yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-23 01:21:02 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/pr/646' into baremetal

Browse source
This commit is contained in:
Simon Butcher 2019-09-04 12:41:05 +01:00
parent 8afa0883af 2ccdab8ef3
commit a5e29e31c8
5 changed files with 150 additions and 23 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
configs/baremetal_test.h
View file

@ -37,9 +37,6 @@
/* Debug output */
#define MBEDTLS_DEBUG_C
/* ssl_client2 and ssl_server2 use CTR-DRBG so far. */
#define MBEDTLS_CTR_DRBG_C
/* The ticket implementation hardcodes AES-GCM */
#define MBEDTLS_GCM_C

69
programs/ssl/ssl_client2.c
View file

@ -43,13 +43,16 @@
#endif
#if !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_CLI_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C)
!defined(MBEDTLS_SSL_TLS_C) || \
!defined(MBEDTLS_SSL_CLI_C) || \
!defined(MBEDTLS_NET_C) || \
!( defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_HMAC_DRBG_C) )
int main( void )
{
mbedtls_printf("MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_CLI_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
"MBEDTLS_NET_C not defined, or "
"neither MBEDTLS_CTR_DRBG_C nor MBEDTLS_HMAC_DRBG_C defined.\n");
return( 0 );
}
#else
@ -59,6 +62,7 @@ int main( void )
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/hmac_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/error.h"
@ -701,8 +705,12 @@ static int my_verify( void *data, mbedtls_x509_crt *crt,
return( 0 );
}
#if !defined(MBEDTLS_SSL_CONF_SINGLE_HASH)
static int ssl_sig_hashes_for_test[] = {
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#if ( defined(MBEDTLS_X509_CRT_PARSE_C) && \
!defined(MBEDTLS_SSL_CONF_SINGLE_HASH) ) || \
!defined(MBEDTLS_CTR_DRBG_C)
static int available_hashes[] = {
#if defined(MBEDTLS_SHA512_C)
MBEDTLS_MD_SHA512,
MBEDTLS_MD_SHA384,
@ -717,8 +725,8 @@ static int ssl_sig_hashes_for_test[] = {
#endif
MBEDTLS_MD_NONE
};
#endif /* !MBEDTLS_SSL_CONF_SINGLE_HASH */
#endif /* MBEDTLS_X509_CRT_PARSE_C */
#endif /* ( MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_CONF_SINGLE_HASH ) ||
!MBEDTLS_CTR_DRBG_C */
/*
* Wait for an event from the underlying transport or the timer
@ -892,14 +900,23 @@ int report_cid_usage( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_CONF_RNG)
int rng_wrap( void *ctx, unsigned char *dst, size_t len );
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_context *rng_ctx_global = NULL;
#else
mbedtls_hmac_drbg_context *rng_ctx_global = NULL;
#endif /* MBEDTLS_CTR_DRBG_C */
int rng_wrap( void *ctx, unsigned char *dst, size_t len )
{
/* We expect the NULL parameter here. */
if( ctx != NULL )
return( -1 );
#if defined(MBEDTLS_CTR_DRBG_C)
return( mbedtls_ctr_drbg_random( rng_ctx_global, dst, len ) );
#else
return( mbedtls_hmac_drbg_random( rng_ctx_global, dst, len ) );
#endif
}
#endif /* MBEDTLS_SSL_CONF_RNG */
@ -941,7 +958,11 @@ int main( int argc, char *argv[] )
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif
mbedtls_entropy_context entropy;
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_context ctr_drbg;
#else
mbedtls_hmac_drbg_context hmac_drbg;
#endif
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
mbedtls_ssl_session saved_session;
@ -970,7 +991,11 @@ int main( int argc, char *argv[] )
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
memset( &saved_session, 0, sizeof( mbedtls_ssl_session ) );
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_init( &ctr_drbg );
#else
mbedtls_hmac_drbg_init( &hmac_drbg );
#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init( &clicert );
@ -1664,6 +1689,7 @@ int main( int argc, char *argv[] )
fflush( stdout );
mbedtls_entropy_init( &entropy );
#if defined(MBEDTLS_CTR_DRBG_C)
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
@ -1672,6 +1698,19 @@ int main( int argc, char *argv[] )
-ret );
goto exit;
}
#else /* MBEDTLS_CTR_DRBG_C */
if( ( ret = mbedtls_hmac_drbg_seed( &hmac_drbg,
mbedtls_md_info_from_type(
available_hashes[0] ),
mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
-ret );
goto exit;
}
#endif /* MBEDTLS_CTR_DRBG */
mbedtls_printf( " ok\n" );
@ -1851,7 +1890,7 @@ int main( int argc, char *argv[] )
crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
#if !defined(MBEDTLS_SSL_CONF_SINGLE_HASH)
mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
mbedtls_ssl_conf_sig_hashes( &conf, available_hashes );
#endif
}
@ -1953,11 +1992,19 @@ int main( int argc, char *argv[] )
}
#endif
#if defined(MBEDTLS_CTR_DRBG_C)
#if !defined(MBEDTLS_SSL_CONF_RNG)
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
#else
rng_ctx_global = &ctr_drbg;
#endif
#else /* MBEDTLS_CTR_DRBG_C */
#if !defined(MBEDTLS_SSL_CONF_RNG)
mbedtls_ssl_conf_rng( &conf, mbedtls_hmac_drbg_random, &hmac_drbg );
#else
rng_ctx_global = &hmac_drbg;
#endif
#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_DEBUG_C)
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
@ -2871,7 +2918,11 @@ exit:
mbedtls_ssl_session_free( &saved_session );
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_free( &ctr_drbg );
#else
mbedtls_hmac_drbg_free( &hmac_drbg );
#endif
mbedtls_entropy_free( &entropy );
if( session_data != NULL )
mbedtls_platform_zeroize( session_data, session_data_len );
@ -2895,4 +2946,4 @@ exit:
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_CLI_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
MBEDTLS_CTR_DRBG_C MBEDTLS_TIMING_C */
( MBEDTLS_CTR_DRBG_C || MBEDTLS_HMAC_DRBG_C ) && MBEDTLS_TIMING_C */

