yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-01-23 20:20:59 +00:00
Code Issues Packages Projects Releases Wiki Activity
16552 commits 88 branches 205 tags 69 MiB
Commit graph

1892 commits

Author SHA1 Message Date
Gilles Peskine 736d91dae6 Fix buffer size calculation 
Make sure that buf always has enough room for what it will contain. Before,
this was not the case if the buffer was smaller than the default response,
leading to memory corruption in ssl_server2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-13 11:24:38 +02:00
Gilles Peskine 7c45b6767b Fix the build when MBEDTLS_PLATFORM_C is unset 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-12 21:26:36 +02:00
Gilles Peskine 7ece768578 Seed the PRNG even if time() isn't available 
time() is only needed to seed the PRNG non-deterministically. If it isn't
available, do seed it, but pick a static seed.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-08 08:34:50 -04:00
Andrzej Kurek 478181d1f3 Refactor ssl_context_info time printing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 15:25:42 -05:00
Andrzej Kurek 388ee8a072 Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 15:25:42 -05:00
Andrzej Kurek 65f93d5567 Fix udp_proxy dependency on MBEDTLS_HAVE_TIME 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 15:25:42 -05:00
Andrzej Kurek 448cf48e18 Fix requirement mismatch in fuzz/common.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 15:25:42 -05:00
David Horstmann 11d0a6feb6 programs/fuzz: Remove superfluous MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra
check for MBEDTLS_HAVE_TIME is not needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-03-04 15:25:42 -05:00
David Horstmann 0e4a1aa2f1 programs/test: fix build without MBEDTLS_HAVE_TIME 
Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is
not defined. In this case, do not attempt to seed the pseudo-random
number generator used to sometimes produce corrupt packets and other
erroneous data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-03-04 15:25:42 -05:00
Raoul Strackx 2db000feb6 programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined 
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 15:25:42 -05:00
Daniel Axtens 301db66954 Do not include time.h without MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 15:25:42 -05:00
Andrzej Kurek e2462ba437 Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED 
Fix dependencies across test ssl programs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-26 07:45:43 -05:00
Gilles Peskine 5e41e0e934 Update generated file 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 20:19:30 +01:00
Jerry Yu 47569e097e fix help message issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Jerry Yu 4f2dff429a Add list_config into query_comile_time_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Jerry Yu 0abd677ed7 Add list_config generation 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 20:19:05 +01:00
Gilles Peskine 3d28378734 Check return values in more places 
Selective replacement of
```
^\( *\)\(mbedtls_\(md\|cipher\)_[A-Z_a-z0-9]+\)\((.*)\);
```
by
```
\1if( \2\4 != 0 )
\1{
\1    mbedtls_fprintf( stderr, "\2() returned error\\n" );
\1    goto exit;
\1}
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 14:45:41 +01:00
Gilles Peskine 4a5396ec25
Merge pull request #5299 from paul-elliott-arm/crypt_and_hash_prog_2.x 
Backport 2.x: Add checks for return values to md functions in crypt and hash
 2021-12-09 23:32:52 +01:00
Paul Elliott d068876181 Add checks for return values to md functions 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:51:56 +00:00
Paul Elliott 8f20bab14d Fix printf format specifier 
Also mark function as printf variant so compiler will pickup any future
issues.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:35:13 +00:00
Paul Elliott 110afd0e4d Prevent resource leak 
If -f was used as an argument twice to the program, then it would leak
the file resource, due to overwriting it on the second pass

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:33:22 +00:00
Ronald Cron 620cbb9bf5
Merge pull request #5262 from xffbai/code-align-backport2.x 
Backport 2.x: Fix (d)tls1_2 into (d)tls12 in version options
 2021-12-09 16:26:24 +01:00
Gilles Peskine 582f2398d4
Merge pull request #5167 from tom-cosgrove-arm/fix-builds-with-only-mbedtls_bignum_c-defined 
Backport 2.x: Fix builds when config.h only defines MBEDTLS_BIGNUM_C
 2021-12-07 12:38:04 +01:00
Xiaofei Bai f40545d919 Fix (d)tls1_2 into (d)tls12 in version options 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-12-03 08:13:30 +00:00
Gilles Peskine 6fa5c1d20c Use the normal idiom to support MBEDTLS_CONFIG_FILE 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:12:44 +01:00
Gilles Peskine 8e8e96500a Fix dynamic library extension on macOS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:02:17 +01:00
Gilles Peskine eea9c74d81 More explicit output for the test program 
