mbedtls

mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-12-29 02:25:39 +00:00

Author	SHA1	Message	Date
Andrzej Kurek	d08ed95419	Formatting: remove tabs from check_config.h Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-27 11:03:09 -05:00
Andrzej Kurek	38adac32e7	Add a changelog entry regarding bugfixes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-27 11:01:33 -05:00
Andrzej Kurek	19d6ab0fb8	Enable testing with PSA for config-mini-tls1_1 Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-27 11:01:24 -05:00
Andrzej Kurek	1faa2a3c6e	Add a check for MBEDTLS_PK_WRITE_C with USE_PSA_CRYPTO to check-config.h Also force MBEDTLS_PK_WRITE_C in reduced configs using MBEDTLS_USE_PSA_CRYPTO, MBEDTLS_PK_C and MBEDTLS_ECDSA_C. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-27 11:00:24 -05:00
Andrzej Kurek	19e83fa3a5	Restructure test-ref-configs to test with USE_PSA_CRYPTO turned on Run some of the test configs twice, enabling MBEDTLS_USE_PSA_CRYPTO and MBEDTLS_PSA_CRYPTO_C in one of the runs. Add relevant comments in these configs. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-26 07:45:43 -05:00
Andrzej Kurek	e001596d83	Add missing MBEDTLS_ASN1_WRITE_C dependency in test_suite_psa_crypto Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-26 07:45:43 -05:00
Andrzej Kurek	e2462ba437	Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED Fix dependencies across test ssl programs. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-26 07:45:43 -05:00
Andrzej Kurek	c60cc1d7be	Add missing dependency on MBEDTLS_GCM_C in cipher tests Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-26 07:45:43 -05:00
Andrzej Kurek	53ad763848	Mark unused variable in tests for cases with reduced configs Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-26 07:45:43 -05:00
Gilles Peskine	98dcb4c024	Merge pull request #5458 from AndrzejKurek/gitignore-eclipse-2-28 Backport 2.28: Add eclipse-specific project files to gitignore	2022-01-25 17:02:58 +01:00
Andrzej Kurek	d5746aa13d	Add eclipse-specific project files to gitignore The project file must be at root directory: https://bugs.eclipse.org/bugs/show_bug.cgi?id=78438 Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-25 07:03:06 -05:00
Gilles Peskine	ed29547902	Merge pull request #5452 from AndrzejKurek/doxygen-closure-fixes-2-28 Backport 2.28: doxygen: add missing asterisk to group closures	2022-01-24 21:40:42 +01:00
Andrzej Kurek	fe5fb8e5d2	doxygen: remove empty platform_time configuration section Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-24 10:33:13 -05:00
Andrzej Kurek	ff632d5a3c	doxygen: move addtogroup closures to include more elements Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-24 10:32:00 -05:00
Andrzej Kurek	73afe27d5d	Add missing asterisk to doxygen closures Clarify section names next to closing braces Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-24 10:31:06 -05:00
Gilles Peskine	bf62325c9f	Merge pull request #5439 from SebastianBoe/mbedtls-2.28_check_config Backport 2.28: Add missing config check for PKCS5.	2022-01-22 00:52:18 +01:00
Sebastian Bøe	9db51a6e26	Add missing config check for PKCS5. PKCS5 depends on MD, but is missing a config check resulting in obscure errors on invalid configurations. Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>	2022-01-19 13:26:09 +01:00
Manuel Pégourié-Gonnard	4afaba52a9	Merge pull request #5416 from gstrauss/mbedtls_ssl_config_defaults-repeat-2.28 Backport 2.28: Reset dhm_P and dhm_G if config call repeated	2022-01-14 10:41:12 +01:00
Gilles Peskine	bbfa3f1967	Merge pull request #5422 from yanesca/update_mailing_list_links_backport Update mailing list links [Backport]	2022-01-12 16:47:02 +01:00
Janos Follath	c6935e8b19	Update mailing list links The mailing list software has been updated and the links have changed. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-01-12 13:17:16 +00:00