78
programs/ssl/ssl_server2.c
View file

@ -42,13 +42,16 @@
#endif
#if !defined(MBEDTLS_ENTROPY_C) || \
!defined(MBEDTLS_SSL_TLS_C) || !defined(MBEDTLS_SSL_SRV_C) || \
!defined(MBEDTLS_NET_C) || !defined(MBEDTLS_CTR_DRBG_C)
!defined(MBEDTLS_SSL_TLS_C) || \
!defined(MBEDTLS_SSL_SRV_C) || \
!defined(MBEDTLS_NET_C) || \
!( defined(MBEDTLS_CTR_DRBG_C) || defined(MBEDTLS_HMAC_DRBG_C) )
int main( void )
{
mbedtls_printf("MBEDTLS_ENTROPY_C and/or "
"MBEDTLS_SSL_TLS_C and/or MBEDTLS_SSL_SRV_C and/or "
"MBEDTLS_NET_C and/or MBEDTLS_CTR_DRBG_C and/or not defined.\n");
"MBEDTLS_NET_C not defined, or "
"neither MBEDTLS_CTR_DRBG_C nor MBEDTLS_HMAC_DRBG_C defined.\n");
return( 0 );
}
#else
@ -58,6 +61,7 @@ int main( void )
#include "mbedtls/ssl_ciphersuites.h"
#include "mbedtls/entropy.h"
#include "mbedtls/ctr_drbg.h"
#include "mbedtls/hmac_drbg.h"
#include "mbedtls/certs.h"
#include "mbedtls/x509.h"
#include "mbedtls/error.h"
@ -1133,9 +1137,10 @@ void term_handler( int sig )
}
#endif
#if defined(MBEDTLS_X509_CRT_PARSE_C) && \
!defined(MBEDTLS_SSL_CONF_SINGLE_HASH)
static int ssl_sig_hashes_for_test[] = {
#if ( defined(MBEDTLS_X509_CRT_PARSE_C) && \
!defined(MBEDTLS_SSL_CONF_SINGLE_HASH) ) || \
!defined(MBEDTLS_CTR_DRBG_C)
static int available_hashes[] = {
#if defined(MBEDTLS_SHA512_C)
MBEDTLS_MD_SHA512,
MBEDTLS_MD_SHA384,
@ -1150,7 +1155,8 @@ static int ssl_sig_hashes_for_test[] = {
#endif
MBEDTLS_MD_NONE
};
#endif /* MBEDTLS_X509_CRT_PARSE_C && !defined(MBEDTLS_SSL_CONF_SINGLE_HASH) */
#endif /* ( MBEDTLS_X509_CRT_PARSE_C && !MBEDTLS_SSL_CONF_SINGLE_HASH ) ||
!MBEDTLS_CTR_DRBG_C */
/** Return true if \p ret is a status code indicating that there is an
* operation in progress on an SSL connection, and false if it indicates
@ -1508,14 +1514,23 @@ int report_cid_usage( mbedtls_ssl_context *ssl,
#if defined(MBEDTLS_SSL_CONF_RNG)
int rng_wrap( void *ctx, unsigned char *dst, size_t len );
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_context *rng_ctx_global = NULL;
#else
mbedtls_hmac_drbg_context *rng_ctx_global = NULL;
#endif /* MBEDTLS_CTR_DRBG_C */
int rng_wrap( void *ctx, unsigned char *dst, size_t len )
{
/* We expect the NULL parameter here. */
if( ctx != NULL )
return( -1 );
#if defined(MBEDTLS_CTR_DRBG_C)
return( mbedtls_ctr_drbg_random( rng_ctx_global, dst, len ) );
#else
return( mbedtls_hmac_drbg_random( rng_ctx_global, dst, len ) );
#endif
}
#endif /* MBEDTLS_SSL_CONF_RNG */
@ -1545,7 +1560,11 @@ int main( int argc, char *argv[] )
mbedtls_x509_crt_profile crt_profile_for_test = mbedtls_x509_crt_profile_default;
#endif
mbedtls_entropy_context entropy;
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_context ctr_drbg;
#else
mbedtls_hmac_drbg_context hmac_drbg;
#endif
mbedtls_ssl_context ssl;
mbedtls_ssl_config conf;
#if defined(MBEDTLS_TIMING_C)
@ -1615,7 +1634,11 @@ int main( int argc, char *argv[] )
mbedtls_net_init( &listen_fd );
mbedtls_ssl_init( &ssl );
mbedtls_ssl_config_init( &conf );
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_init( &ctr_drbg );
#else
mbedtls_hmac_drbg_init( &hmac_drbg );
