yuzu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2025-05-31 01:47:04 +00:00
Code Issues Packages Projects Releases Wiki Activity
10548 commits 88 branches 205 tags 69 MiB
Commit graph

10548 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ron Eldor 76a9c4a81f Fix test data 
Fix test data to test what it actually intends to test.
 2019-05-20 11:58:59 +03:00
Ron Eldor 8a59d6b964 Update test data 
Update the test data for the negative certificate policies
extension tests with correct lengths, to test the correct behaviour.
Add another test.
 2019-05-19 14:11:20 +03:00
Ron Eldor 11818f2c17 Add some negative test cases 
Add some invalid certificate tests for certifiate policies extension.
 2019-05-16 18:17:02 +03:00
Ron Eldor a291391775 Fix minor issues 
1. Typo fix.
2. Change byte by byte coipy to `memcpy`.
3. Remove parenthesis in switch cases.
 2019-05-16 16:17:38 +03:00
Ron Eldor e269537b80 Add ChangeLog entry about listing all SAN 
Add a ChangeLog entry that indicates that all SAN types are
now listed in the corresponding certificate field.
 2019-05-16 11:52:57 +03:00
Ron Eldor 51c4507b9c Remove unneeded whitespaces 
Delete extra whitespace in Changelog and in paramter alignment.
 2019-05-15 17:49:54 +03:00
Ron Eldor 801faf0fa1 Fix mingw CI failures 
Change `%z` formatting of `size_t` to `%u` and casting to unsigned.
 2019-05-15 17:45:24 +03:00
Ron Eldor 6b9b1b88fb Initialize psa_crypto in ssl test 
Call `psa_crypto_init()` in `tls_prf` ssl test in case
`MBEDTLS_USE_PSA_CRYPTO` is defined since tls_prf may use psa crypto.
 2019-05-15 17:04:33 +03:00
Ron Eldor dbbd96652c Check that SAN is not malformed when parsing 
Add a call to `mbedtls_x509_parse_subject_alt_name()` during
certificate parsing, to verify the certificate is not malformed.
 2019-05-15 15:46:03 +03:00
Ron Eldor c8b5f3f520 Documentation fixes 
Rephrase documentation of the SAN to make it clearer.
 2019-05-15 15:15:55 +03:00
Ron Eldor 2e06a9fb24 Fix ChangeLog entry 
Move the ChangeLog entries to correct location, and
mention sppecifically the support for hardware module name othername.
 2019-05-15 15:14:46 +03:00
Ron Eldor d2f25f7ea8 Fix missing tls version test failures 
Add checks for tls_prf tests with the relevant tls version configuration.
 2019-05-15 14:54:22 +03:00
Ron Eldor 0810f0babd Fix typo 
Fix typo `returnn` -> `return`
 2019-05-15 13:58:13 +03:00
Ron Eldor aa947f1cef Fix ChangeLog entry location 
Move the ChangeLog entries to correct section, as it was in an
already released section, due to rebase error.
 2019-05-15 13:58:13 +03:00
Ron Eldor 780d8158f7 Add changeLog entry 
Add changeLog entry describing the new `mbedtls_ssl_tls_prf()` API.
 2019-05-15 13:57:39 +03:00
Ron Eldor f75e252909 Add test for export keys functionality 
Add test in `ssl-opts.sh` that the export keys callback
is actually called.
 2019-05-15 13:57:39 +03:00
Ron Eldor cf28009839 Add function to retrieve the tls_prf type 
Add `tls_prf_get_type()` static function that returns the
`mbedtls_tls_prf_types` according to the used `tls_prf` function.
 2019-05-15 13:57:39 +03:00
Ron Eldor 824ad7b351 Add tests for the public tls_prf API 
Add tests for `mbedtls_ssl_tls_prf` wiht and without
the function types dependencies.
 2019-05-15 13:57:39 +03:00
Ron Eldor 51d3ab544f Add public API for tls_prf 
Add a public API for key derivation, introducing an enum for `tls_prf`
type.
 2019-05-15 13:53:02 +03:00
Ron Eldor b7fd64ce2b Add eap-tls key derivation in the examples. 
Add support for eap-tls key derivation functionality,
in `ssl_client2` and `ssl_server2` reference applications.
 2019-05-15 13:41:42 +03:00
Ron Eldor c4d3ef4721 Add ChangeLog entry 
Add ChangeLog entry describing the new key export feature.
 2019-05-15 13:38:39 +03:00
Ron Eldor f5cc10d93b Add an extra key export function 
Add an additional function `mbedtls_ssl_export_keys_ext_t()`
for exporting key, that adds additional information such as
the used `tls_prf` and the random bytes.
 2019-05-15 13:38:39 +03:00
Ron Eldor 3b350856ff Have the temporary buffer allocated dynamically 
Change `tmp` buffer to be dynamically allocated, as it is now
dependent on external label given as input, in `tls_prf_generic()`.
 2019-05-15 13:38:39 +03:00
Ron Eldor a9f9a73920 Zeroize secret data in the exit point 
Zeroize the secret data in `mbedtls_ssl_derive_keys()`
in the single exit point.
 2019-05-15 13:38:39 +03:00
Ron Eldor e699270908 Add a single exit point in key derivation function 
Add a single exit point in `mbedtls_ssl_derive_keys()`.
 2019-05-15 13:38:39 +03:00
Ron Eldor 8b0c3c91e6 Fail in case critical crt policy not supported 
In case the certificate policy is not of type `AnyPolicy`
set the returned error code to `MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE`
and continue parsing. If the extension is critical, return error anyway,
unless `MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION` is configured.
Fail parsing on any other error.
 2019-05-15 12:20:00 +03:00
Ron Eldor cc45cd177f Update SAN parsing documentation 
1) Fix typo in `mbedtls_x509_parse_subject_alt_name()` documentation.
2) Add a not in `mbedtls_x509_parse_subject_alt_name()` documentation,
stating that the lifetime of the target structure is restricted
by the lifetime ofthe parsed certificate.
 2019-05-15 10:20:09 +03:00
Jaeden Amero 81f9539037
Merge pull request #105 from ARMmbed/test-link-seedfile-02 
Add a link to the seedfile for out-of-tree cmake builds
 2019-05-14 08:42:46 +01:00
Ron Eldor f05f594acb change the type of hardware_module_name member 
Change the type of `hardware_module_name` struct from
`mbedtls_x509_name` to a unique struct, to distinguish it from the
named data type.
 2019-05-13 19:23:08 +03:00
Ron Eldor 890819a597 Change mbedtls_x509_subject_alternative_name 
Make `mbedtls_x509_subject_alternative_name` to be a single item
rather than a list. Adapt the subject alternative name parsing function,
to receive a signle `mbedtls_x509_buf` item from the subject_alt_names
sequence of the certificate.
 2019-05-13 19:23:07 +03:00
Ron Eldor 0806379e3e Add length checking in certificate policy parsing 
Change the extension parsing to `policy_end` and verify that
the policy and qualifiers length don't exceed the end of the extension.
 2019-05-13 16:38:39 +03:00
Ron Eldor 78c3040347 Rephrase x509_crt extension member description 
Rephrase doxygen comments for subject alternative name
and certificate policies.
 2019-05-13 15:49:53 +03:00
Ron Eldor 26cfd1361d Rephrase changeLog entries 
Rephrase the changeLog entries for clarity and capitalize RFC.
 2019-05-13 15:48:38 +03:00
Janos Follath 293c3dae6d Remove redundant memset() 
The preceding calloc() already zeroizes that memory area, therfore the
memset() is not necessary. Compilers are likely to optimize this out,
but it still can be confusing to readers.
 2019-05-10 15:53:03 +01:00
Janos Follath 6c379b4b80 Propogate error when parsing SubjectAltNames 
The previous behaviour of mbedtls_x509_parse_subject_alternative_name()
was to silently ignore errors coming from x509_get_other_name(). The
current commit fixes it and returns with an error.
 2019-05-10 14:17:16 +01:00
Janos Follath 2f0ec1e3bf Tidy up style in x509_info_subject_alt_name 2019-05-10 11:06:31 +01:00
Janos Follath 22f605fbab Print unparseable SubjectAlternativeNames 
In x509_info_subject_alt_name() we silently dropped names that we
couldn't parse because they are not supported or are malformed. (Being
malformed might mean damaged file, but can be a sign of incompatibility
between applications.)

