yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-12-27 17:45:49 +00:00
Code Issues Packages Projects Releases Wiki Activity
16572 commits 88 branches 205 tags 69 MiB
Commit graph

16572 commits

This branch
This branch
All branches
Author SHA1 Message Date
Andrzej Kurek c60cc1d7be Add missing dependency on MBEDTLS_GCM_C in cipher tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-26 07:45:43 -05:00
Andrzej Kurek 53ad763848 Mark unused variable in tests for cases with reduced configs 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-26 07:45:43 -05:00
Gilles Peskine 3df1dae6c0 CMake: generate the list of test suites automatically 
We keep forgetting to register new test suites in tests/CMakeLists.txt. To
fix this problem once and for all, remove the need for manual registration.

The following test suites were missing:
  test_suite_cipher.aria
  test_suite_psa_crypto_driver_wrappers

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 23:28:51 +01:00
Gilles Peskine 8c681b7290 Add positive test case with self-signed certificates 
Add a positive test case where both the client and the server require
authentication and both use a non-CA self-signed certificate.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 17:09:19 +01:00
Gilles Peskine 98dcb4c024
Merge pull request #5458 from AndrzejKurek/gitignore-eclipse-2-28 
Backport 2.28: Add eclipse-specific project files to gitignore
 2022-01-25 17:02:58 +01:00
Gilles Peskine efd696afb9 New option to list all test cases 
Occasionally useful for diagnosing issues with test reports.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 13:32:32 +01:00
Gilles Peskine 0c2f8ee3f0 Move collect_available_test_cases to check_test_cases.py 
No behavior change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 13:32:25 +01:00
Andrzej Kurek d5746aa13d Add eclipse-specific project files to gitignore 
The project file must be at root directory:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=78438
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-25 07:03:06 -05:00
Gilles Peskine ed29547902
Merge pull request #5452 from AndrzejKurek/doxygen-closure-fixes-2-28 
Backport 2.28: doxygen: add missing asterisk to group closures
 2022-01-24 21:40:42 +01:00
Andrzej Kurek fe5fb8e5d2 doxygen: remove empty platform_time configuration section 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-24 10:33:13 -05:00
Andrzej Kurek ff632d5a3c doxygen: move addtogroup closures to include more elements 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-24 10:32:00 -05:00
Andrzej Kurek 73afe27d5d Add missing asterisk to doxygen closures 
Clarify section names next to closing braces
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-24 10:31:06 -05:00
Gilles Peskine bf62325c9f
Merge pull request #5439 from SebastianBoe/mbedtls-2.28_check_config 
Backport 2.28: Add missing config check for PKCS5.
 2022-01-22 00:52:18 +01:00
Gilles Peskine d78e6cc817 Any package used in a script must be listed in ci.requirements.txt 
This includes scripts that don't run on the CI, but are analyzed by
all.sh check_python_files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-22 00:48:00 +01:00
Sebastian Bøe 9db51a6e26 Add missing config check for PKCS5. 
PKCS5 depends on MD, but is missing a config check resulting in
obscure errors on invalid configurations.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
 2022-01-19 13:26:09 +01:00
Manuel Pégourié-Gonnard 4afaba52a9
Merge pull request #5416 from gstrauss/mbedtls_ssl_config_defaults-repeat-2.28 
Backport 2.28: Reset dhm_P and dhm_G if config call repeated
 2022-01-14 10:41:12 +01:00
Gilles Peskine bbfa3f1967
Merge pull request #5422 from yanesca/update_mailing_list_links_backport 
Update mailing list links [Backport]
 2022-01-12 16:47:02 +01:00
Janos Follath c6935e8b19 Update mailing list links 
The mailing list software has been updated and the links have changed.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-01-12 13:17:16 +00:00
Glenn Strauss de081ce75c Reset dhm_P and dhm_G if config call repeated 
Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated
to avoid leaking memory.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-01-11 20:07:44 -05:00
Gilles Peskine 4ed2844405
Merge pull request #5312 from gilles-peskine-arm/add_list_config_function-2.x 
Backport 2.x: Add list config function
 2021-12-20 22:08:01 +01:00
Dave Rodgman 53c268e6a9
Merge pull request #873 from ARMmbed/mbedtls-2.28.0_merge_into_release 
Mbedtls 2.28.0 merge into release
 2021-12-17 11:22:26 +00:00
Dave Rodgman 8b3f26a5ac
Merge pull request #868 from ARMmbed/mbedtls-2.28.0rc0-pr 
Mbedtls 2.28.0rc0 pr
 2021-12-15 13:47:54 +00:00
Dave Rodgman d41dab39c5 Bump version to 2.28.0 
Executed ./scripts/bump_version.sh --version 2.28.0 --so-tls 14

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-15 11:55:31 +00:00
Dave Rodgman 29c3aee6a7 Update branch information in BRANCHES.md 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-15 11:53:12 +00:00
Dave Rodgman f00d9a2340 Minor Changelog updates & fixes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-15 11:52:54 +00:00
Dave Rodgman 0798a827c8 Assemble changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-15 11:48:21 +00:00
Ronald Cron 2d2fb47e45 Add change log for #4883 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-15 11:47:25 +00:00
Dave Rodgman 04e920410d Add missing changelog for ARIA (#5051) 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-14 12:53:07 +00:00
Dave Rodgman 08412e2a67 Merge remote-tracking branch 'restricted/development_2.x-restricted' into mbedtls-2.28.0rc0-pr 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-14 12:52:51 +00:00
Gilles Peskine c97cc18fb8
Merge pull request #5327 from gilles-peskine-arm/zeroize-tag-2.28 
Backport 2.2x: Zeroize expected MAC/tag intermediate variables
 2021-12-13 19:09:32 +01:00
Gilles Peskine f9a0501683 mbedtls_cipher_check_tag: jump on error for more robustness to refactoring 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 16:59:04 +01:00
Gilles Peskine 384b98bdae
Merge pull request #5310 from paul-elliott-arm/pkcs12_fix_2.x 
Backport 2.x: Fixes for pkcs12 with NULL and/or zero length password
 2021-12-13 14:52:44 +01:00
Gilles Peskine 622d80453b Initialize hash_len before using it 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 14:45:38 +01:00
Gilles Peskine d61551c017 Generalize MAC zeroization changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 13:55:17 +01:00
Gilles Peskine 8c99a760d5 PKCS#1v1.5 signature: better cleanup of temporary values 
Zeroize temporary buffers used to sanity-check the signature.

