yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-10-19 09:31:43 +00:00
Code Issues Packages Projects Releases Wiki Activity
12508 commits 88 branches 205 tags 69 MiB
Commit graph

12508 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gilles Peskine 84984ae220 Add missing return code check on calls to mbedtls_md() 2020-01-21 16:52:08 +01:00
Gilles Peskine 9018b11302 Check that mbedtls_mpi_grow succeeds 2020-01-21 16:30:53 +01:00
Gilles Peskine 292672eb12 If ASSERT_ALLOC_WEAK fails, mark the test as skipped, not passed 
This was the intended behavior of ASSERT_ALLOC_WEAK all along, but
skipping was not implemented yet when ASSERT_ALLOC_WEAK was
introduced.
 2020-01-21 16:20:04 +01:00
Gilles Peskine 42a1acfd0e get_len_step: Fix end-of-buffer calculation when buffer_size==0 
Fix get_len_step when buffer_size==0. The intent of this test is to
ensure (via static or runtime buffer overflow analysis) that
mbedtls_asn1_get_len does not attempt to access beyond the end of the
buffer. When buffer_size is 0 (reached from get_len when parsing a
1-byte buffer), the buffer is buf[1..1] because allocating a 0-byte
buffer might yield a null pointer rather than a valid pointer. In this
case the end of the buffer is p==buf+1, not buf+buffer_size which is
buf+0.

The test passed because calling mbedtls_asn1_get_len(&p,end,...) with
end < p happens to work, but this is not guaranteed.
 2020-01-21 16:12:07 +01:00
Janos Follath 2e9f108fbd Bump version to Mbed TLS 2.20.0 2020-01-21 14:08:26 +00:00
Gilles Peskine a2bdcb9e3a Remove redundant block_size validity check 
Check the value only once, as soon as we've obtained it.
 2020-01-21 15:02:14 +01:00
Janos Follath d27a88438f Merge branch 'development' into development-restricted 2020-01-15 15:55:11 +00:00
Jaeden Amero a337167543
Merge pull request #342 from Patater/reseed-counter-value-comment 
ctr_drbg: Clarify reseed_counter values before seeding
 2020-01-10 13:49:33 +00:00
Jaeden Amero a15c71374b ctr_drbg: Clarify reseed_counter values before seeding 
Before the initial seeding, reseed_counter used to always be 0. Now, the
value depends on whether or not the user has explicitly set the amount
of data to get from the nonce (via e.g.
mbedtls_ctr_drbg_set_nonce_len()). Add comments to clarify the possible
values reseed_counter can have before the initial seeding.
 2020-01-09 13:48:52 +00:00
Manuel Pégourié-Gonnard 1e6fb01448 Make SHA512_NO_SHA384 depend on SHA512_C 2020-01-07 11:00:34 +01:00
Manuel Pégourié-Gonnard 86a39bdbc5 Improve readability of test dependencies 
- Always put MBEDTLS_SHA512_NO_SHA384 immediately after MBEDTLS_SHA512_C
- Remove duplicate occurrences of MBEDTLS_SHA512_NO_SHA384 on the same line
 2020-01-07 10:24:17 +01:00
Manuel Pégourié-Gonnard 2d88549c6b Improve readability of macro in selftest 2020-01-07 10:17:35 +01:00
Manuel Pégourié-Gonnard 0b9db441c8 Make optional parameter validation more precise 2020-01-07 10:14:54 +01:00
Manuel Pégourié-Gonnard 792b16d83b Make more code paths conditional in psa_crypto.c 2020-01-07 10:13:18 +01:00
Manuel Pégourié-Gonnard 663ee2019a Clarify documentation on is384. 2020-01-07 10:11:22 +01:00
Manuel Pégourié-Gonnard 20f236de37 Adjust depends-hashes.pl to test NO_SHA384 as well 2020-01-06 11:40:23 +01:00
Manuel Pégourié-Gonnard d602084cde Implement NO_SHA384 in MD layer and PSA 2020-01-06 11:40:23 +01:00
Manuel Pégourié-Gonnard 6ba5a3fc57 Declare test dependencies on !SHA512_NO_SHA384 2020-01-06 11:40:23 +01:00
Manuel Pégourié-Gonnard 39ea19a35c Adapt sha512 selftest to NO_SHA384 option 2020-01-06 11:40:23 +01:00
Manuel Pégourié-Gonnard 3df4e60561 Implement SHA512_NO_SHA384 in sha512 module 
Saves 140 bytes on sha512.o, measured with:

arm-none-eabi-gcc -Wall -Wextra -Iinclude -Os -mcpu=cortex-m0plus -mthumb -c library/sha512.c && arm-none-eabi-size sha512.o

arm-none-eabi-gcc (GNU Tools for Arm Embedded Processors 7-2018-q2-update) 7.3.1 20180622 (release) [ARM/embedded-7-branch revision 261907]

