yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-05-25 21:22:10 +00:00
Code Issues Packages Projects Releases Wiki Activity
7267 commits 88 branches 205 tags 69 MiB
Commit graph

7267 commits

This branch
This branch
All branches
Author SHA1 Message Date
Hanno Becker 4aed27e469 Add missing test-dependencies for MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 
The tests for the maximum fragment length extension were lacking a dependency on
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH being set in the config.
 2017-09-18 16:11:42 +01:00
Hanno Becker e4ad3e8803 Allow requests of size larger than 16384 in ssl_client2 2017-09-18 16:11:42 +01:00
Hanno Becker 5175ac6e13 Add tests for disabled MFL-extension to all.sh 
This commit adds a build with default config except
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH to all.sh, as well as a run of the MFL-related
tests in ssl-opt.sh.
 2017-09-18 16:11:39 +01:00
Ron Eldor 4a2fb4c6be Addres review comments 
Resolves comments raised in the review
 2017-09-18 13:43:05 +03:00
Hanno Becker 81e96dd54a Adapt ChangeLog 2017-09-18 11:07:25 +01:00
Ron Eldor 147d142948 Add log and fix stle issues 
Address Andres comments of PR
 2017-09-18 13:05:53 +03:00
Ron Eldor 714785dcc2 Write correct number of ciphersuites in log 
Change location of log, to fit the correct number of used ciphersuites
 2017-09-18 13:05:48 +03:00
Hanno Becker 9648f8b59c Add run-time check for handshake message size in ssl_write_record 2017-09-18 10:56:15 +01:00
Hanno Becker d33f1ca34c Add run-time check for record content size in ssl_encrypt_buf 2017-09-18 10:56:14 +01:00
Hanno Becker a8434e8f95 Add compile-time checks for size of record content and payload 2017-09-18 10:56:14 +01:00
Andres Amaya Garcia 01692531c6 Document code silently discarding invalid records 2017-09-14 20:20:31 +01:00
Andres Amaya Garcia f569f701c2 Fix ChangeLog entry 2017-09-14 20:20:21 +01:00
Andres Amaya Garcia 06fc6650f4 Add ChangeLog entry 2017-09-14 20:20:15 +01:00
Andres Amaya Garcia 2fad94b193 Dont send alert on invalid DTLS record type 
Do not send fatal alerts when receiving a record with an invalid header
while running DTLS as this is not compliant behaviour.
 2017-09-14 20:18:37 +01:00
Hanno Becker d4a872ee67 Rename internal MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG 
This commit renames the test-only flag MBEDTLS_ENTROPY_HAVE_STRONG to ENTROPY_HAVE_STRONG to make it more transparent
that it's an internal flag, and also to content the testscript tests/scripts/check-names.pl which previously complained
about the macro occurring in a comment in `entropy.c` without being defined in a library file.
 2017-09-14 08:04:13 +01:00
Hanno Becker 45037ceac5 Add check for presence of relevant parameters in mbedtls_rsa_private 
If CRT is used, check for the presence N, P, Q, D, E, DP, DQ and QP. If CRT is
not used, check for N, P, Q, D, E only.
 2017-09-14 08:02:14 +01:00
Hanno Becker 81535d0011 Minor style and typo corrections 2017-09-14 07:51:54 +01:00
Hanno Becker 476986547b Omit version from X.509 v1 certificates 
The version field in an X.509 certificate is optional and defaults to v1, so it
may be omitted in this case.
 2017-09-14 07:51:54 +01:00
Hanno Becker d7f3520360 Don't add extensions for X.509 non-v3 certificates 
This commit removes extension-writing code for X.509 non-v3 certificates from
mbedtls_x509write_crt_der. Previously, even if no extensions were present an
empty sequence would have been added.
 2017-09-14 07:51:54 +01:00
Hanno Becker fc77144802 Fix extraction of signature-type from PK context instance 2017-09-14 07:51:54 +01:00
Hanno Becker 418a62242b Extend tests/data_files/Makefile to include CRT's for CRT write test 2017-09-14 07:51:28 +01:00
Hanno Becker 6c13d37961 Extend cert_write example program by multiple cmd line options 
This commit adds the following command line options to programs/x509/cert_write:
- version (val 1, 2, 3): Set the certificate's version (v1, v2, v3)
- authority_identifier (val 0, 1): Enable or disable the addition of the
                                   authority identifier extension.
- subject_identifier (val 0, 1): Enable or disable the addition of the
                                 subject identifier extension.
- basic_constraints (val 0, 1): Enable or disable the addition of the
                                basic constraints extension.
- md (val MD5, SHA1, SHA256, SHA512): Set the hash function used
                                      when creating the CRT.
 2017-09-13 15:42:16 +01:00
Ron Eldor b2231fc31a Address review comments 
Addres review comments done by Hanno
 2017-09-10 17:34:28 +03:00
Hanno Becker 9be1926b69 Correct parsing checks in mbedtls_pk_parse_key 
Two code-paths in `mbedtls_pk_parse_key` returned success on a failure in `mbedtls_pk_setup`.
 2017-09-08 12:39:44 +01:00
Hanno Becker 66a0f83d58 Remove unreachable branches in pkparse.c 2017-09-08 12:39:21 +01:00
Hanno Becker 5a4f172522 Add suffix for 1024-bit RSA key files 
Previously, 2048-bit and 4096-bit RSA key files had their bitsize indicated in their filename, while the original
1024-bit keys hadn't. This commit unifies the naming scheme by always indicating the bitsize in the filename.
 2017-09-07 15:40:30 +01:00
Hanno Becker c8063c58f0 Correct Makefile in tests/data_files 
The documentation of the target `all_final` was no longer accurate, and numerous non-file targets were missing in the
.PHONY section.
 2017-09-07 15:30:12 +01:00
Hanno Becker b8d1657148 Mention in-place decryption in pk_parse_key_pkcs8_encrypted_der 
Also fixes a typo.
 2017-09-07 15:29:01 +01:00
Hanno Becker 2aa80a706f Remove unnecessary cast 2017-09-07 15:28:45 +01:00
Hanno Becker a988a2702a Emit deprecation warning if MBEDTLS_RSA_FORCE_BLINDING is not set 2017-09-07 13:11:33 +01:00
Hanno Becker 6ac972d815 Style correction in test_suite_pk.function 2017-09-07 13:10:44 +01:00
Hanno Becker 936f72c641 Disable MBEDTLS_RSA_FORCE_BLINDING by default 
This commit disables the new MBEDTLS_RSA_FORCE_BLINDING option by default to preserve backwards
compatibility. Further, it deprecates disabling to prepare for a future release in which blinding will be
unconditionally enforced.
 2017-09-07 13:09:58 +01:00
Ron Eldor bc18eb3b92 Fix compilation error with Mingw32 
Fix compilation error on Mingw32 when `_TRUNCATE` is defined. Use
`_TRUNCATE` only if `__MINGW32__` not defined. Fix suggested by
Thomas Glanzmann and Nick Wilson on issue #355
 2017-09-06 17:51:14 +03:00
Ron Eldor 65112b15e6 Adress Hannos's comments 
Remove zeroizing buffer, as it was done already in PR #369
Check that buffer is not null by `!= NULL` statement
 2017-09-06 17:09:41 +03:00
Manuel Pégourié-Gonnard d23bc1b2cf Merge branch 'iotssl-1381-x509-verify-refactor' into iotssl-1381-x509-verify-refactor-restricted 
* iotssl-1381-x509-verify-refactor:
  Tests: depends-pkalgs.pl - disable less options
  Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug
 2017-09-06 11:35:11 +02:00
Manuel Pégourié-Gonnard c1c16436c6 Merge pull request #1 from gertvdijk/issue1040-mpgbranch 
Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug
 2017-09-06 11:31:01 +02:00
Ron Eldor 9d84b4c102 update after Andres comments 
Update after Andres coments:
1. zeroize the buffer in `mbedtls_pem_read_buffer()` before freeing it
2. use `mbedtls_zeroize()` instead of `memset()`
 2017-09-05 17:17:31 +03:00
Ron Eldor 31162e4423 Set PEM buffer to zero before freeing it 
Set PEM buffer to zero before freeing it, to avoid private keys
being leaked to memory after releasing it.
 2017-09-05 15:34:35 +03:00
Gert van Dijk 25d124dc74 Tests: depends-pkalgs.pl - disable less options 
Rather than disabling SSL & Key exchanges as a whole, only disable those
options required by reverse dependencies.

GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040
See also discussion in PR #1074.
https://github.com/ARMmbed/mbedtls/pull/1074#issuecomment-327096303
 2017-09-05 14:29:28 +02:00
Ron Eldor 7268ca9500 remove redundant include 
Remove redunadnat include for platform.h which was acciddently pushed,
for debugging purposes
 2017-09-05 14:29:20 +03:00
Hanno Becker 55b1a0af0c Add further tests for DER-encoded PKCS8-v2-DES encrypted RSA keys 
For uniformity, this commit adds tests for DER encoded PKCS8-v2-DES encrypted RSA keys that were already present for
PKCS8-v2-3DES encrypted RSA keys.
 2017-09-05 10:43:20 +01:00
Hanno Becker 7d108257a4 Add further tests for new RSA keys 
For uniformity, this commit adds tests for DER encoded, SHA1-2DES and SHA1-RC4-128-encrypted RSA keys; for SHA1-3DES encrypted keys, these were already present.
 2017-09-05 10:35:31 +01:00
Hanno Becker 8fdfc98676 Update keyfiles 
This commit replaces the previous keyfiles with those generated by the commands added in the previous commit.
 2017-09-05 10:08:37 +01:00
Hanno Becker d16f6126c7 Add RSA key generation commands to test Makefile 
This commit adds the commands used to generate the various RSA keys to tests/Makefile so that they can be easily
regenerated or modified, e.g. if larger key sizes or other encryption algorithms need to be tested in the future.
 2017-09-05 10:08:37 +01:00
Hanno Becker 9c6cb38ba8 Fix typo in pkparse.c 2017-09-05 10:08:01 +01:00
Gert van Dijk 4f13195f3b Tests: add omitted dependency on MBEDTLS_ECDSA_C in test_suite_debug 
GitHub issue #1040 https://github.com/ARMmbed/mbedtls/issues/1040
 2017-09-04 14:17:10 +02:00
Hanno Becker f28dc2f900 Adapt ChangeLog 2017-09-04 13:07:52 +01:00
Ron Eldor 18b3c912f9 Address Azim's coments 
Fix typo and use new check for clang>3.5m according to azim's comments
 2017-09-04 14:03:33 +03:00
Ron Eldor 22d989c434 Suport clang version 3.8 
Check CLANG version, and according to the version,
set the correct paramters. fix for #1072
 2017-09-03 17:56:25 +03:00
Ron Eldor 0a47d12717 Rephrase the backport sectio 
Rephrase the backport sectoin, since development branch is not a legacy
branch
 2017-09-03 10:20:25 +03:00