yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-29 22:51:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
13698 commits 88 branches 205 tags 69 MiB
Commit graph

13698 commits

This branch
This branch
All branches
Author SHA1 Message Date
Steven Cooreman 56250fd169 Style fixes after PR review 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-09-04 14:22:28 +02:00
Steven Cooreman 8d2bde77a1 Make sure software fallback isn't tried on opaque keys 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-09-04 14:22:28 +02:00
Steven Cooreman 15f58d2877 Move mbedtls_to_psa_error declaration to internal header 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-09-04 14:22:27 +02:00
Steven Cooreman 2c7b2f8697 Apply changes from #3546 to newly introduced files 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-09-04 14:22:27 +02:00
Steven Cooreman f1720ea930 Fix macro naming to match inhouse style 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-09-04 14:22:27 +02:00
Steven Cooreman 1cd39d5229 Use own define for building with test drivers 
Trying to compile in the PSA accelerator test driver under MBEDTLS_TEST_HOOKS
turned out to be awkward regarding existing builds. We'll put it under a
custom (not in config.h) define instead, since it's something that only
should happen in test.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-09-04 14:22:27 +02:00
Steven Cooreman 7922396c25 Added changelog 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-09-04 14:22:27 +02:00
Steven Cooreman 2a1664cb49 Add & splice in test driver for ECC keygen 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-09-04 14:22:27 +02:00
Steven Cooreman 0116416e61 Expose mbedtls_error_to_psa_status for use in test drivers 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-09-04 14:22:27 +02:00
Steven Cooreman 55ae2176ab Add and splice in signature verification through driver 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-09-04 14:22:27 +02:00
Steven Cooreman 7a2505788c Move handling of 'SE' drivers into driver wrappers 
This is a more natural place for handling the drivers belonging to the
'previous' SE driver spec. It makes for a cleaner psa_crypto.c, and
potentially an easier overview of how to migrate from the old SE driver
interface to the 'opaque accelerator' interface.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-09-04 14:22:27 +02:00
Steven Cooreman d57203d955 Add driver tests and run them through all.sh 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-09-04 14:22:27 +02:00
Steven Cooreman cd84cb4903 Add a handcrafted first version of the driver wrapper code 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-09-04 14:22:26 +02:00
Steven Cooreman 0d59f7b092 Add configuration flag MBEDTLS_PSA_CRYPTO_DRIVERS 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-09-04 14:22:26 +02:00
Steven Cooreman a70d588f74 Add initial test driver conforming to the new spec 
Also adjusted the different makefiles accordingly.
Note: driver lifetime is currently statically defined in the header, but
this will be replaced in the future based on autogeneration of lifetime
values by a script (TBD)

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2020-09-04 14:22:26 +02:00
Gilles Peskine 4b5aba8b91
Merge pull request #3632 from gilles-peskine-arm/all.sh-armgcc-c99 
Fix arm-gcc builds in Travis runs with 2.24.0
 2020-09-02 13:42:03 +02:00
Gilles Peskine aeedd74b42 Pass -std=c99 to arm-none-eabi-gcc 
GCC up to 4.x defaults to C89. On our CI, we run the arm-none-eabi-gcc
version from Ubuntu 16.04 on Travis, and that's 4.9, so the gcc-arm
builds started failing on Travis when we introduced a C99 construct in
the configurations that we test on arm on Travis. Other builds, and
Jenkins CI, are not affected because they use GCC 5.x or newer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-09-02 11:03:04 +02:00
Janos Follath 523f0554b6
Merge pull request #748 from ARMmbed/mbedtls-2.24.0r0-pr 
Prepare Release Candidate for Mbed TLS 2.24.0
 2020-08-27 11:31:49 +01:00
Janos Follath 6012f0ee5b Finalize ChangeLog 
Fix alignment where necessary and update ChangeLog header.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2020-08-26 16:23:19 +01:00
Janos Follath 17ffc5da8d Bump version to Mbed TLS 2.24.0 
Executed "./scripts/bump_version.sh --version 2.24.0"