Todo:
- fix selftest
- fix dependencies in test suites
- implement in MD layer
 2020-01-06 11:40:23 +01:00
Manuel Pégourié-Gonnard ad6cb11461 Declare new config.h option MBEDTLS_SHA512_NO_SHA384 2020-01-06 11:40:23 +01:00
Jaeden Amero 448d1cc854
Merge pull request #334 from dgreen-arm/fix-pylint-warnings 
Fix some pylint warnings
 2019-12-20 16:06:53 +00:00
Darryl Green 1822061093 Fix some pylint warnings 
Add docstrings where they were missing and fix a too-long line
 2019-12-20 15:13:45 +00:00
Gilles Peskine 180850a229
Merge pull request #291 from gilles-peskine-arm/ctr_drbg-test_aes_128 
Test MBEDTLS_CTR_DRBG_USE_128_BIT_KEY
 2019-12-20 10:43:44 +01:00
Jaeden Amero 795c6bab62
Merge pull request #323 from yanesca/iotcrypt-942-initialise-return-values 
Initialise return values to an error
 2019-12-19 10:24:22 +00:00
Jaeden Amero 16027956cd
Merge pull request #333 from gilles-peskine-arm/psa-streamline_encodings-prepare_for_types 
Streamline PSA key type encodings: prepare
 2019-12-13 09:39:03 +00:00
Janos Follath 9c2ccd2e7a Fix error code range in documentation 2019-12-12 14:24:46 +00:00
Gilles Peskine 4cd3277656 Factor common code of psa_import_ec_{public,private}_key 2019-12-12 09:00:27 +01:00
Gilles Peskine 46c33801f3 Remove unused macros 2019-12-12 09:00:27 +01:00
Gilles Peskine 7a1925c453 Add a few EC public key import/export test cases 
Test a Brainpool curve and a curve whose bit size is not a multiple of 8.
 2019-12-12 09:00:27 +01:00
Gilles Peskine f8210f2bd5 Test the block size for symmetric keys 
Also insist on their category.

Fix a missing implementation of PSA_BLOCK_CIPHER_BLOCK_SIZE for
ChaCha20.
 2019-12-12 09:00:27 +01:00
Gilles Peskine 92f2da9d67 More precise descriptions for format and parse tests 2019-12-12 09:00:27 +01:00
Gilles Peskine fb745bf618 Fix memory failure handling in test_format_storage_data_check 
Fail the test instead of crashing if a memory allocation fails.

Free memory even if the test fails.
 2019-12-12 09:00:26 +01:00
Gilles Peskine 667c111416 Sanity checks for key attributes in exercise_key 2019-12-12 09:00:26 +01:00
Gilles Peskine 325584889d Add option to show what values are tested 
This is useful to inspect what the script does manually, in particular
to check that expected values do get tested. --keep-c provides the
same information but in a way that's harder to access.
 2019-12-11 11:03:07 +01:00
Gilles Peskine 49af2d3a4f Support non-ASCII characters in headers 
Filter out non-ASCII characters in automatically processed headers.

Do this in a way that minimizes the code change: keep manipulating
strings, but strip off non-ASCII characters when reading lines, which
should only remove characters in comments that we don't parse anyway.
 2019-12-11 11:03:07 +01:00
Gilles Peskine 81f7909497
Merge pull request #325 from gilles-peskine-arm/psa-sign_hash 
Rename psa_asymmetric_{sign_verify} to psa_{sign,verify}_hash
 2019-12-06 10:10:14 +01:00
Janos Follath 24eed8d2d2 Initialise return values to an error 
Initialising the return values to and error is best practice and makes
the library more robust.
 2019-12-03 16:07:18 +00:00
Janos Follath a13b905d8d Map the new Mbed TLS error value in PSA 2019-12-03 16:03:11 +00:00
Janos Follath 60f6b64b8f Add two error codes to the Error module 
One of the error codes was already reserved, this commit just makes it
explicit. The other one is a new error code for initializing return
values in the library: `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED` should
not be returned by the library. If it is returned, then it is surely a
bug in the library or somebody is tampering with the device.
 2019-12-03 16:01:06 +00:00
Janos Follath d11550e11d Fix number of allocated errors in Platform 2019-12-03 16:01:06 +00:00
Gilles Peskine 1a60fa1e3a
Merge pull request #328 from gilles-peskine-arm/psa-ecdsa_deterministic_flag 
Remove dependency of crypto_values.h on crypto_extra.h
 2019-11-29 18:41:55 +01:00
Gilles Peskine 0168f2f2c1 Better documentation in crypto_compat.h 
Note that the identifiers declared in this header are deprecated.

Indicate what API version identifiers were from.
 2019-11-29 12:23:46 +01:00
Gilles Peskine 2ff02c361e Document MBEDTLS_TEST_DEPRECATED 2019-11-29 12:17:21 +01:00
Gilles Peskine 895242be1c Add negative test cases for deprecated aliases 
Catch more potential plumbing errors such as not returning the right
value or not writing to an output parameter.
 2019-11-29 12:15:40 +01:00
Gilles Peskine 972630e240 Remove dependency of crypto_values.h on crypto_extra.h 
Define PSA_ALG_ECDSA_DETERMINISTIC_FLAG in crypto_values.h.

This is necessary for the current PSA API specification processing
scripts.
 2019-11-29 11:55:48 +01:00
Jaeden Amero ba9fff2433
Merge pull request #283 from ARMmbed/dev/gilles-peskine-arm/ctr_drbg-aes_fail-crypto 
Uncaught AES failure in CTR_DRBG
 2019-11-28 15:02:00 +00:00
Gilles Peskine 7bb1a7e0bf
Merge pull request #307 from msopiha-linaro/development 
Add ASN.1 ENUMERATED tag support
 2019-11-28 10:20:18 +01:00
Gilles Peskine afaee1cacf Catch AES failure in mbedtls_ctr_drbg_random 
The functions mbedtls_ctr_drbg_random() and
mbedtls_ctr_drbg_random_with_add() could return 0 if an AES function
failed. This could only happen with alternative AES
implementations (the built-in implementation of the AES functions
involved never fail), typically due to a failure in a hardware
accelerator.

Bug reported and fix proposed by Johan Uppman Bruce and Christoffer
Lauri, Sectra.
 2019-11-28 10:03:08 +01:00
Gilles Peskine 06c28890c9 Add test function for effective key attributes 
We're going to create some edge cases where the attributes of a key
are not bitwise identical to the attributes passed during creation.
Have a test function ready for that.
 2019-11-26 19:14:18 +01:00