mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2025-01-05 14:35:35 +00:00
Merge remote-tracking branch 'upstream-restricted/mbedtls-2.16-proposed' into mbedtls-2.16-restricted
This commit is contained in:
commit
6d079baba8
10
ChangeLog
10
ChangeLog
|
@ -33,6 +33,16 @@ Bugfix
|
||||||
* Enable Suite B with subset of ECP curves. Make sure the code compiles even
|
* Enable Suite B with subset of ECP curves. Make sure the code compiles even
|
||||||
if some curves are not defined. Fixes #1591 reported by dbedev.
|
if some curves are not defined. Fixes #1591 reported by dbedev.
|
||||||
* Fix misuse of signed arithmetic in the HAVEGE module. #2598
|
* Fix misuse of signed arithmetic in the HAVEGE module. #2598
|
||||||
|
* Update test certificates that were about to expire. Reported by
|
||||||
|
Bernhard M. Wiedemann in #2357.
|
||||||
|
* Fix the build on ARMv5TE in ARM mode to not use assembly instructions
|
||||||
|
that are only available in Thumb mode. Fix contributed by Aurelien Jarno
|
||||||
|
in #2169.
|
||||||
|
* Fix undefined memset(NULL) call in test_suite_nist_kw.
|
||||||
|
* Make NV seed test support MBEDTLS_ENTROPY_FORCE_SHA256.
|
||||||
|
* Fix propagation of restart contexts in restartable EC operations.
|
||||||
|
This could previously lead to segmentation faults in builds using an
|
||||||
|
address-sanitizer and enabling but not using MBEDTLS_ECP_RESTARTABLE.
|
||||||
|
|
||||||
Changes
|
Changes
|
||||||
* Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h
|
* Make it easier to define MBEDTLS_PARAM_FAILED as assert (which config.h
|
||||||
|
|
|
@ -642,7 +642,8 @@
|
||||||
"r6", "r7", "r8", "r9", "cc" \
|
"r6", "r7", "r8", "r9", "cc" \
|
||||||
);
|
);
|
||||||
|
|
||||||
#elif defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1)
|
#elif (__ARM_ARCH >= 6) && \
|
||||||
|
defined (__ARM_FEATURE_DSP) && (__ARM_FEATURE_DSP == 1)
|
||||||
|
|
||||||
#define MULADDC_INIT \
|
#define MULADDC_INIT \
|
||||||
asm(
|
asm(
|
||||||
|
|
|
@ -172,11 +172,11 @@ static void ecdsa_restart_det_free( mbedtls_ecdsa_restart_det_ctx *ctx )
|
||||||
}
|
}
|
||||||
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
#endif /* MBEDTLS_ECDSA_DETERMINISTIC */
|
||||||
|
|
||||||
#define ECDSA_RS_ECP &rs_ctx->ecp
|
#define ECDSA_RS_ECP ( rs_ctx == NULL ? NULL : &rs_ctx->ecp )
|
||||||
|
|
||||||
/* Utility macro for checking and updating ops budget */
|
/* Utility macro for checking and updating ops budget */
|
||||||
#define ECDSA_BUDGET( ops ) \
|
#define ECDSA_BUDGET( ops ) \
|
||||||
MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, &rs_ctx->ecp, ops ) );
|
MBEDTLS_MPI_CHK( mbedtls_ecp_check_budget( grp, ECDSA_RS_ECP, ops ) );
|
||||||
|
|
||||||
/* Call this when entering a function that needs its own sub-context */
|
/* Call this when entering a function that needs its own sub-context */
|
||||||
#define ECDSA_RS_ENTER( SUB ) do { \
|
#define ECDSA_RS_ENTER( SUB ) do { \
|
||||||
|
|
|
@ -216,14 +216,13 @@ filter_ciphersuites()
|
||||||
G_CIPHERS=$( filter "$G_CIPHERS" )
|
G_CIPHERS=$( filter "$G_CIPHERS" )
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# OpenSSL 1.0.1h doesn't support DTLS 1.2
|
# OpenSSL <1.0.2 doesn't support DTLS 1.2. Check what OpenSSL
|
||||||
if [ `minor_ver "$MODE"` -ge 3 ] && is_dtls "$MODE"; then
|
# supports from the s_server help. (The s_client help isn't
|
||||||
O_CIPHERS=""