Glenn Strauss	de081ce75c	Reset dhm_P and dhm_G if config call repeated Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated to avoid leaking memory. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-01-11 20:07:44 -05:00
Gilles Peskine	4ed2844405	Merge pull request #5312 from gilles-peskine-arm/add_list_config_function-2.x Backport 2.x: Add list config function	2021-12-20 22:08:01 +01:00
Dave Rodgman	53c268e6a9	Merge pull request #873 from ARMmbed/mbedtls-2.28.0_merge_into_release Mbedtls 2.28.0 merge into release	2021-12-17 11:22:26 +00:00
Dave Rodgman	8b3f26a5ac	Merge pull request #868 from ARMmbed/mbedtls-2.28.0rc0-pr Mbedtls 2.28.0rc0 pr	2021-12-15 13:47:54 +00:00
Dave Rodgman	d41dab39c5	Bump version to 2.28.0 Executed ./scripts/bump_version.sh --version 2.28.0 --so-tls 14 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-12-15 11:55:31 +00:00
Dave Rodgman	29c3aee6a7	Update branch information in BRANCHES.md Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-12-15 11:53:12 +00:00
Dave Rodgman	f00d9a2340	Minor Changelog updates & fixes Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-12-15 11:52:54 +00:00
Dave Rodgman	0798a827c8	Assemble changelog Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-12-15 11:48:21 +00:00
Ronald Cron	2d2fb47e45	Add change log for #4883 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-15 11:47:25 +00:00
Dave Rodgman	04e920410d	Add missing changelog for ARIA (#5051 ) Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-12-14 12:53:07 +00:00
Dave Rodgman	08412e2a67	Merge remote-tracking branch 'restricted/development_2.x-restricted' into mbedtls-2.28.0rc0-pr Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-12-14 12:52:51 +00:00
Gilles Peskine	c97cc18fb8	Merge pull request #5327 from gilles-peskine-arm/zeroize-tag-2.28 Backport 2.2x: Zeroize expected MAC/tag intermediate variables	2021-12-13 19:09:32 +01:00
Gilles Peskine	f9a0501683	mbedtls_cipher_check_tag: jump on error for more robustness to refactoring Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 16:59:04 +01:00
Gilles Peskine	384b98bdae	Merge pull request #5310 from paul-elliott-arm/pkcs12_fix_2.x Backport 2.x: Fixes for pkcs12 with NULL and/or zero length password	2021-12-13 14:52:44 +01:00
Gilles Peskine	622d80453b	Initialize hash_len before using it Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 14:45:38 +01:00
Gilles Peskine	d61551c017	Generalize MAC zeroization changelog entry Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 13:55:17 +01:00
Gilles Peskine	8c99a760d5	PKCS#1v1.5 signature: better cleanup of temporary values Zeroize temporary buffers used to sanity-check the signature. If there is an error, overwrite the tentative signature in the output buffer. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 13:55:17 +01:00
Gilles Peskine	f91b2e5a97	mbedtls_ssl_parse_finished: zeroize expected finished value on error Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 13:55:17 +01:00
Gilles Peskine	69d3b86baa	mbedtls_ssl_cookie_check: zeroize expected cookie on cookie mismatch Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 13:49:14 +01:00
Gilles Peskine	b3f4e5b1e1	PSA hash verification: zeroize expected hash on hash mismatch Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 13:49:14 +01:00
Gilles Peskine	dc269bbd08	mbedtls_cipher_check_tag: zeroize expected tag on tag mismatch Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 13:49:14 +01:00
