yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
19999 commits 89 branches 205 tags 114 MiB
Commit graph

19999 commits

This branch
This branch
All branches
Author SHA1 Message Date
pespacek b06acd734b Fixing PSA return status 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-06-07 13:07:21 +02:00
pespacek 670913f4dc Fixing return value for ssl_tls13_write_certificate_body() 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-06-07 10:53:39 +02:00
pespacek 3493587e05 FEATURE: mbedtls_md() in ssl_tls13_write_certificate_verify_body() 
replaced withpsa_hash_compute()
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-05-23 13:10:48 +02:00
pespacek a1378105cf FEATURE: use psa_hash_xxx rather than mbedtls_md_xxx for TLS 1.3. 
ssl_tls13_parse_certificate_verify()
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-05-23 13:10:47 +02:00
Manuel Pégourié-Gonnard 69e348db85
Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa 
Permissions 1: create `mbedtls_pk_can_do_ext()`
 2022-05-23 10:58:32 +02:00
Neil Armstrong b2f2b027c2 Clarify mbedtls_pk_can_do_ext() return documentation amd add warning on future addition of allowed algs & usage flags 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 12:00:56 +02:00
Neil Armstrong c661ff51c9 Fix pk_can_do_ext tests with non-opaque keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 09:49:04 +02:00
Neil Armstrong a724f7ae17 Document mbedtls_pk_can_do_ext() return for non-allowed algorithms and usage flags 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 09:28:12 +02:00
Neil Armstrong 81d391f773 Check when usage == 0 in mbedtls_pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 09:26:16 +02:00
Neil Armstrong b80785f1a4 Comment typo fix in mbedtls_pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-20 09:25:55 +02:00
Gilles Peskine e4d3a6a4e8
Merge pull request #5804 from superna9999/5797-remove-cipher-deps-tls 
Remove Cipher dependencies in TLS
 2022-05-19 21:02:12 +02:00
Neil Armstrong 5c5b116a49 Add pk_can_do_ext test for non-opaque keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-19 18:07:53 +02:00
Dave Rodgman afe149d76e
Merge pull request #5846 from bootstrap-prime/development 
Fix typos in documentation and constants with typo finding tool
 2022-05-19 16:53:32 +01:00
Paul Elliott 4283a6b121
Merge pull request #5736 from gilles-peskine-arm/psa-raw_key_agreement-buffer_too_small 
Make psa_raw_key_agreement return BUFFER_TOO_SMALL
 2022-05-19 16:06:02 +01:00
Neil Armstrong 084338d336 Change mbedtls_pk_can_do_ext() usage test logic for opaque keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-19 16:22:40 +02:00
bootstrap-prime 6dbbf44d78
Fix typos in documentation and constants with typo finding tool 
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>
 2022-05-18 14:15:33 -04:00
Neil Armstrong 8395d7a37d Change guard of mbedtls_ssl_cipher_to_psa() with USE_PSA_CRYPTO || SSL_PROTO_TLS1_3 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:24:34 +02:00
Neil Armstrong 0fa8ce3498 TLS 1.3 only have AEAD ciphers, drop the PSA_ALG_IS_AEAD() check in mbedtls_ssl_tls13_get_cipher_key_info() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong b818e16b29 Move out common PSA code from mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong e3b0b8ab67 Remove non-PSA code in mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong 93617245c3 Code style fixes 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong 689557ca12 Make CIPHER_C guard code as alternate of USE_PSA_CRYPTO in mbedtls_ssl_ciphersuite_get_cipher_key_bitlen() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong 4f4f271850 In mbedtls_ssl_tls13_generate_handshake_keys() and mbedtls_ssl_tls13_generate_application_keys(), avoid calling mbedtls_cipher_info_from_type() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong a8093f5c48 In mbedtls_ssl_tls13_populate_transform() make sure mbedtls_cipher_info_from_type() is only called when USE_PSA is disabled 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Neil Armstrong 801abb69a5 Provide a PSA definition of mbedtls_ssl_ciphersuite_get_cipher_key_bitlen() when MBEDTLS_USE_PSA_CRYPTO is defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-18 13:19:29 +02:00
Manuel Pégourié-Gonnard 6ab65e28cf
Merge pull request #5842 from mprse/decrypt_tests 
RSA decrypt 2: TLS 1.2 integration testing
 2022-05-18 12:58:50 +02:00
Gilles Peskine 42ed963c72 Update PSA compliance test branch 
Update to a branch with a fix for the test case
"expected error for psa_raw_key_agreement - Small buffer size"
since we just fixed the corresponding bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-17 17:23:09 +02:00
Ronald Cron 9edf51d8cd
Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext 
Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3
CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h.
@RcColes if you eventually want to request some changes, they can be done in a follow-up PR.
 2022-05-17 17:01:55 +02:00
Paul Elliott a478441517
Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify 
TLS1.3:Add Certificate and CertificateVerify message on Server Side
 2022-05-17 15:47:36 +01:00
Neil Armstrong bbb8b75f20 Fixup comment of mbedtls_pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 14:58:27 +02:00
Neil Armstrong 8eb0afb726 Remove duplicate pk_can_do_ext test 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 14:58:11 +02:00
Neil Armstrong 408f6a60a3 Add usage parameter to mbedtls_pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 14:23:20 +02:00
Neil Armstrong 434d4eb74f Remove invalid comments in pk_can_do_ext() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 11:58:22 +02:00
Neil Armstrong dab56ba2bd Fix typo in mbedtls_pk_can_do_ext() code documentation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 11:56:55 +02:00
Neil Armstrong cec133a242 Fix typo in mbedtls_pk_can_do_ext() documentation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-17 11:56:01 +02:00
Gilles Peskine 3e56130fb9 psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted 
psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH,
the only algorithm that is currently implemented. Make it return the correct
error code.

