Skip to content

Test merge of development and TLS PR 2028 #73

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 79 commits into from
Feb 27, 2019
Merged

Test merge of development and TLS PR 2028 #73

merged 79 commits into from
Feb 27, 2019

Conversation

Patater
Copy link
Contributor

@Patater Patater commented Feb 27, 2019
edited
Loading

For testing:

Merge the current Mbed TLS development branch.

Merge Mbed-TLS/mbedtls#2028

If testing goes well, we'll push this already reviewed and tested code from Mbed TLS into Mbed Crypto development, as Mbed TLS requires the new function mbedtls_asn1_write_named_bitstring() present in the crypto submodule in order to pass their tests and be able to merge Mbed-TLS/mbedtls#2028 into Mbed TLS development.

Andres Amaya Garcia and others added 30 commits January 16, 2019 10:35
Add new function mbedtls_asn1_write_named_bitstring()
ec6329f 
Add a new function mbedtls_asn1_write_named_bitstring() that removes
trailing 0s at the end of DER encoded bitstrings. The function is
implemented according to Hanno Becker's suggestions.

This commit also changes the functions x509write_crt_set_ns_cert_type
and crt_set_key_usage to call the new function as the use named
bitstrings instead of the regular bitstrings.
Add tests for (named) bitstring to suite_asn1write
5d26163
Improve docs for named bitstrings and their usage
88bf1b3
Add ChangeLog entry for unused bits in bitstrings
8761d92
@k-stachowiak
Reduce the timing tests complexity
21daa3c
@k-stachowiak
Improve wording in the ChangeLog
f4ab6b2
@pkolbus
all.sh: Fix check_headers_in_cpp
1bc1a4c 
When all.sh invokes check_headers_in_cpp, a backup config.h exists. This
causes a stray difference vs cpp_dummy_build.cpp. Fix by only collecting
the *.h files in include/mbedtls.

