yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
22368 commits 89 branches 205 tags 114 MiB
Commit graph

22368 commits

This branch
This branch
All branches
Author SHA1 Message Date
Valerio Setti 31e99bb0c7 test: pake: fix: destroy key only in opaque case 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-09 14:35:10 +01:00
Valerio Setti 016f682796 tls: pake: small code refactoring for password setting functions 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-09 14:17:50 +01:00
Valerio Setti 9d313dfeeb test: pake: minor enhancement for opaque keys 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-09 11:38:59 +01:00
Valerio Setti eb3f788b03 tls: pake: do not destroy password key in TLS 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-08 18:42:58 +01:00
Valerio Setti 2a3ffb4203 test: pake: add test for opaque password key 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-08 16:27:46 +01:00
Valerio Setti ae7fe7ee53 tls: pake: avoid useless psa_pake_abort in setting opaque password 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-07 17:36:59 +01:00
Valerio Setti 70d1fa538a tls: pake: fix missing return values check 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-07 16:20:27 +01:00
Valerio Setti f11e05a413 test: psa: minor improvements to test 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-07 16:02:45 +01:00
Valerio Setti d5fa0bfb85 test: pake: check psa key validity before destroying it 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-07 16:02:42 +01:00
Valerio Setti c689ed8633 tls: pake: minor adjustments 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-07 14:40:38 +01:00
Valerio Setti ba22c9c1ff test: pake: remove useless check in ssl_ecjpake_set_password() 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-06 11:42:33 +01:00
Valerio Setti 2e1e43fb82 test: pake: fix error in ssl_ecjpake_set_password() 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-06 11:41:57 +01:00
Valerio Setti 70e029006d test: pake: fix mixed testing in test_tls1_2_ecjpake_compatibility 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-02 16:21:56 +01:00
Valerio Setti d6feb20869 test: pake: allow opaque password only when USE_PSA is enabled 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-02 14:28:49 +01:00
Valerio Setti e7518ba28e test: pake: reshaping the ssl_ecjpake_set_password() 
Removed the "error injection" strategy. Now the functions checks
for all the errors in a row.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-02 12:09:43 +01:00
Valerio Setti 757f359474 tls: pake: do not destroy key on errors while setting opaque password 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-02 11:07:11 +01:00
Valerio Setti e98db0b866 tls: pake: fix description for mbedtls_ssl_set_hs_ecjpake_password_opaque 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-01 16:52:57 +01:00
Valerio Setti b287ddff7e test: psa_pake: add more tests for opaque password setting 
Added mixed cases:
- server using opaque password, while client not
- client using opaque password, while server not

Added a test with mismatched passwords in case both server and
client are using opaque passwords (the same test was already
present for the non-opaque case)

