yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-03-05 13:04:05 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
20951 commits 89 branches 205 tags 114 MiB
Commit graph

20951 commits

This branch
This branch
All branches
Author SHA1 Message Date
Neil Armstrong 7dd3b20d36 Check psa_destroy_key() return in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong ac014ca5d9 Fix comment typos in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong dac2f23a82 Stop checking against reference vector in pk_rsa_encrypt_test_vec when USE_PSA_CRYPTO 
The pk_rsa_encrypt_test_vec() reference vector is calculated while using
mbedtls_test_rnd_pseudo_rand rng source, but since the RNG souce can't
be controlled when USE_PSA_CRYPTO is enabled we can't get the same
result.

The pk_rsa_encrypt_test_vec() fails when switching to mbedtls_test_rnd_std_rand
as rng source.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong e0df42cbb7 Introduce pk_rsa_encrypt_decrypt_test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong 96a16a429b PK: RSA encrypt PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong 445d2192d5 Initialize PSA crypto in test_suite_pk pk_rsa_encrypt_test_vec() & pk_rsa_alt() when USE_PSA_CRYPTO is enabled 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:33:39 +01:00
Neil Armstrong fe6da1c35c Fix style issues in mac_sign_verify_multi() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:29:14 +01:00
Gilles Peskine 052deb941f
Merge pull request #5554 from tom-daubney-arm/fix_uninitialised_buffers_in_tests 
Fix uninitialised buffers in tests - Coverity issue
 2022-03-03 13:30:58 +01:00
Gilles Peskine 1f13e984ad
Merge pull request #5529 from superna9999/5514-translate-psa-errs-to-mbedtls 
Rename, move and refine PSA to mbedtls PK errors mappings
 2022-03-03 13:30:29 +01:00
Gilles Peskine 644b3f6072 Unify module documentation with --help text 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-03-03 10:23:09 +01:00
Gilles Peskine 93c2a42166 Don't require ABI tools if not checking the ABI 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-03-03 10:22:36 +01:00
Gilles Peskine d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters 
Add function to get message digest info from context
 2022-03-02 16:44:26 +01:00
Gilles Peskine 5459a15863
Merge pull request #5365 from Tachi107/msvc-utf-8 
build(msvc): always assume source files are in UTF-8
 2022-03-02 16:42:33 +01:00
Gilles Peskine e8c8300190
Merge pull request #5581 from superna9999/pk-move-rename-rsa-ec-key-sizes 
Move max sizes of RSA & EC DER keys into public header
 2022-03-02 16:41:53 +01:00
Neil Armstrong 6828d8fdc4 Return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if MAC algorithm isn't supported in ssl_tls.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:37:11 +01:00
Neil Armstrong 6958bd0206 Clean aux_out in PSA version of mbedtls_ct_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:37:11 +01:00
Neil Armstrong 4313f55a13 Simplify error handling of PSA mac operationsg in ssl_msg.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:37:04 +01:00
Neil Armstrong 321116c755 Remove spurious debug in ssl_tls12_populate_transform() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-02 15:06:15 +01:00
Przemek Stekiel 38df86cc6c Simplyfy asymmetric_decrypt() test function 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-02 09:11:04 +01:00
Przemek Stekiel e894c5c4a5 Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-02 08:45:56 +01:00
Gilles Peskine a9b4c436ee
Merge pull request #5588 from gilles-peskine-arm/mypy-on-jenkins 
Make mypy unconditional
 2022-03-01 20:48:42 +01:00
Gilles Peskine e356f075f5
Merge pull request #5512 from gilles-peskine-arm/psa-driver-interface-tweaks-202201 
PSA driver description spec: minor tweaks to the JSON format
 2022-03-01 20:46:14 +01:00
Gilles Peskine 92e08fba4c
Merge pull request #5475 from miudr/fix_issue_5140 
Fix AEAD multipart incorrect offset in test_suite_psa_crypto.function
 2022-03-01 20:45:54 +01:00
Dave Rodgman 2cf0d4f072
Merge pull request #5584 from gilles-peskine-arm/cmake-Wunused-function 
Build tests with -Wunused-function with cmake
 2022-03-01 19:17:16 +00:00
Paul Elliott 06898650f9
Merge pull request #5471 from yuhaoth/pr/add-tls13-client-certificate-verify 
TLS1.3: Add write client Certificate and CertificateVerify
 2022-03-01 18:42:00 +00:00
Przemek Stekiel 4400be408b Adapt test cases for invalid bits with and without ECC keys enabled 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 17:02:46 +01:00
Przemek Stekiel 15565eeb59 Move publick key check out of MBEDTLS_PSA_BUILTIN_KEY_TYPE_ECC_KEY_PAIR 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 17:01:39 +01:00
Neil Armstrong 19915c2c00 Rename error translation functions and move them to library/pk_wrap.* 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 15:21:02 +01:00
Przemek Stekiel a81aed2dae Clean up init values of psa crypto status and fix switch default case 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 15:13:30 +01:00
Przemek Stekiel f110dc05be Clenup conditional compilation flags. 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 14:48:05 +01:00
Przemek Stekiel dcab6ccb3b Return PSA_ERROR_INVALID_ARGUMENT for a public key, and PSA_ERROR_NOT_SUPPORTED for a type that is not handled. 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-01 14:29:49 +01:00
Neil Armstrong 0f49f83625 Use now shared ECP_PUB_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 10:05:33 +01:00
Neil Armstrong e9ecd27890 Rename max sizes of RSA & EC DER keys defines 
Rename to match the required pattern of defines:
'^(MBEDTLS|PSA)_[0-9A-Z_]*[0-9A-Z]$'