Change-Id: Ifd415027e856858579a6699538f06fc49c793570
@pkolbus
Add ChangeLog entry
995d5c1
@k-stachowiak
Apply imperative style in the changelog entry
c5a4a13
@k-stachowiak
Correct code formatting in the timing test suites
a1dc911
Query config through ssl_server2 and ssl_client2 cmdline
bc81884
ssl-opt: Use ssl_server2 to query config instead of grep and sed
3169dc0
query_config.c: remove duplicated inc of platform.h
3b2f9d3
Script generation of query_config.c file
88121a9
Add gen_query_config.pl to check-gen-files and bump_version
4c981a0
Add ChangeLog entries
aabe52f
Update programs/ssl/CMakeLists.txt with query_config.c dep
bb92364
Fix typo in quenerate_query_config.pl comment
109f8b6
Ensure query_config.c includes stdio only when needed
4581486
Create programs/test/query_compile_time_config app
509ba69
Fix aligment in programs/test/query_compile_time_config.c
08457ce
Fix multiple stdio.h inclusion in query_config.c
2fdc2c2
Fix GCC 0-length printf format string error
5aca555
Improve comments in query_config.fmt
c28da7e
Improve cmake inclusion of query_config.c when building apps
cb9c015
Fix missing include in vs proj files for query programs
c84a65d
Fix query_config macro expansion for windows
5bc6e92
Fix query_config macro expansion for windows
27b3372
Exclude macros from query_config.c generation
ef672f0
Update query_config.c with new macros
8645f73
Hanno Becker and others added 25 commits February 18, 2019 16:42
Implement ClientKeyExchange writing in PSA-based ECDHE suites
4a63ed4 
- Populate the ECDH private key slot with a fresh private EC key
  designated for the correct algorithm.
- Export the public part of the ECDH private key from PSA and
  reformat it to suite the format of the ClientKeyExchange message.
- Perform the PSA-based ECDH key agreement and store the result
  as the premaster secret for the connection.
Make variable in ssl_write_client_key_exchange() more descriptive
c14a3bb
Add debugging output to confirm that PSA was used for ECDHE
0a94a64
Add ssl-opt.sh tests for PSA-based ECDH with various ECC curves
354e248
Regenerate VisualStudio project file
3b7c4a0
Regenerate VS2010 project file
4af484e
Grep for debug output witnessing use of PSA in ECDHE ssl-opt.sh
28f7844
Define maximum EC public key length depending on enabled curves
135baef
Fix ChangeLog entry to correct release version
e254f85
@Patater
Initialize PSA Crypto operation contexts
3497323 
It is now required to initialize PSA Crypto operation contexts before
calling psa_*_setup(). Otherwise, one gets a PSA_ERROR_BAD_STATE error.
Forbid setting MBEDTLS_ECP_RESTARTABLE and MBEDTLS_USE_PSA_CRYPTO_C
1ce51e4 
Restartable ECC isn't supported in PSA yet.
Disable restartable ECC in full config PSA test in all.sh
241b524
@Patater
Merge remote-tracking branch 'origin/pr/2383' into development
0ae63f7
@Patater
Merge remote-tracking branch 'origin/pr/2407' into development
d9516b5
@Patater
Merge remote-tracking branch 'origin/pr/2411' into development
8963b03
@Patater
Merge remote-tracking branch 'origin/pr/2391' into development
9f47f82
@Patater
Merge remote-tracking branch 'origin/pr/2454' into development
461bd3d
@Patater
Merge remote-tracking branch 'origin/pr/2105' into development
415620c 
Additional work done as part of merge:
    - Run ./tests/scripts/check-generated-files.sh and check in the
      resulting changes to programs/ssl/query_config.c
@Patater
crypto: Update submodule to Mbed Crypto 1.0.0d6
caca307
Fix typo in check_config.h
85fd913
@Patater
Merge remote-tracking branch 'origin/pr/2460' into development
d247762
@Patater
Merge remote-tracking branch 'origin/pr/2427' into development
e895342
@Patater
Merge remote-tracking branch 'origin/pr/2338' into development
86016a0
@Patater
Merge remote-tracking branch 'tls/development' into development
a9d6ba2 
Additional work done as part of merge:
    - Run ./tests/scripts/check-generated-files.sh and check in the
      resulting changes to programs/ssl/query_config.c
@Patater
Merge remote-tracking branch 'tls/pr/2028' into development
a78c958
@Patater Patater added the DO NOT MERGE The PR is not intended to be merged (yet). Usually used for a review of worked in progress. label Feb 27, 2019
@Patater Patater changed the title Dev/patater/dev 2028 merge Test merge of development and TLS PR 2028 Feb 27, 2019
@Patater Patater merged commit a78c958 into development Feb 27, 2019
@Patater
Copy link
Contributor Author

Patater commented Feb 27, 2019

Testing went well. Manually pushed to development branch. Code landing was already reviewed by TLS team (coming from the TLS development branch) and additionally in Mbed-TLS/mbedtls#2028 (for the code from there)

gilles-peskine-arm pushed a commit to gilles-peskine-arm/mbed-crypto that referenced this pull request May 22, 2019
@mpg
Clarify documentation for directly-trusted certs
3a13084 
The fact that self-signed end-entity certs can be explicitly trusted by
putting them in the CA list even if they don't have the CA bit was not
documented though it's intentional, and tested by "Certificate verification ARMmbed#73
(selfsigned trusted without CA bit)" in test_suite_x509parse.data

It is unclear to me whether the restriction that explicitly trusted end-entity
certs must be self-signed is a good one. However, it seems intentional as it is
tested in tests ARMmbed#42 and ARMmbed#43, so I'm not touching it for now.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
DO NOT MERGE The PR is not intended to be merged (yet). Usually used for a review of worked in progress.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
5 participants
@Patater @k-stachowiak @pkolbus @AndrzejKurek @mpg