#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_X509_CRT_PARSE_C)
mbedtls_x509_crt_init( &cacert );
mbedtls_x509_crt_init( &srvcert );
@ -2418,6 +2441,7 @@ int main( int argc, char *argv[] )
fflush( stdout );
mbedtls_entropy_init( &entropy );
#if defined(MBEDTLS_CTR_DRBG_C)
if( ( ret = mbedtls_ctr_drbg_seed( &ctr_drbg, mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
@ -2426,6 +2450,19 @@ int main( int argc, char *argv[] )
-ret );
goto exit;
}
#else /* MBEDTLS_CTR_DRBG_C */
if( ( ret = mbedtls_hmac_drbg_seed( &hmac_drbg,
mbedtls_md_info_from_type(
available_hashes[0] ),
mbedtls_entropy_func,
&entropy, (const unsigned char *) pers,
strlen( pers ) ) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ctr_drbg_seed returned -0x%x\n",
-ret );
goto exit;
}
#endif /* MBEDTLS_CTR_DRBG */
mbedtls_printf( " ok\n" );
@ -2674,7 +2711,7 @@ int main( int argc, char *argv[] )
crt_profile_for_test.allowed_mds |= MBEDTLS_X509_ID_FLAG( MBEDTLS_MD_SHA1 );
mbedtls_ssl_conf_cert_profile( &conf, &crt_profile_for_test );
#if !defined(MBEDTLS_SSL_CONF_SINGLE_HASH)
mbedtls_ssl_conf_sig_hashes( &conf, ssl_sig_hashes_for_test );
mbedtls_ssl_conf_sig_hashes( &conf, available_hashes );
#endif
}
#endif /* MBEDTLS_X509_CRT_PARSE_C */
@ -2765,11 +2802,19 @@ int main( int argc, char *argv[] )
}
#endif
#if defined(MBEDTLS_CTR_DRBG_C)
#if !defined(MBEDTLS_SSL_CONF_RNG)
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
#else
rng_ctx_global = &ctr_drbg;
#endif
#else /* MBEDTLS_CTR_DRBG_C */
#if !defined(MBEDTLS_SSL_CONF_RNG)
mbedtls_ssl_conf_rng( &conf, mbedtls_hmac_drbg_random, &hmac_drbg );
#else
rng_ctx_global = &hmac_drbg;
#endif
#endif /* MBEDTLS_CTR_DRBG_C */
#if defined(MBEDTLS_DEBUG_C)
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
@ -2793,7 +2838,11 @@ int main( int argc, char *argv[] )
if( opt.tickets == MBEDTLS_SSL_SESSION_TICKETS_ENABLED )
{
if( ( ret = mbedtls_ssl_ticket_setup( &ticket_ctx,
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_random, &ctr_drbg,
#else
mbedtls_hmac_drbg_random, &hmac_drbg,
#endif
MBEDTLS_CIPHER_AES_256_GCM,
opt.ticket_timeout ) ) != 0 )
{
@ -2815,7 +2864,12 @@ int main( int argc, char *argv[] )
if( opt.cookies > 0 )
{
if( ( ret = mbedtls_ssl_cookie_setup( &cookie_ctx,
mbedtls_ctr_drbg_random, &ctr_drbg ) ) != 0 )
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_random, &ctr_drbg
#else
mbedtls_hmac_drbg_random, &hmac_drbg
#endif /* MBEDTLS_CTR_DRBG_C */
) ) != 0 )
{
mbedtls_printf( " failed\n ! mbedtls_ssl_cookie_setup returned %d\n\n", ret );
goto exit;
@ -3852,7 +3906,11 @@ exit:
mbedtls_ssl_free( &ssl );
mbedtls_ssl_config_free( &conf );
#if defined(MBEDTLS_CTR_DRBG_C)
mbedtls_ctr_drbg_free( &ctr_drbg );
#else
mbedtls_hmac_drbg_free( &hmac_drbg );
#endif
mbedtls_entropy_free( &entropy );
#if defined(MBEDTLS_SSL_CACHE_C)
@ -3895,4 +3953,4 @@ exit:
}
#endif /* MBEDTLS_BIGNUM_C && MBEDTLS_ENTROPY_C && MBEDTLS_SSL_TLS_C &&
MBEDTLS_SSL_SRV_C && MBEDTLS_NET_C && MBEDTLS_RSA_C &&
MBEDTLS_CTR_DRBG_C */
( MBEDTLS_CTR_DRBG_C || MBEDTLS_HMAC_DRBG_C ) */

