yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
18312 commits 89 branches 205 tags 114 MiB
Commit graph

18312 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jerry Yu 2c70a39d97 move zeroize randbytes 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu bdfd01835a fix compile break after merge 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu a986e9faac Clean handshake secrets 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu d103bdb01d Clean randbytes 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Jerry Yu 745db226db fix possible security leak for counter 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 10:33:27 +08:00
Gilles Peskine 1dc3c4553d
Merge pull request #5295 from paul-elliott-arm/crypt_and_hash_prog 
Add checks for return values to md functions in crypt and hash
 2021-12-09 23:32:59 +01:00
Gilles Peskine d31da1c673
Merge pull request #5270 from davidhorstmann-arm/improve-cmac-docs 
Reword documentation of CMAC operations
 2021-12-09 23:28:36 +01:00
Gilles Peskine f40145887d
Merge pull request #5294 from paul-elliott-arm/ssl_context_info_prog 
Two fixes for SSL context info sample program
 2021-12-09 23:22:58 +01:00
Gilles Peskine 9c8c243c41
Merge pull request #5296 from paul-elliott-arm/test_suite_ssl_returns 
Add checked returns to common functions in SSL tests without them.
 2021-12-09 23:17:10 +01:00
Paul Elliott 0cf7e38606 Add checked return to cipher setup 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:27:01 +00:00
Paul Elliott 46a6c20d0c Add checked returns to tests without them. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 18:16:13 +00:00
Paul Elliott ef9cccaf3c Fix printf format specifier 
Also mark function as printf variant so compiler will pickup any future
issues.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 17:25:04 +00:00
Paul Elliott d79d3eb736 Add checks for return values to md functions 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 17:18:10 +00:00
minosgalanakis 0f2a46c1cf readme: Addressed review comments #2 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Co-authored-by: davidhorstmann-arm <70948878+davidhorstmann-arm@users.noreply.github.com>
 2021-12-09 17:11:30 +00:00
Minos Galanakis d7547fcb5d readme: Addressed review comments 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2021-12-09 15:06:16 +00:00
Gilles Peskine d5b2a59826
Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm 
PSA Multipart AEAD CCM Internal implementation and tests.
 2021-12-09 14:49:42 +01:00
Minos Galanakis c42cadb54a Updated readme 
This patch adds explicit implementation requirements for
platforms architecture dependencies

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2021-12-09 13:21:20 +00:00
Paul Elliott 3820c150d1 Prevent resource leak 
If -f was used as an argument twice to the program, then it would leak
the file resource, due to overwriting it on the second pass

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 12:48:51 +00:00
Ronald Cron d4c64027a5 tls13: Move state transition after sending CCS to ssl_tls13_client.c 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron a55c5a1152 ssl-opt.sh: TLS 1.3: Add middlebox compatibility tests with GnuTLS 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron 7c0185fa5f ssl-opt.sh: TLS 1.3: Add some missing test dependencies 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron 49ad6197ca Add injection of dummy's ChangeCipherSpec for middlebox compatibility 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron fdb0e3f381 ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled 
Run tests with middlebox compatibility enabled but tests
dedicated to middlebox compatibility disabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron 7e38cba993 Add incoming ChangeCipherSpec filtering in TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron ab65c52944 Add MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE config option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Manuel Pégourié-Gonnard c38c1f2411
Merge pull request #5268 from gilles-peskine-arm/struct_reordering_3.0 
Reorder structure fields to maximize usage of immediate offset access
 2021-12-09 12:54:09 +01:00
Manuel Pégourié-Gonnard d7d740eb6e
Merge pull request #5236 from gabor-mezei-arm/4926_base64_move_constant-time_functions 
Move base64 constant-time functions to the new module
 2021-12-09 12:40:18 +01:00
Minos Galanakis e87790baba Update changelog 
This patch adds explicit wording to state
that Two's complement is the official
supported signed integer representation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2021-12-09 09:58:43 +00:00
Paul Elliott 37ec16b579 Add explanation for workaround in test code 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 09:44:11 +00:00
Manuel Pégourié-Gonnard b873577fc3
Merge pull request #5240 from duckpowermb/development 
[session] fix a session copy bug
 2021-12-09 09:23:23 +01:00
Manuel Pégourié-Gonnard 49c20954e4
Merge pull request #865 from davidhorstmann-arm/3.0-fix-session-copy-bug-chglog 
Add changelog entry for session copy bugfix
 2021-12-09 09:21:28 +01:00
Paul Elliott 3938fef25c Indicate set nonce negative test failure reasons 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-08 20:09:09 +00:00
Gilles Peskine cfe74a37b9 mbedtls_ssl_handshake_params: move ecrs_ctx back further 
"mbedtls_ssl_handshake_params: reorder fields to save code size" moved this
filed earlier along with byte-sized fields that should be in the 128-element
access window on Arm Thumb. This took away precious room in the 128-byte
window. Move it back further out.