This commit adds code notifying the user that there is something, but
we can't parse it.
 2019-05-10 10:57:44 +01:00
Janos Follath ab23cd1eae Remove unneeded checks from x509_get_other_name 
Lengths are aleady checked in mbedtls_asn1_get_len() which is called in
mbedtls_asn1_get_tag(), therefore it is not necessary to check
the lengths explicitly afterwards.

Also with the previous flow data was left in the output buffer on some
errors.
 2019-05-09 15:05:30 +01:00
Darryl Green d2dba36f44 Only use submodule if present 
Enabling the USE_CRYPTO_SUBMODULE option causes problems if the
crypto submodule isn't present. For example, when building
mbed-crypto as a submodule, it should use error.c from the parent
project if USE_CRYPTO_SUBMODULE is set. However if the parent
project isn't present, then the build will fail. Only enable it
if the submodule actually exists.
 2019-05-09 13:17:53 +01:00
Janos Follath 11b41eb12b Fix typos in x509_crt.h 2019-05-08 15:30:33 +01:00
Janos Follath 5091bec3ea Fix doxygen for new x509 structures 
The documentation for some new structures and members was only a C style
comment and wasn't picked up by doxygen. This commit adds the missing
asterisks.
 2019-05-08 15:23:08 +01:00
Ron Eldor 3c4734a2a5 Add Wisun Fan device certificate 
Add certificate with Wisun fan device extended key usage,
support parsing it and add tests.
 2019-05-07 17:06:47 +03:00
Ron Eldor 226991e624 Add ChangeLog entry for new extensions change 
Add an entry for the new x509 extension parsing support.
 2019-05-07 17:05:45 +03:00
Ron Eldor 74d9acc144 Add support for certificate policies extension 
Add support for certificate policies, as defined in rfc 5280.
Currently support only `anyPolicy` policy.
 2019-05-07 17:05:45 +03:00
Ron Eldor b2dc3fa72e Suppport otherName of type hardware module name 
Add support of parsing of subject alternative name, of type otherName.
Currently supports only hardware module name, as defined in rfc 4108.
 2019-05-07 17:04:57 +03:00
Jack Lloyd 3ded1c81b1 Test the return value in the OID->X.509 map functions 2019-05-06 12:16:32 -04:00
Jack Lloyd 5ed7fff8ce Add a test of the OID->MD map functions 2019-05-06 12:16:18 -04:00
Jack Lloyd 5d9c9636fa Add support for RSA PKCSv1.5 signatures using RIPEMD-160 2019-05-06 12:15:17 -04:00
Andrzej Kurek d8cf464f7d Add a link to the seedfile for out-of-tree cmake builds 2019-05-06 07:24:02 -04:00
Jaeden Amero 8bf196b303
Merge pull request #98 from yanesca/curve25519_negative_tests 
Curve25519 negative tests
 2019-05-02 09:16:35 +01:00