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2020-08-26 16:22:57 +01:00
Janos Follath c18a7b8466 Assemble ChangeLog 
Executed scripts/assemble_changelog.py.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2020-08-26 14:49:16 +01:00
Janos Follath d2ce916b58 Merge branch 'development-restricted' 2020-08-26 14:15:34 +01:00
Gilles Peskine d4b9133850
Merge pull request #3611 from gilles-peskine-arm/psa-coverity-cleanups-202008 
Minor fixes in PSA code and tests
 2020-08-26 13:18:27 +02:00
Gilles Peskine 9e4d4387f0
Merge pull request #3433 from raoulstrackx/raoul/verify_crl_without_time 
Always revoke certificate on CRL
 2020-08-26 12:56:11 +02:00
Manuel Pégourié-Gonnard 2db7be1cbb
Merge pull request #3612 from gilles-peskine-arm/psa-mac-negative-tests 
PSA: add negative MAC tests
 2020-08-26 12:19:25 +02:00
Gilles Peskine a2e518daf5 Fix the documentation of has_even_parity 
The documentation had the boolean meaning of the return value inverted.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-26 12:14:37 +02:00
Manuel Pégourié-Gonnard 376712217e
Merge pull request #737 from mpg/changelog-for-local-lucky13-dev-restricted 
Add a ChangeLog entry for local Lucky13 variant
 2020-08-26 11:52:15 +02:00
Gilles Peskine ed9fbc6443 Clearer function name for parity check 
Return a name that more clearly returns nonzero=true=good, 0=bad. We'd
normally expect check_xxx to return 0=pass, nonzero=fail so
check_parity was a bad name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-26 11:16:50 +02:00
Gilles Peskine 6c75152b9f Explain the purpose of check_parity 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-26 10:24:26 +02:00
Gilles Peskine 34f063ca47 Add missing cleanup to hash multipart operation tests 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-26 10:24:13 +02:00
Manuel Pégourié-Gonnard 8f18d08fae Clarify that the Lucky 13 fix is quite general 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2020-08-26 10:10:11 +02:00
Gilles Peskine 29c4a6cf9f Add negative tests for MAC verification 
Add negative tests for psa_mac_verify_finish: too large, too small, or
a changed byte.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-26 00:16:03 +02:00
Gilles Peskine 090e16cb8b Don't destroy the key during a MAC verification operation 
An early draft of the PSA crypto specification required multipart
operations to keep working after destroying the key. This is no longer
the case: instead, now, operations are guaranteed to fail. Mbed TLS
does not comply yet, and still allows the operation to keep going.
Stop testing Mbed TLS's non-compliant behavior.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-26 00:16:03 +02:00
Gilles Peskine 8b356b5652 Test other output sizes for psa_mac_sign_finish 
Test psa_mac_sign_finish with a smaller or larger buffer.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-26 00:16:03 +02:00
Gilles Peskine 5e65cec5e8 Simplify output bounds check in mac_sign test 
Rely on Asan to detect a potential buffer overflow, instead of doing a
manual check. This makes the code simpler and Asan can detect
underflows as well as overflows.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-26 00:16:03 +02:00
Gilles Peskine 3d404d677e Test PSA_MAC_FINAL_SIZE in mac_sign exactly 
We expect PSA_MAC_FINAL_SIZE to be exact in this implementation, so
check it here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-26 00:16:03 +02:00
Gilles Peskine cd65f4ccac Add empty-output-buffer test cases for single-part hash functions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-26 00:11:23 +02:00
Gilles Peskine e92c68a878 Note that a failure in cleanup is intentional 
In the cleanup code for persistent_key_load_key_from_storage(), we
only attempt to reopen the key so that it will be deleted if it exists
at that point. It's intentional that we do nothing if psa_open_key()
fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-26 00:11:23 +02:00
Gilles Peskine 64f13ef6ab Add missing cleanup to some multipart operation tests 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-26 00:11:23 +02:00
Gilles Peskine a09713c795 test cleanup: Annotate file removal after a failed creation 
Let static analyzers know that it's ok if remove() fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-25 22:50:18 +02:00
Gilles Peskine 169ca7f06d psa_crypto_storage: Annotate file removal after a failed creation 
Let static analyzers know that it's ok if psa_its_remove() fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-25 22:50:06 +02:00
Gilles Peskine bab1b52048 psa_its: Annotate file removal after a failed creation 
Let static analyzers know that it's ok if remove() fails here.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-25 22:49:19 +02:00
Gilles Peskine 14613bcd75 Fix parity tests to actually fail the test on error 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2020-08-25 22:30:31 +02:00
Janos Follath d4ac4e037b
Merge pull request #736 from mpg/cf-varpos-copy-dev-restricted 
Constant-flow copy of HMAC from variable position
 2020-08-25 14:35:55 +01:00
Manuel Pégourié-Gonnard 04b7488411 Fix potential use of uninitialised variable 
If any of the TEST_ASSERT()s that are before the call to
mbedtls_pk_warp_as_opaque() failed, when reaching the exit label
psa_destroy_key() would be called with an uninitialized argument.

Found by Clang.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2020-08-25 10:45:51 +02:00
Gilles Peskine ed19762a22
Merge pull request #3574 from makise-homura/e2k_support 
Support building on e2k (Elbrus) architecture
 2020-08-25 09:46:36 +02:00
makise-homura af9513bb48 A different approach of signed-to-unsigned comparison 
Suggsted by @hanno-arm

Signed-off-by: makise-homura <akemi_homura@kurisa.ch>
 2020-08-24 23:42:49 +03:00
Manuel Pégourié-Gonnard ba6fc9796a Fix a typo in a comment 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2020-08-24 12:59:55 +02:00
Manuel Pégourié-Gonnard dd00bfce34 Improve comments on constant-flow testing in config.h 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2020-08-24 12:58:36 +02:00
Gilles Peskine 0f343ac87f
Merge pull request #3528 from gufe44/helpers-redirect-restore-output 
Fix bug in redirection of unit test outputs
 2020-08-24 10:45:08 +02:00