|
# accurate as of 1.0.2g: it supports DTLS 1.2 but doesn't list it.
|
||||||
case "$PEER" in
|
# But the s_server help seems to be accurate.)
|
||||||
[Oo]pen*)
|
if ! $OPENSSL_CMD s_server -help 2>&1 | grep -q "^ *-$MODE "; then
|
||||||
M_CIPHERS=""
|
M_CIPHERS=""
|
||||||
;;
|
O_CIPHERS=""
|
||||||
esac
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# For GnuTLS client -> mbed TLS server,
|
# For GnuTLS client -> mbed TLS server,
|
||||||
|
|
|
@ -985,6 +985,26 @@ component_test_aes_fewer_tables_and_rom_tables () {
|
||||||
component_test_make_shared () {
|
component_test_make_shared () {
|
||||||
msg "build/test: make shared" # ~ 40s
|
msg "build/test: make shared" # ~ 40s
|
||||||
make SHARED=1 all check
|
make SHARED=1 all check
|
||||||
|
ldd programs/util/strerror | grep libmbedcrypto
|
||||||
|
}
|
||||||
|
|
||||||
|
component_test_cmake_shared () {
|
||||||
|
msg "build/test: cmake shared" # ~ 2min
|
||||||
|
cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On .
|
||||||
|
make
|
||||||
|
ldd programs/util/strerror | grep libmbedcrypto
|
||||||
|
make test
|
||||||
|
}
|
||||||
|
|
||||||
|
component_build_mbedtls_config_file () {
|
||||||
|
msg "build: make with MBEDTLS_CONFIG_FILE" # ~40s
|
||||||
|
# Use the full config so as to catch a maximum of places where
|
||||||
|
# the check of MBEDTLS_CONFIG_FILE might be missing.
|
||||||
|
scripts/config.pl full
|
||||||
|
sed 's!"check_config.h"!"mbedtls/check_config.h"!' <"$CONFIG_H" >full_config.h
|
||||||
|
echo '#error "MBEDTLS_CONFIG_FILE is not working"' >"$CONFIG_H"
|
||||||
|
make CFLAGS="-I '$PWD' -DMBEDTLS_CONFIG_FILE='\"full_config.h\"'"
|
||||||
|
rm -f full_config.h
|
||||||
}
|
}
|
||||||
|
|
||||||
component_test_m32_o0 () {
|
component_test_m32_o0 () {
|
||||||
|
@ -1097,6 +1117,17 @@ component_build_arm_none_eabi_gcc () {
|
||||||
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
|
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar LD=arm-none-eabi-ld CFLAGS='-Werror -Wall -Wextra' lib
|
||||||
}
|
}
|
||||||
|
|
||||||
|
component_build_arm_none_eabi_gcc_arm5vte () {
|
||||||
|
msg "build: arm-none-eabi-gcc -march=arm5vte, make" # ~ 10s
|
||||||
|
scripts/config.pl baremetal
|
||||||
|
# Build for a target platform that's close to what Debian uses
|
||||||
|
# for its "armel" distribution (https://wiki.debian.org/ArmEabiPort).
|
||||||
|
# See https://github.com/ARMmbed/mbedtls/pull/2169 and comments.
|
||||||
|
# It would be better to build with arm-linux-gnueabi-gcc but
|
||||||
|
# we don't have that on our CI at this time.
|
||||||
|
make CC=arm-none-eabi-gcc AR=arm-none-eabi-ar CFLAGS='-Werror -Wall -Wextra -march=armv5te -O1' LDFLAGS='-march=armv5te' SHELL='sh -x' lib
|
||||||
|
}
|
||||||
|
|
||||||
component_build_arm_none_eabi_gcc_no_udbl_division () {
|
component_build_arm_none_eabi_gcc_no_udbl_division () {
|
||||||
msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
|
msg "build: arm-none-eabi-gcc -DMBEDTLS_NO_UDBL_DIVISION, make" # ~ 10s
|
||||||
scripts/config.pl baremetal
|
scripts/config.pl baremetal
|
||||||
|
|
|
@ -301,11 +301,24 @@ void entropy_nv_seed_std_io( )
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT:MBEDTLS_ENTROPY_SHA512_ACCUMULATOR */
|
/* BEGIN_CASE depends_on:MBEDTLS_MD_C:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_PLATFORM_NV_SEED_ALT */
|
||||||
void entropy_nv_seed( data_t * read_seed )
|
void entropy_nv_seed( data_t * read_seed )
|
||||||
{
|
{
|
||||||
mbedtls_sha512_context accumulator;
|
#if defined(MBEDTLS_ENTROPY_SHA512_ACCUMULATOR)
|
||||||
|
const mbedtls_md_info_t *md_info =
|
||||||
|
mbedtls_md_info_from_type( MBEDTLS_MD_SHA512 );
|
||||||
|
#elif defined(MBEDTLS_ENTROPY_SHA256_ACCUMULATOR)
|
||||||
|
const mbedtls_md_info_t *md_info =
|
||||||
|
mbedtls_md_info_from_type( MBEDTLS_MD_SHA256 );
|
||||||
|
#else
|
||||||
|
#error "Unsupported entropy accumulator"
|
||||||
|
#endif
|
||||||
|
mbedtls_md_context_t accumulator;