If there is an error, overwrite the tentative signature in the output
buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 13:55:17 +01:00
Gilles Peskine f91b2e5a97 mbedtls_ssl_parse_finished: zeroize expected finished value on error 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 13:55:17 +01:00
Gilles Peskine 69d3b86baa mbedtls_ssl_cookie_check: zeroize expected cookie on cookie mismatch 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 13:49:14 +01:00
Gilles Peskine b3f4e5b1e1 PSA hash verification: zeroize expected hash on hash mismatch 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 13:49:14 +01:00
Gilles Peskine dc269bbd08 mbedtls_cipher_check_tag: zeroize expected tag on tag mismatch 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 13:49:14 +01:00
Paul Elliott 5752b4b7d0 Add expected output for tests 
Expected output generated by OpenSSL (see below) apart from the case
where both password and salt are either NULL or zero length, as OpenSSL
does not support this. For these test cases we have had to use our own
output as that which is expected. Code to generate test cases is as
follows:

 #include <openssl/pkcs12.h>
 #include <openssl/evp.h>
 #include <string.h>

int Keygen_Uni( const char * test_name, unsigned char *pass, int
    passlen, unsigned char *salt,
                    int saltlen, int id, int iter, int n,
                                    unsigned char *out, const EVP_MD
                                    *md_type )
{
   size_t index;

   printf( "%s\n", test_name );

   int ret = PKCS12_key_gen_uni( pass, passlen, salt, saltlen, id, iter,
                                        n, out, md_type );

   if( ret != 1 )
   {
         printf( "Key generation returned %d\n", ret );
      }
   else
   {
         for( index = 0; index < n; ++index )
         {
                  printf( "%02x", out[index] );
               }

         printf( "\n" );
      }

   printf( "\n" );

}

int main(void)
{
   unsigned char out_buf[48];
   unsigned char pass[64];
   int pass_len;
   unsigned char salt[64];
   int salt_len;

   /* If ID=1, then the pseudorandom bits being produced are to be used
      as key material for performing encryption or decryption.

            If ID=2, then the pseudorandom bits being produced are to be
            used as an IV (Initial Value) for encryption or decryption.

                  If ID=3, then the pseudorandom bits being produced are
                  to be used as an integrity key for MACing.
                     */

   int id = 1;
   int iter = 3;

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( pass, 0, sizeof( pass ) );
   memset( salt, 0, sizeof( salt ) );

   Keygen_Uni( "Zero length pass and salt", pass, 0, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass and salt", NULL, 0, NULL, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Zero length pass", pass, 0, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL pass", NULL, 0, salt, 8, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );
   memset( salt, 0, sizeof( salt ) );

   pass[0] = 0x01;
   pass[1] = 0x23;
   pass[2] = 0x45;
   pass[3] = 0x67;
   pass[4] = 0x89;
   pass[5] = 0xab;
   pass[6] = 0xcd;
   pass[7] = 0xef;

   Keygen_Uni( "Zero length salt", pass, 8, salt, 0, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   Keygen_Uni( "NULL salt", pass, 8, NULL, 0, id, iter, sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   memset( out_buf, 0, sizeof( out_buf ) );

   salt[0] = 0x01;
   salt[1] = 0x23;
   salt[2] = 0x45;
   salt[3] = 0x67;
   salt[4] = 0x89;
   salt[5] = 0xab;
   salt[6] = 0xcd;
   salt[7] = 0xef;

   Keygen_Uni( "Valid pass and salt", pass, 8, salt, 8, id, iter,
       sizeof(out_buf),
                      out_buf, EVP_md5( ) );

   return 0;
}

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:15:28 +00:00
Paul Elliott c89e209ded Remove incorrect hashing 
Incorrect interpretation of 'empty'

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott 8d7eef470b Add explanation for safety in function 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott 7a342a24ff Delete unneccesary changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott 270a264b78 Simplify Input usage macros 
Also ensure they are used in test data rather than values

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott 73051b4176 Rename (and relabel) pkcs12 test case 
Remove surplus _test suffix. Change labeling from Pcks12 to PCKS#12 as
it should be.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott 8ca8f2d163 Remove incorrect test dependency 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott ce22008c63 Documentation fixes 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott 2ab9a7a57a Stop CMake out of source tests running on 16.04 
Running the out of source CMake test on Ubuntu 16.04 using more than one
processor (as the CI does) can create a race condition whereby the build
fails to see a generated file, despite that file actually having been
generated. This problem appears to go away with 18.04 or newer, so make
the out of source tests not supported on Ubuntu 16.04

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott 1a3540afbe Fix missing test dependancies 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:45 +00:00
Paul Elliott 13d5a3429a Add PKCS12 tests 
Only regression tests for the empty password bugs for now. Further tests
will follow later.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-13 11:14:23 +00:00