4253 from mstarzyk-mobica/long_url_in_cha…
9013489 
…ngelog_entry

Allow changelog entries to have URLs exceeding 80 char limit.
@mpg
Revert "Changelog added"
247745f 
This reverts commit 0961e3d.

This was merged by mistake in development instead of development_3.0.

Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
@mpg
Revert "fix error.c - second try"
30dcdf4 
This reverts commit 9a86843.

This was merged by mistake in development instead of development_3.0.

Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
@mpg
Revert "fix error.c - now it's autogenerated"
1492111 
This reverts commit 48f6d0d.

This was merged by mistake in development instead of development_3.0.

Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
@mpg
Revert "Remove deprecated things from hashing modules"
93c0847 
This reverts commit c75d9f5.

This was merged by mistake in development instead of development_3.0.

Signed-off-by: Manuel Pégourié-Gonnard <[email protected]>
@yanesca
Merge pull request Mbed-TLS#4348 from mpg/revert-4334-dev
cbcefae 
Revert 4334 from development
@mpg
Merge pull request Mbed-TLS#4199 from TRodziewicz/mul_shortcut_fix
0bbb38c 
Fix ECDSA failing when the hash is all-bits-zero
@gilles-peskine-arm
Merge branch 'development' into development_3.0
ee25913 
Conflicts:
* visualc/VS2010/mbedTLS.vcxproj: resolved by re-generating the file
  with scripts/generate_visualc_files.pl.
@gilles-peskine-arm gilles-peskine-arm added needs-review Every commit must be reviewed by at least two team members, mbedtls-3 needs-reviewer This PR needs someone to pick it up for review labels Apr 19, 2021
@gilles-peskine-arm gilles-peskine-arm mentioned this pull request Apr 19, 2021
Merged
3 tasks
mpg
mpg approved these changes Apr 19, 2021
View reviewed changes
Copy link
Contributor

@mpg mpg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I checked the parents of the merge commit:

Then I did the merge myself, got the same conflict as noted in the commit message, also resolved it by re-generating the file, and got the same result as this PR.

@mpg mpg merged commit 1cc91e7 into Mbed-TLS:development_3.0 Apr 19, 2021
@bensze01 bensze01 mentioned this pull request Apr 19, 2021
Merged
daverodgman pushed a commit that referenced this pull request Apr 23, 2021
@mpg
Merge pull request #4366 from gilles-peskine-arm/development_3.0-merg…
bd3518d 
…e_2.x-20210419

Merge development 2.x into 3.0 (Apr 19)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mpg mpg mpg approved these changes

Assignees
No one assigned
Labels
needs-review Every commit must be reviewed by at least two team members, needs-reviewer This PR needs someone to pick it up for review
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
9 participants
@gilles-peskine-arm @mpg @TRodziewicz @tomasz-rodziewicz-mobica @mstarzyk-mobica @ronald-cron-arm @stevew817 @bensze01 @yanesca