|
||||||
mbedtls_entropy_context ctx;
|
mbedtls_entropy_context ctx;
|
||||||
|
int (*original_mbedtls_nv_seed_read)( unsigned char *buf, size_t buf_len ) =
|
||||||
|
mbedtls_nv_seed_read;
|
||||||
|
int (*original_mbedtls_nv_seed_write)( unsigned char *buf, size_t buf_len ) =
|
||||||
|
mbedtls_nv_seed_write;
|
||||||
|
|
||||||
unsigned char header[2];
|
unsigned char header[2];
|
||||||
unsigned char entropy[MBEDTLS_ENTROPY_BLOCK_SIZE];
|
unsigned char entropy[MBEDTLS_ENTROPY_BLOCK_SIZE];
|
||||||
|
@ -316,17 +329,14 @@ void entropy_nv_seed( data_t * read_seed )
|
||||||
|
|
||||||
memset( entropy, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
memset( entropy, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||||
memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
memset( buf, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||||
memset( buffer_seed, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
|
||||||
memset( empty, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
memset( empty, 0, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||||
memset( check_seed, 2, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
memset( check_seed, 2, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||||
memset( check_entropy, 3, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
memset( check_entropy, 3, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||||
|
|
||||||
// Set the initial NV seed to read
|
|
||||||
memcpy( buffer_seed, read_seed->x, read_seed->len );
|
|
||||||
|
|
||||||
// Make sure we read/write NV seed from our buffers
|
// Make sure we read/write NV seed from our buffers
|
||||||
mbedtls_platform_set_nv_seed( buffer_nv_seed_read, buffer_nv_seed_write );
|
mbedtls_platform_set_nv_seed( buffer_nv_seed_read, buffer_nv_seed_write );
|
||||||
|
|
||||||
|
mbedtls_md_init( &accumulator );
|
||||||
mbedtls_entropy_init( &ctx );
|
mbedtls_entropy_init( &ctx );
|
||||||
entropy_clear_sources( &ctx );
|
entropy_clear_sources( &ctx );
|
||||||
|
|
||||||
|
@ -334,45 +344,57 @@ void entropy_nv_seed( data_t * read_seed )
|
||||||
MBEDTLS_ENTROPY_BLOCK_SIZE,
|
MBEDTLS_ENTROPY_BLOCK_SIZE,
|
||||||
MBEDTLS_ENTROPY_SOURCE_STRONG ) == 0 );
|
MBEDTLS_ENTROPY_SOURCE_STRONG ) == 0 );
|
||||||
|
|
||||||
|
// Set the initial NV seed to read
|
||||||
|
TEST_ASSERT( read_seed->len >= MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||||
|
memcpy( buffer_seed, read_seed->x, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
||||||
|
|
||||||
// Do an entropy run
|
// Do an entropy run
|
||||||
TEST_ASSERT( mbedtls_entropy_func( &ctx, entropy, sizeof( entropy ) ) == 0 );
|
TEST_ASSERT( mbedtls_entropy_func( &ctx, entropy, sizeof( entropy ) ) == 0 );
|
||||||
|
|
||||||
// Determine what should have happened with manual entropy internal logic
|
// Determine what should have happened with manual entropy internal logic
|
||||||
// Only use the SHA-512 version to check
|
|
||||||
|
|
||||||
// Init accumulator
|
// Init accumulator
|
||||||
header[1] = MBEDTLS_ENTROPY_BLOCK_SIZE;
|
header[1] = MBEDTLS_ENTROPY_BLOCK_SIZE;
|
||||||
mbedtls_sha512_starts( &accumulator, 0 );
|
TEST_ASSERT( mbedtls_md_setup( &accumulator, md_info, 0 ) == 0 );
|
||||||
|
|
||||||
// First run for updating write_seed
|
// First run for updating write_seed
|
||||||
header[0] = 0;
|
header[0] = 0;
|
||||||
mbedtls_sha512_update( &accumulator, header, 2 );
|
TEST_ASSERT( mbedtls_md_starts( &accumulator ) == 0 );
|
||||||
mbedtls_sha512_update( &accumulator, read_seed->x, read_seed->len );
|
TEST_ASSERT( mbedtls_md_update( &accumulator, header, 2 ) == 0 );
|
||||||
mbedtls_sha512_finish( &accumulator, buf );
|
TEST_ASSERT( mbedtls_md_update( &accumulator,
|
||||||
|
read_seed->x, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_md_finish( &accumulator, buf ) == 0 );
|
||||||
|
|
||||||
memset( &accumulator, 0, sizeof( mbedtls_sha512_context ) );
|