21
tests/scripts/all.sh
View file

@ -682,6 +682,27 @@ component_test_rsa_no_crt () {
if_build_succeeded tests/compat.sh -t RSA
}
component_test_no_ctr_drbg () {
msg "build: Default + !MBEDTLS_CTR_DRBG_C"
scripts/config.pl unset MBEDTLS_CTR_DRBG_C
CC=gcc cmake .
make
msg "test: !MBEDTLS_CTR_DRBG_C - ssl-opt.sh" # ~ 5s
if_build_succeeded tests/ssl-opt.sh --filter "Default"
}
component_test_no_ctr_drbg_no_sha512 () {
msg "build: Default + !MBEDTLS_CTR_DRBG_C + !MBEDTLS_SHA512_C"
scripts/config.pl unset MBEDTLS_CTR_DRBG_C
scripts/config.pl unset MBEDTLS_SHA512_C
CC=gcc cmake .
make
msg "test: !MBEDTLS_CTR_DRBG_C + !MBEDTLS_SHA512_C - ssl-opt.sh" # ~ 5s
if_build_succeeded tests/ssl-opt.sh --filter "Default"
}
component_test_no_resumption () {
msg "build: Default + MBEDTLS_SSL_NO_SESSION_RESUMPTION (ASan build)" # ~ 6 min
scripts/config.pl unset MBEDTLS_SSL_SESSION_TICKETS

2
tests/suites/test_suite_rsa.function
View file

@ -1506,7 +1506,7 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
/* BEGIN_CASE depends_on:MBEDTLS_CTR_DRBG_C:MBEDTLS_ENTROPY_C:ENTROPY_HAVE_STRONG */
void mbedtls_rsa_validate_params( int radix_N, char *input_N,
int radix_P, char *input_P,
int radix_Q, char *input_Q,