Without that, the logs were a bit hard to understand if you didn't know what
to expect.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:02:17 +01:00
Gilles Peskine 3dbb3e7e07 Avoid undefined variable warning without MBEDTLS_MD_C 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:02:17 +01:00
Gilles Peskine 99d8486f8e Use CMake's knowledge of what system library has dlopen() 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:02:17 +01:00
Gilles Peskine 507c787b44 Don't build dlopen when building for Windows 
Windows doesn't have dlopen, not even Linux emulation environments such as
MinGW.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:02:17 +01:00
Gilles Peskine 71fcb3c994 Only link with libdl on Linux 
Requiring an extra library for dlopen is a Linux non-POSIX-compliance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:00:53 +01:00
Gilles Peskine 27482f17f1 Run the dlopen test in shared library builds 
Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126:
libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509
and libmbedcrypto when built with make.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:00:53 +01:00
Gilles Peskine e94335399f New test app for dynamic loading of libmbed* with dlopen 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-25 18:00:53 +01:00
Tom Cosgrove 58efe6184e Fix builds when config.h only defines MBEDTLS_BIGNUM_C 
Fixes #4929

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2021-11-15 09:59:53 +00:00
Przemyslaw Stekiel a226ac9738 ssl_client2/ssl_server2: Rework ordering of cleanup 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-14 20:03:24 +01:00
Przemyslaw Stekiel e9dea7c3b0 ssl_client2: move memory leak check before rng_free() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-14 20:03:24 +01:00
Przemyslaw Stekiel b66bc0ad4a Move psa_crypto_slot_management.h out from psa_crypto_helpers.h 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-14 20:03:23 +01:00
Przemyslaw Stekiel d6e0a5824a ssl_client2/ssl_server2: Move is_psa_leaking() before mbedtls_psa_crypto_free() (and rng_free()) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-14 20:03:23 +01:00
Przemyslaw Stekiel 7c7fb877c6 ssl_client2, ssl_server2: add check for psa memory leaks 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-14 20:03:23 +01:00
Mateusz Starzyk 294ca30120 Add missing PSA_ALG_NONE macro. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-11-03 12:38:57 +01:00
Manuel Pégourié-Gonnard 1f1bc2df7c
Merge pull request #5117 from gilles-peskine-arm/psa-rsa-pss_any_salt-2.x 
Backport 2.x: PSA: fix salt length for PSS verification
 2021-10-29 16:36:46 +02:00
Manuel Pégourié-Gonnard 6295dcb600
Merge pull request #5051 from gilles-peskine-arm/psa-add-aria-2.x 
Backport 2.x: Add ARIA to the PSA API
 2021-10-29 09:38:13 +02:00
Gilles Peskine 35115f9c1a New algorithm PSA_ALG_RSA_PSS_ANY_SALT 
This is a variant of PSA_ALG_RSA_PSS which currently has exactly the same
behavior, but is intended to have a different behavior when verifying
signatures.

In a subsequent commit, PSA_ALG_RSA_PSS will change to requiring the salt
length to be what it would produce when signing, as is currently documented,
whereas PSA_ALG_RSA_PSS_ANY_SALT will retain the current behavior of
allowing any salt length (including 0).

Changes in this commit:

* New algorithm constructor PSA_ALG_RSA_PSS_ANY_SALT.
* New predicates PSA_ALG_IS_RSA_PSS_STANDARD_SALT (corresponding to
  PSA_ALG_RSA_PSS) and PSA_ALG_IS_RSA_PSS_ANY_SALT (corresponding to
  PSA_ALG_RSA_PSS_ANY_SALT).
* Support for the new predicates in macro_collector.py (needed for
  generate_psa_constant_names).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-28 10:06:38 +02:00
Manuel Pégourié-Gonnard d599dc7f1b
Merge pull request #4932 from tom-daubney-arm/all.sh-subshells-2.x 
Backport 2.x: Run all.sh components in a subshell
 2021-10-28 09:33:22 +02:00
Gilles Peskine 3f0722c1af Fix the build of sample programs without mbedtls_strerror 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 21:24:23 +02:00
Gilles Peskine 85f3165c6a Fix printf format signedness error 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 21:24:23 +02:00
Gilles Peskine 38d41b98b3 load_roots: properly error out on an invalid option 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 21:24:23 +02:00
Gilles Peskine 373c54e174 load_roots: fix no-argument detection 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 21:24:23 +02:00
Gilles Peskine db92884cd0 load_roots: arguments must be files 
I had originally thought to support directories with
mbedtls_x509_crt_parse_path but it would have complicated the code more than
I cared for. Remove a remnant of the original project in the documentation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 21:24:23 +02:00
Gilles Peskine 82c04329bf New sample program to benchmark certificate loading 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 21:17:08 +02:00