TEST_ASSERT( mbedtls_md_starts( &accumulator ) == 0 );
|
||||||
mbedtls_sha512_starts( &accumulator, 0 );
|
TEST_ASSERT( mbedtls_md_update( &accumulator,
|
||||||
mbedtls_sha512_update( &accumulator, buf, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
|
||||||
|
|
||||||
mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, check_seed, 0 );
|
TEST_ASSERT( mbedtls_md( md_info, buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
|
||||||
|
check_seed ) == 0 );
|
||||||
|
|
||||||
// Second run for actual entropy (triggers mbedtls_entropy_update_nv_seed)
|
// Second run for actual entropy (triggers mbedtls_entropy_update_nv_seed)
|
||||||
header[0] = MBEDTLS_ENTROPY_SOURCE_MANUAL;
|
header[0] = MBEDTLS_ENTROPY_SOURCE_MANUAL;
|
||||||
mbedtls_sha512_update( &accumulator, header, 2 );
|
TEST_ASSERT( mbedtls_md_update( &accumulator, header, 2 ) == 0 );
|
||||||
mbedtls_sha512_update( &accumulator, empty, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
TEST_ASSERT( mbedtls_md_update( &accumulator,
|
||||||
|
empty, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
|
||||||
|
|
||||||
header[0] = 0;
|
header[0] = 0;
|
||||||
mbedtls_sha512_update( &accumulator, header, 2 );
|
TEST_ASSERT( mbedtls_md_update( &accumulator, header, 2 ) == 0 );
|
||||||
mbedtls_sha512_update( &accumulator, check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE );
|
TEST_ASSERT( mbedtls_md_update( &accumulator,
|
||||||
mbedtls_sha512_finish( &accumulator, buf );
|
check_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
|
||||||
|
TEST_ASSERT( mbedtls_md_finish( &accumulator, buf ) == 0 );
|
||||||
|
|
||||||
mbedtls_sha512( buf, MBEDTLS_ENTROPY_BLOCK_SIZE, check_entropy, 0 );
|
TEST_ASSERT( mbedtls_md( md_info, buf, MBEDTLS_ENTROPY_BLOCK_SIZE,
|
||||||
|
check_entropy ) == 0 );
|
||||||
|
|
||||||
// Check result of both NV file and entropy received with the manual calculations
|
// Check result of both NV file and entropy received with the manual calculations
|
||||||
TEST_ASSERT( memcmp( check_seed, buffer_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
|
TEST_ASSERT( memcmp( check_seed, buffer_seed, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
|
||||||
TEST_ASSERT( memcmp( check_entropy, entropy, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
|
TEST_ASSERT( memcmp( check_entropy, entropy, MBEDTLS_ENTROPY_BLOCK_SIZE ) == 0 );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_md_free( &accumulator );
|
||||||
mbedtls_entropy_free( &ctx );
|
mbedtls_entropy_free( &ctx );
|
||||||
|
mbedtls_nv_seed_read = original_mbedtls_nv_seed_read;
|
||||||
|
mbedtls_nv_seed_write = original_mbedtls_nv_seed_write;
|
||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
|
|
@ -170,10 +170,6 @@ void nist_kw_plaintext_lengths( int in_len, int out_len, int mode, int res )
|
||||||
TEST_ASSERT( ciphertext != NULL );
|
TEST_ASSERT( ciphertext != NULL );
|
||||||
}
|
}
|
||||||
|
|
||||||
memset( plaintext, 0, in_len );
|
|
||||||
memset( ciphertext, 0, output_len );
|
|
||||||
|
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
|
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
|
||||||
key, 8 * sizeof( key ), 1 ) == 0 );
|
key, 8 * sizeof( key ), 1 ) == 0 );
|
||||||
|
|
||||||
|
@ -225,10 +221,6 @@ void nist_kw_ciphertext_lengths( int in_len, int out_len, int mode, int res )
|
||||||
TEST_ASSERT( ciphertext != NULL );
|
TEST_ASSERT( ciphertext != NULL );
|
||||||
}
|
}
|
||||||
|
|
||||||
memset( plaintext, 0, output_len );
|
|
||||||
memset( ciphertext, 0, in_len );
|
|
||||||
|
|
||||||
|
|
||||||
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
|
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
|
||||||
key, 8 * sizeof( key ), 0 ) == 0 );
|
key, 8 * sizeof( key ), 0 ) == 0 );
|
||||||
unwrap_ret = mbedtls_nist_kw_unwrap( &ctx, mode, ciphertext, in_len,
|
unwrap_ret = mbedtls_nist_kw_unwrap( &ctx, mode, ciphertext, in_len,
|
||||||
|
|
Loading…
Reference in a new issue