Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Misc suggestions #2

Open
wants to merge 10 commits into
base: development-pkcs7
Choose a base branch
from
Open

Misc suggestions #2

wants to merge 10 commits into from

Conversation

daxtens
Copy link
Collaborator

@daxtens daxtens commented Nov 25, 2020

Hi Nayna,

Just a few bits and pieces:

  • a fix to my fuzzer commit
  • some negative tests which I used to convince myself that there were no memory leaks
  • some suggestions about the tests and config that I found helpful to convince myself that the code worked under almost any configuration.

Kind regards,
Daniel

naynajain and others added 10 commits November 19, 2020 17:20
@naynajain
mbedtls: add support for pkcs7
2ca0c39 
PKCS7 signing format is used by OpenPOWER Key Management, which is
using mbedtls as its crypto library.

This patch adds the limited support of pkcs7 parser and verification
to the mbedtls. The limitations are:

* Only signed data is supported.
* CRLs are not currently handled.
* Single signer is supported.

Signed-off-by: Daniel Axtens <[email protected]>
Signed-off-by: Eric Richter <[email protected]>
Signed-off-by: Nayna Jain <[email protected]>
@naynajain
pkcs7: add support for signed data
c4a124a 
OpenSSL provides APIs to generate only the signted data
format PKCS7 i.e. without content type OID. This patch
adds support to parse the data correctly even if formatted
only as signed data.

Signed-off-by: Nayna Jain <[email protected]>
@daxtens @naynajain
pkcs7: build under CMake
175d487 
The patch updates CMakeLists.txt to include pkcs7.

Signed-off-by: Daniel Axtens <[email protected]>
@naynajain
mbedtls: add pkcs7 in generate_errors.pl
3c49d62 
This patch updates the generate_errors.pl to handle
PKCS7 code as well.

Signed-off-by: Nayna Jain <[email protected]>
@naynajain
mbedtls: updates features file for pkcs7
6e0d3fd 
This patch adds the updates generated by running generate_features.pl
for pkcs7.

Signed-off-by: Nayna Jain <[email protected]>
@naynajain
pkcs7: provide fuzz harness
289e266 
This allows for pkcs7 fuzz testing with OSS-Fuzz.

Signed-off-by: Daniel Axtens <[email protected]>
Signed-off-by: Nayna Jain <[email protected]>
@naynajain
mbedtls: add pkcs7 test data
1be4adf 
This commit adds the static test data generated by
commands from Makefile.

Signed-off-by: Nayna Jain <[email protected]>
@daxtens
fix up gitignore for fuzzpkcs7 binary
9648772 
Please apply this as a fixup to the commit that adds the fuzzpkcs7 binary.

Signed-off-by: Daniel Axtens <[email protected]>
@daxtens
some -ve tests
8075e62 
Signed-off-by: Daniel Axtens <[email protected]>
@daxtens
rework tests configs a bit
fd56577 
 - rather than having them all depend on pkcs7 in .data, we can have
   a dependnecy in .function

 - require sha256 and rsa always, almost all our tests require that
   and it was getting super verbose

 - mark tests that require SHA1 or SHA512 as they can be turned off

 - we need CRL as well as CRT support - check_config.h

 - as check_config requires CRT_PARSE_C, we don't need to depend on it
   in the tests

Signed-off-by: Daniel Axtens <[email protected]>
@daxtens daxtens changed the title For nayna Misc suggestions Nov 25, 2020
@naynajain naynajain force-pushed the development-pkcs7 branch 2 times, most recently from 7711c84 to 7aaa799 Compare December 14, 2020 23:05
@daxtens daxtens force-pushed the development-pkcs7 branch 2 times, most recently from ce7e6dc to fefdffa Compare December 15, 2020 03:20
nick-child-ibm pushed a commit to nick-child-ibm/mbedtls-1 that referenced this pull request May 25, 2021
@gilles-peskine-arm
Unit test function for mbedtls_ecp_muladd
ca91ee4 
Write a simple unit test for mbedtls_ecp_muladd().

Add just one pair of test cases. naynajain#2 fails since PR Mbed-TLS#3512. Thanks to
Philippe Antoine (catenacyber) for the test case, found by ecfuzzer.

Signed-off-by: Gilles Peskine <[email protected]>
@nick-child-ibm nick-child-ibm force-pushed the development-pkcs7 branch 2 times, most recently from 148281d to 634e305 Compare August 10, 2021 20:05
nick-child-ibm pushed a commit that referenced this pull request Feb 22, 2022
@minosgalanakis @davidhorstmann-arm
readme: Addressed review comments #2
0f2a46c 
Signed-off-by: Minos Galanakis <[email protected]>
Co-authored-by: davidhorstmann-arm <[email protected]>
nick-child-ibm pushed a commit that referenced this pull request Feb 22, 2022
@minosgalanakis
changelog: Addressed review comments #2
3a77949 
Signed-off-by: Minos Galanakis <[email protected]>
@nick-child-ibm nick-child-ibm force-pushed the development-pkcs7 branch 2 times, most recently from f3961df to e7480e8 Compare February 28, 2022 17:14
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@daxtens @naynajain