The reason for the wrong error code is that ecdh.c returns
MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It
might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the
impact of the fix, handle this in the PSA layer.

Fixes #5735.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:37:54 +02:00
Gilles Peskine 7be11a790d Use TEST_LE_U in some places where it applies 
Systematically replace "TEST_ASSERT( $x <= $y )" by "TEST_LE_U( $x, $y )" in
test_suite_psa_crypto. In this file, all occurrences of this pattern are
size_t so unsigned.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:37:53 +02:00
Gilles Peskine d1465429a2 New test helper macros TEST_LE_U, TEST_LE_S 
Test assertions for integer comparisons that display the compared values on
failure. Similar to TEST_EQUAL.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:33:11 +02:00
Gilles Peskine 3ff25443c8 Separate the validation of the size macros and of the function 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:33:11 +02:00
Gilles Peskine d4a258a08f Improve PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE validation 
We want to check:
1. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE (the output fits
   if the caller uses the key-specific buffer size macro)
2. actual output <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (the output fits
   if the caller uses the generic buffer size macro)
3. PSA_RAW_KEY_AGREEMENT_OUTPUT_SIZE <= PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE
   (consistency in the calculation)

We were only testing (1) and (2). Test (3) as well. (1) and (3) together
imply (2) so there's no need to test (2).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:33:11 +02:00
Gilles Peskine 992bee8b6e Test psa_raw_key_agreement with a larger/smaller buffer 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-05-16 19:33:11 +02:00
Dave Rodgman 2a045325f9
Merge pull request #5766 from leorosen/fix-var-init 
Add missing local variable initialization
 2022-05-16 14:47:00 +01:00
Przemek Stekiel 8da6da3da2 ssl-opt.sh: add test of RSA Opaque keys with TLS 1.2 server for decryption 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-16 14:37:50 +02:00
Gilles Peskine 9b7e29663f
Merge pull request #4211 from ccawley2011/mingw 
Fix compilation with MinGW32
 2022-05-16 12:30:37 +02:00
Gilles Peskine f46019165f
Merge pull request #5840 from bensze01/python_3.10_support 
Add minimum requirements for Python 3.10 support
 2022-05-16 12:29:36 +02:00
Leonid Rozenboim a3008e7e2e Add missing local variable initialization 
These issues were flagged by Coverity as instances where a local
variable may be used prior to being initialized. Please note that
none of these changes fixes any particular bug, this is just an attempt
to add more robustness.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-05-13 18:08:11 +01:00
Gabor Mezei 696956da24
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-13 17:02:19 +02:00
Gabor Mezei 0a4298bbe9
Remove unnecessary duble conversion 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-05-13 17:02:18 +02:00
Bence Szépkúti 44f138d539 Add minimum requirements for Python 3.10 support 
This is needed for min_requirements.py, since it installs the oldest
possible version of all the requirements.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-05-13 16:52:28 +02:00
Jerry Yu b89125b81a Add test without server certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-13 15:50:04 +08:00