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 10:03:21 +01:00
Neil Armstrong e0326a6acc Move max sizes of RSA & EC DER keys into private pkwrite.h 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 09:58:58 +01:00
Gilles Peskine 5831b4fd77
Merge pull request #5372 from AndrzejKurek/doxygen-fixes-compact-doxyfile 
Remove default values and comments from mbedtls.doxyfile
 2022-02-28 23:49:15 +01:00
Neil Armstrong 4766f99fe5 Add multi-part mac sign/verify test 
The test is based on the AEAD multi-part test, re-using the
design on aead_multipart_internal_func() to test differnet
sequence of psa_mac_update() for MAC update or verify.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-28 18:37:30 +01:00
Gilles Peskine f48bd4bccb
Merge pull request #5371 from AndrzejKurek/doxygen-duplicate-parameter-docs 
doxygen: merge multiple descriptions of the same return codes
 2022-02-28 17:09:45 +01:00
Gilles Peskine 0037fcd6c7
Merge pull request #4910 from gilles-peskine-arm/check_config-chachapoly-development 
Add check_config checks for AEAD
 2022-02-28 17:07:48 +01:00
Gilles Peskine 254efe5f0c Make mypy unconditional 
Running mypy was optional for a transition period when it wasn't installed
on the CI. Now that it is, make it mandatory, to avoid silently skipping an
expected check if mypy doesn't work for some reason.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-28 16:06:36 +01:00
Neil Armstrong 60234f87a6 Revert "Introduce new mac_key_policy_multi() variant of mac_key_policy() testing multiple updates occurences" 
This reverts commit 3ccd08b343.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-28 15:21:38 +01:00
Gilles Peskine 9c656ec718 Fix unused function warning 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-26 19:56:12 +01:00
Gilles Peskine d5438a5678 Enable -Wunused-function in cmake builds for tests 
This has been the case when building with make since
d3d8a64dfa. Be consistent.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-26 19:54:41 +01:00
Glenn Strauss 0ebf24a668 Adjust comment describing mbedtls_ssl_conf_sni() 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Glenn Strauss 48a37f01b3 Add cert_cb use to programs/ssl/ssl_server2.c 
(for use by some tests/)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Glenn Strauss 6989407261 Add accessor to retrieve SNI during handshake 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Glenn Strauss 36872dbd0b Provide means to reset handshake cert list 
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null.  Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:48 -05:00
Glenn Strauss 2ed95279c0 Add server certificate selection callback 
https://github.com/ARMmbed/mbedtls/issues/5430

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 17:31:49 -05:00
Gilles Peskine 588d7a7538 Add a missing requires_max_content_len 
Slightly reduce the amount of data so that the test passes with 512.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:23:25 +01:00
Gilles Peskine c6d197b68a ssl-opt needs debug messages 
Many test cases in ssl-opt.sh need error messages (MBEDTLS_ERROR_C) or SSL
traces (MBEDTLS_DEBUG_C). Some sample configurations don't include these
options. When running ssl-opt.sh on those configurations, enable the
required options. They must be listed in the config*.h file, commented out.

Run ssl-opt in the following configurations with debug options:
ccm-psk-tls1_2, ccm-psk-dtls1_2, suite-b.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:22:25 +01:00
Gilles Peskine 6e86e54abb Adapt tests for PSK in PSK-only builds 
In a PSK-only build:
* Skip tests that rely on a specific non-PSK cipher suite.
* Skip tests that exercise a certificate authentication feature.
* Pass a pre-shared key in tests that don't mind the key exchange type.

This commit only considers PSK-only builds vs builds with certificates. It
does not aim to do something useful for builds with an asymmetric key
exchange and a pre-shared key for authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 21:06:21 +01:00