GithubHelp home page GithubHelp logo

Comments (12)

mpg avatar mpg commented on May 14, 2024

Thanks for your report! As it happens, the part in config.h is already fixed in an internal branch, but we missed the part in ecp.c.

from mbedtls.

aido avatar aido commented on May 14, 2024

A good test is to comment out all curves from config.h except one of the POLARSSL_ECP_DP_SECPxxxK1_ENABLED curves and then see how make check reacts.

from mbedtls.

mpg avatar mpg commented on May 14, 2024

Fixed for the next release. Thanks for the report!

from mbedtls.

aido avatar aido commented on May 14, 2024

Hi Manuel,

I am not sure if this issue is fully fixed yet.

The following (i.e. comment all but one curve) in config.h:

/**
 * \def POLARSSL_ECP_XXXX_ENABLED
 *
 * Enables specific curves within the Elliptic Curve module.
 * By default all supported curves are enabled.
 *
 * Comment macros to disable the curve and functions for it
 */
//#define POLARSSL_ECP_DP_SECP192R1_ENABLED
//#define POLARSSL_ECP_DP_SECP224R1_ENABLED
//#define POLARSSL_ECP_DP_SECP256R1_ENABLED
//#define POLARSSL_ECP_DP_SECP384R1_ENABLED
//#define POLARSSL_ECP_DP_SECP521R1_ENABLED
//#define POLARSSL_ECP_DP_SECP192K1_ENABLED
//#define POLARSSL_ECP_DP_SECP224K1_ENABLED
#define POLARSSL_ECP_DP_SECP256K1_ENABLED
//#define POLARSSL_ECP_DP_BP256R1_ENABLED
//#define POLARSSL_ECP_DP_BP384R1_ENABLED
//#define POLARSSL_ECP_DP_BP512R1_ENABLED
//#define POLARSSL_ECP_DP_M221_ENABLED  // Not implemented yet!
//#define POLARSSL_ECP_DP_M255_ENABLED
//#define POLARSSL_ECP_DP_M383_ENABLED  // Not implemented yet!
//#define POLARSSL_ECP_DP_M511_ENABLED  // Not implemented yet!

seems to cause the following tests to fail:

 - test_suite_x509parse
   X509 Certificate verification #52 (CA keyUsage valid) ............. FAILED
  x509_crt_parse_file( &crt, crt_file ) == 0
X509 Certificate verification #53 (CA keyUsage missing cRLSign) ... FAILED
  x509_crt_parse_file( &crt, crt_file ) == 0
X509 Certificate verification #54 (CA keyUsage missing cRLSign, no  FAILED
  x509_crt_parse_file( &crt, crt_file ) == 0
X509 Certificate verification #55 (CA keyUsage missing keyCertSign  FAILED
  x509_crt_parse_file( &crt, crt_file ) == 0
X509 Certificate verification #55 (CA keyUsage plain wrong) ....... FAILED
  x509_crt_parse_file( &crt, crt_file ) == 0
X509 crt extendedKeyUsage #1 (no extension, serverAuth) ........... FAILED
  x509_crt_parse_file( &crt, crt_file ) == 0
X509 crt extendedKeyUsage #2 (single value, present) .............. FAILED
  x509_crt_parse_file( &crt, crt_file ) == 0
X509 crt extendedKeyUsage #3 (single value, absent) ............... FAILED
  x509_crt_parse_file( &crt, crt_file ) == 0
X509 crt extendedKeyUsage #4 (two values, first) .................. FAILED
  x509_crt_parse_file( &crt, crt_file ) == 0
X509 crt extendedKeyUsage #5 (two values, second) ................. FAILED
  x509_crt_parse_file( &crt, crt_file ) == 0
X509 crt extendedKeyUsage #6 (two values, other) .................. FAILED
  x509_crt_parse_file( &crt, crt_file ) == 0
X509 crt extendedKeyUsage #7 (any, random) ........................ FAILED
  x509_crt_parse_file( &crt, crt_file ) == 0
FAILED (233 / 245 tests (42 skipped))
**** Failed ***************

 - test_suite_x509write
   Certificate Request check Server5 ECDSA, key_usage ................ FAILED
  pk_parse_keyfile( &key, key_file, NULL ) == 0
FAILED (14 / 15 tests (1 skipped))
**** Failed ***************

These were the only changes made to config.h.

from mbedtls.

mpg avatar mpg commented on May 14, 2024

You're right. I forgot to update the dependencies in the X.509 test suites when I "upgraded" the test certificates from secp192r1 to secp256r1 and secp384r1 a while ago. This will be fixed shortly.

As usual, thanks for letting us know.

from mbedtls.

mpg avatar mpg commented on May 14, 2024

Hum, actually this is not what I thought: I missed dependencies in test I added in 1.3.6. Anyway, fixing both issues (and checking for more) right now.

from mbedtls.

mpg avatar mpg commented on May 14, 2024

Ok, fixed for the next release.

When you're done tuning the config file for picocoin, feel free to send us a copy of the result: that way, we can add it to our sample configs which are tested automatically, in order to really make sure we don't break it again in the future :)

from mbedtls.

aido avatar aido commented on May 14, 2024

Great.

Out of curiosity, when is the next release planned?

from mbedtls.

pjbakker avatar pjbakker commented on May 14, 2024

Has just been released!

from mbedtls.

aido avatar aido commented on May 14, 2024

Hi Manuel,

Here's an optimised config.h as requested.

It throws a few warnings but other than that seems to work well.

ssl/ssl_client2.c:118:13: warning: ‘my_debug’ defined but not used [-Wunused-function]
ssl/ssl_client2.c:130:12: warning: ‘my_recv’ defined but not used [-Wunused-function]
ssl/ssl_client2.c:147:12: warning: ‘my_send’ defined but not used [-Wunused-function]
ssl/ssl_client2.c:168:12: warning: ‘my_verify’ defined but not used [-Wunused-function]
ssl/ssl_server2.c:143:13: warning: ‘my_debug’ defined but not used [-Wunused-function]
ssl/ssl_server2.c:155:12: warning: ‘my_recv’ defined but not used [-Wunused-function]
ssl/ssl_server2.c:172:12: warning: ‘my_send’ defined but not used [-Wunused-function]

from mbedtls.

mpg avatar mpg commented on May 14, 2024

Thanks! We'll fix the warnings and add your config to our list of reference configs that are automatically tested.

Btw, you may not need to compile the programs at all. This is a detail since it only affects the compile time of picocoin, but anyway. (I think replacing make with make lib && ( cd tests && make ) should do the trick.)

from mbedtls.

mpg avatar mpg commented on May 14, 2024

Hi Aido,

I just had a closer look at your config.h file and thought it could be further reduced, see aido/picocoin#1

I'm now going to integrate the result in our config file collection and fix the things that need to be fixed :)

from mbedtls.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.