Paul Elliott	5752b4b7d0	Add expected output for tests Expected output generated by OpenSSL (see below) apart from the case where both password and salt are either NULL or zero length, as OpenSSL does not support this. For these test cases we have had to use our own output as that which is expected. Code to generate test cases is as follows: #include <openssl/pkcs12.h> #include <openssl/evp.h> #include <string.h> int Keygen_Uni( const char * test_name, unsigned char pass, int passlen, unsigned char salt, int saltlen, int id, int iter, int n, unsigned char out, const EVP_MD md_type ) { size_t index; printf( "%s\n", test_name ); int ret = PKCS12_key_gen_uni( pass, passlen, salt, saltlen, id, iter, n, out, md_type ); if( ret != 1 ) { printf( "Key generation returned %d\n", ret ); } else { for( index = 0; index < n; ++index ) { printf( "%02x", out[index] ); } printf( "\n" ); } printf( "\n" ); } int main(void) { unsigned char out_buf[48]; unsigned char pass[64]; int pass_len; unsigned char salt[64]; int salt_len; /* If ID=1, then the pseudorandom bits being produced are to be used as key material for performing encryption or decryption. If ID=2, then the pseudorandom bits being produced are to be used as an IV (Initial Value) for encryption or decryption. If ID=3, then the pseudorandom bits being produced are to be used as an integrity key for MACing. */ int id = 1; int iter = 3; memset( out_buf, 0, sizeof( out_buf ) ); memset( pass, 0, sizeof( pass ) ); memset( salt, 0, sizeof( salt ) ); Keygen_Uni( "Zero length pass and salt", pass, 0, salt, 0, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); Keygen_Uni( "NULL pass and salt", NULL, 0, NULL, 0, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); salt[0] = 0x01; salt[1] = 0x23; salt[2] = 0x45; salt[3] = 0x67; salt[4] = 0x89; salt[5] = 0xab; salt[6] = 0xcd; salt[7] = 0xef; Keygen_Uni( "Zero length pass", pass, 0, salt, 8, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); Keygen_Uni( "NULL pass", NULL, 0, salt, 8, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); memset( salt, 0, sizeof( salt ) ); pass[0] = 0x01; pass[1] = 0x23; pass[2] = 0x45; pass[3] = 0x67; pass[4] = 0x89; pass[5] = 0xab; pass[6] = 0xcd; pass[7] = 0xef; Keygen_Uni( "Zero length salt", pass, 8, salt, 0, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); Keygen_Uni( "NULL salt", pass, 8, NULL, 0, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); memset( out_buf, 0, sizeof( out_buf ) ); salt[0] = 0x01; salt[1] = 0x23; salt[2] = 0x45; salt[3] = 0x67; salt[4] = 0x89; salt[5] = 0xab; salt[6] = 0xcd; salt[7] = 0xef; Keygen_Uni( "Valid pass and salt", pass, 8, salt, 8, id, iter, sizeof(out_buf), out_buf, EVP_md5( ) ); return 0; } Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-13 11:15:28 +00:00
Paul Elliott	c89e209ded	Remove incorrect hashing Incorrect interpretation of 'empty' Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-13 11:14:45 +00:00
Paul Elliott	8d7eef470b	Add explanation for safety in function Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-13 11:14:45 +00:00
Paul Elliott	7a342a24ff	Delete unneccesary changelog entry Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-13 11:14:45 +00:00
Paul Elliott	270a264b78	Simplify Input usage macros Also ensure they are used in test data rather than values Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-13 11:14:45 +00:00
Paul Elliott	73051b4176	Rename (and relabel) pkcs12 test case Remove surplus _test suffix. Change labeling from Pcks12 to PCKS#12 as it should be. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-13 11:14:45 +00:00
Paul Elliott	8ca8f2d163	Remove incorrect test dependency Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-13 11:14:45 +00:00
Paul Elliott	ce22008c63	Documentation fixes Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-13 11:14:45 +00:00
Paul Elliott	2ab9a7a57a	Stop CMake out of source tests running on 16.04 Running the out of source CMake test on Ubuntu 16.04 using more than one processor (as the CI does) can create a race condition whereby the build fails to see a generated file, despite that file actually having been generated. This problem appears to go away with 18.04 or newer, so make the out of source tests not supported on Ubuntu 16.04 Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-13 11:14:45 +00:00

1 2 3 4 5 ...

16420 commits