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2860 -> 2816 (diff: 44)
library/ssl_msg.o: 3080 -> 3076 (diff: 4)
library/ssl_srv.o: 3340 -> 3300 (diff: 40)
library/ssl_tls.o: 6546 -> 6478 (diff: 68)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-08 18:38:51 +01:00
Gilles Peskine b3ec69dba5 mbedtls_ssl_config: better document former bit-fields 
Ensure that the documentation of fields affected by
"mbedtls_ssl_config: Replace bit-fields by separate bytes"
conveys information that may have been lost by removing the exact size of
the type. Extend the preexisting pattern "do this?" for formerly 1-bit
boolean fields. Indicate the possible values for non-boolean fields.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-08 18:32:12 +01:00
Gilles Peskine 41139a2541 mbedtls_ssl_handshake_params: move group_list earlier to save code size 
Placing group_list earlier seems to help significantly, not just as a matter
of placing it in the 128-element (512-byte) access window.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19559 -> 19551 (diff: 8)
library/ssl_msg.o: 24690 -> 24674 (diff: 16)
library/ssl_srv.o: 20418 -> 20406 (diff: 12)
library/ssl_tls.o: 20555 -> 20519 (diff: 36)
library/ssl_tls13_client.o: 7244 -> 7240 (diff: 4)
library/ssl_tls13_generic.o: 4693 -> 4697 (diff: -4)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2864 -> 2860 (diff: 4)
library/ssl_tls.o: 6566 -> 6546 (diff: 20)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-08 18:26:55 +01:00
Ronald Cron 1865585eab
Merge pull request #5212 from yuhaoth/pr/add-tls13-compat-testcases 
TLS1.3 MVP:Add tls13 compat, not supported version , certificaterequest and HRR tests
 2021-12-08 14:56:39 +01:00
David Horstmann e217edf49c Add changelog entry for session copy bugfix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-12-08 13:32:59 +00:00
Manuel Pégourié-Gonnard 5d9f42200f
Merge pull request #861 from ronald-cron-arm/fix-aead-nonce 
psa: aead: Fix invalid output buffer usage in generate_nonce()
 2021-12-08 13:30:21 +01:00
Manuel Pégourié-Gonnard 39c2aba920
Merge pull request #849 from ronald-cron-arm/fix-cipher-iv 
Avoid using encryption output buffer to pass generated IV to PSA driver
 2021-12-08 13:30:06 +01:00
Antonio de Angelis 2869c67d63 Make CMakeLists.txt discover if mbed TLS is being built as subproject 
The main CMakeLists.txt is capable to detect if it's being built as
a subproject (i.e. through add_subdirectory()) hence allowing to
disable the package configuration, target export and installation
that generally are not required when mbed TLS is being built as
part of another project.

Signed-off-by: Antonio de Angelis <antonio.deangelis@arm.com>
 2021-12-07 21:09:22 +00:00
Gilles Peskine 392113434a
Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x 
Forward port to 3.x: Introduce PSA test driver library to test PSA configuration
 2021-12-07 12:52:20 +01:00
Gilles Peskine 45b91c93f1
Merge pull request #5269 from daverodgman/fix-builds-with-only-mbedtls_bignum_c-defined-development 
Fix builds when config.h only defines MBEDTLS_BIGNUM_C
 2021-12-07 12:38:06 +01:00
Dave Rodgman d7c091060f
Merge pull request #5242 from paul-elliott-arm/explain_TLS13_decision 
TLS1.3: Edit docs to explain not changing curve order.
 2021-12-07 11:01:04 +00:00
Ronald Cron 0b4d12313a Remove assertion on local nonce buffer size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 10:45:00 +01:00
Ronald Cron 27d47713c9 tests: psa: Remove MD2, MD4 and ARC4 related code 
MD2, MD4 and ARC4 are not supported anymore in
3.x.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 09:54:36 +01:00
Ronald Cron 0118627013 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 09:28:36 +01:00
Ronald Cron a393619dc2 Change test on local nonce buffer size to an assertion 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 09:25:20 +01:00
Ronald Cron 6fd156aa6b Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 09:21:38 +01:00
Gilles Peskine aa1e9857a5 Add changelog entry for build error fixes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-06 20:58:47 +01:00
David Horstmann 3d5dfa598b Reword documentation of CMAC operations 
Change the wording of the documentation for some CMAC functions,
as the existing wording, while technically correct, can be
easy to misunderstand. The reworded docs explain the flow of
a CMAC computation a little more fully.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-12-06 18:58:02 +00:00