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-01 16:18:12 +01:00
Valerio Setti dc40bbc2d7 test: pake: remove redundant test for opaque passwords 
This is already covered by other already existing cases such as
"component_test_full_cmake_gcc_asan" which build with
"config.py full" and run all "ssl-opt.sh" test cases.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-01 15:25:49 +01:00
Valerio Setti 4452e98ec1 test: pake: add tests for set password functions 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-01 15:08:35 +01:00
Valerio Setti 0944329036 tls: pake: add check for empty passwords in mbedtls_ssl_set_hs_ecjpake_password() 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-01 15:06:09 +01:00
Valerio Setti a6b69dabc5 test: psa_pake: add a separate test for opaque password 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-30 16:44:49 +01:00
Valerio Setti 661b9bca75 test: psa_pake: add specific log message for the opaque password 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-29 17:28:17 +01:00
Valerio Setti 77e8315f5b fix formatting and typos 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-29 17:28:04 +01:00
Valerio Setti d572a82df9 tls: psa_pake: add test for opaque password 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-29 11:30:56 +01:00
Valerio Setti a9a97dca63 psa_pake: add support for opaque password 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-28 18:26:16 +01:00
Ronald Cron 13256ba65c
Merge pull request #6667 from gilles-peskine-arm/lib-crypto-modules-202211 
Move SSL modules out of libmbedcrypto
 2022-11-28 08:51:49 +01:00
Gilles Peskine 89e31adbee Move mps modules to the correct library 
This is a private interface only, so it's an ABI change but not an API change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-26 14:18:45 +01:00
Gilles Peskine 898db6b8e5 Move ssl_debug_helpers_generated to the correct library 
This is a private interface only, so it's an ABI change but not an API change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-26 14:15:32 +01:00
Janos Follath 590ae5363d
Merge pull request #6656 from tom-cosgrove-arm/bignum_pr_6225-updated 
Bignum: add mod_raw_add
 2022-11-25 17:53:31 +00:00
Dave Rodgman bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0 
Fix NULL+0 undefined behavior in PSA crypto ECB
 2022-11-25 17:07:46 +00:00
Bence Szépkúti 6e85673e8d
Merge pull request #3431 from naynajain/development-pkcs7 
PKCS7 Parser - RFC 2315
 2022-11-25 15:55:46 +01:00
Tom Cosgrove ddad40b1de Free the modulus before the data in it in mod_raw_add tests 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-25 14:18:52 +00:00
Janos Follath 505a228b7b
Merge pull request #6606 from gabor-mezei-arm/6222_bignum_low_level_subtraction 
Bignum: Add low level subtraction
 2022-11-25 13:27:23 +00:00
Gilles Peskine 7d23778178 Explain why p + n isn't good enough 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-25 13:34:59 +01:00
Gilles Peskine 5a34b36bbd Remove more now-redundant definitions of inline 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-25 13:26:44 +01:00
Dave Rodgman f1419dbbe8
Merge pull request #6381 from tom-cosgrove-arm/pr2164 
mbedtls: fix possible false success in mbedtls_cipher_check_tag()
 2022-11-25 10:55:10 +00:00
Manuel Pégourié-Gonnard 91f88db019
Merge pull request #6639 from mpg/doc-driver-only-limitation 
Document another limitation of driver-only hashes
 2022-11-25 09:44:35 +01:00
Bence Szépkúti 12269e27b1 Add changelog for PKCS7 parser 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-11-25 05:51:40 +01:00
Bence Szépkúti ae79fb2c2e Merge branch 'development' into pr3431 2022-11-25 03:12:43 +01:00
Gilles Peskine 187db00399 Update the Travis "full" build to use modern Clang 
Don't use an all.sh component because there isn't one that does what we
want (modern Clang with ASan, and test everything).

* We need to set CC explicitly or tweak PATH, because clang in $PATH on
  Travis focal instances is Clang 7 which is too old (we want Clang 10).
* Travis lacks the array of versions of openssl and gnutls that we normally
  use for testing, so we need to exclude some tests (or build our
  own multiple versions of openssl and gnutls).

The SSL test exclusions are ad hoc and based on what currently works.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-24 22:41:55 +01:00
Gilles Peskine 4bdb9fbfa2 Enable all ciphers in OpenSSL >=1.1.0 
OpenSSL may be configured to support features such as cipher suites or
protocol versions that are disabled by default. Enable them all: we're
testing, we don't care about enabling insecure stuff. This is not needed
with the builds of OpenSSL that we're currently using on the Jenkins CI, but
it's needed with more recent versions such as typically found on developer
machines, and with future CI additions.

The syntax to do that was only introduced in OpenSSL 1.1.0; fortunately we
don't need to do anything special with earlier versions.

With OpenSSL 1.1.1f on Ubuntu 20.04, this allows SHA-1 in certificates,
which is still needed for a few test cases in ssl-opt.sh. Curiously, this is
also needed for the cipher suite TLS-DHE-PSK-WITH-ARIA-128-GCM-SHA256 (and
no other, including other DHE-PSK or ARIA cipher suites).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-24 22:41:55 +01:00
Tom Cosgrove 50fc127a4e Change order of test arguments for bignum_mod_raw to simplify Python script 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-24 21:29:23 +00:00
Tom Cosgrove 1923009cdb Add test generation for mbedtls_mpi_mod_raw_add() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-24 16:22:43 +00:00
Tom Cosgrove abddad4af8 Add note about aliasing of operands for mbedtls_mpi_mod_raw_add() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-24 16:22:43 +00:00
Tom Cosgrove 54d87bf5c2 Take limb count from the modulus in mod_raw_add tests 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-24 16:22:38 +00:00
Werner Lewis e4c0a6c3ba Change cast to correct type 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-24 16:18:06 +00:00
Werner Lewis f907576245 Pass correct arguments in test 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-24 16:18:06 +00:00
Werner Lewis 1a277d9ad6 Replace comparison with XOR 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-24 16:18:06 +00:00
Werner Lewis d391b8ce61 Change types and move const before type 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-24 16:18:06 +00:00