yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
24286 commits 89 branches 205 tags 114 MiB
Commit graph

24286 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gilles Peskine a25203c5f9
Merge pull request #7208 from paul-elliott-arm/interruptible_sign_hash_new_verify_tests 
Interruptible_{sign|verify}_hash: Add public key verification tests
 2023-03-09 20:48:13 +01:00
Dave Rodgman bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Tom Cosgrove 94e841290d Don't check prerequisites for MBEDTLS_AESCE_C if we won't use it 
Fixes #7234

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-09 17:17:42 +00:00
Dave Rodgman 8657e3280a Add corrupt PKCS #7 test files 
Generated by running "make <filename>" and commiting the result.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-09 15:59:15 +00:00
valerio 2bf85e349d ssl-opt: enable test for accelerated ECDH + USE_PSA 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-03-09 16:39:07 +01:00
valerio f27472b128 ssl-opt: enable test and fix failures for reference ECDH + USE_PSA" 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-03-09 16:20:38 +01:00
Przemek Stekiel 89e268dfb9 Add change log entry (SubjectAltName extension in CSR) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 14:04:17 +01:00
Przemek Stekiel 42510a91c4 Use for loop instead while loop 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 14:04:17 +01:00
Przemek Stekiel 68ca81c8fe Change separator for SAN names to ';' 
When ';' is used as a separator san names must be provided in quotation marks:
./cert_req filename=../../tests/data_files/server8.key subject_name=dannybackx.hopto.org san="URI:http://pki.example.com/;IP:127.1.1.0;DNS:example.com"

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 14:04:11 +01:00
Gabor Mezei fffd6d9ded
Fix maximum cannonical value 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-09 13:43:15 +01:00
Gabor Mezei e4710ae9ed
Add and fix comments 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-09 13:43:02 +01:00
Przemek Stekiel b8eaf635ba Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 12:14:26 +01:00
David Horstmann 369930dec2 Move docs/getting_started.md to docs repo 
Delete docs/getting_started.md as it has been moved to the dedicated
documentation repo.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-03-09 09:52:13 +00:00
Janos Follath 9e1d889766
Merge pull request #7231 from tom-cosgrove-arm/update-changelog-230308 
Update ChangeLog to make "fix" explicit
 2023-03-09 08:47:49 +00:00
Janos Follath 042e433eda Threat Model: clarify attack vectors 
Timing attacks can be launched by any of the main 3 attackers. Clarify
exactly how these are covered.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-03-08 20:07:59 +00:00
Janos Follath d5a09400ae Threat Model: improve wording 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-03-08 19:58:29 +00:00
Dave Rodgman 5e5aa4a4e6
Merge pull request #7218 from tom-cosgrove-arm/fix-typos-230307 
Fix typos in development prior to release
 2023-03-08 17:19:59 +00:00
Dave Rodgman 51b62ef23d
Merge pull request #7228 from tom-cosgrove-arm/fix-alignment.h-on-32-bit-systems 
Fix mbedtls_bswap64() on 32-bit systems
 2023-03-08 17:19:29 +00:00
Janos Follath 3d377605f3 Threat Model: move the block cipher section 
The block cipher exception affects both remote and local timing attacks.
Move them to the Caveats section and reference it from both the local
and the remote attack section.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-03-08 16:58:01 +00:00
Janos Follath ecaa293d32 Threat model: explain dangling countermeasures 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-03-08 16:38:07 +00:00
Janos Follath fef82fd39b Threat Model: increase classification detail 
Originally for the sake of simplicity there was a single category for
software based attacks, namely timing side channel attacks.

Be more precise and categorise attacks as software based whether or not
they rely on physical information.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-03-08 16:10:39 +00:00
Manuel Pégourié-Gonnard 913d9bb921
Merge pull request #7162 from valeriosetti/issue7055 
Legacy MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C dependencies in test_suite_psa_crypto
 2023-03-08 17:07:19 +01:00
Valerio Setti 1470ce3eba fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:50:12 +01:00
Valerio Setti 2f081473b6 test: fix disparities in test_suite_ssl 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Valerio Setti 75fba32cb3 ssl: use new macros for ECDSA capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Valerio Setti 30c4618970 Add new PSA_HAS_FULL_ECDSA macro for easily signal that PSA has full ECDSA support 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Valerio Setti f84b7d5c21 test: enable ECDSA based key exchanges in driver coverage tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Tom Cosgrove b3c6a1e04a Update ChangeLog to make "fix" explicit 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-08 15:47:00 +00:00
Manuel Pégourié-Gonnard 289e5baa83
Merge pull request #7082 from valeriosetti/issue6861 
driver-only ECDSA: add ssl-opt.sh testing with testing parity
 2023-03-08 16:45:38 +01:00
Gabor Mezei d1f16b937e
Add documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 15:26:32 +01:00
Tom Cosgrove 6ef9bb3d74 Implement and use MBEDTLS_STATIC_ASSERT() 
Fixes #3693

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-08 14:19:51 +00:00
Tom Cosgrove bbe166e721 Fix mbedtls_bswap64() on 32-bit systems 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-08 13:23:24 +00:00
Gabor Mezei eb591ff94d
Add test generation for ecp_mod_p256_raw 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 14:12:20 +01:00
Gabor Mezei 716447ff32
Fix limb size calculation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 14:09:51 +01:00
Gabor Mezei ed1acf642c
Apply naming conventions 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 14:09:50 +01:00
Gabor Mezei 5221c04b92
Change the p256_raw fuction to be testable 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 14:09:50 +01:00
Gabor Mezei ab6ac91a0a
Extract Secp256r1 from the prototype 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 14:09:50 +01:00
Tom Cosgrove c15a2b949d Update the text about gcc5 support for Armv8 CE 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-08 12:55:48 +00:00
Przemek Stekiel 07c5ea348c Add check for buffer overflow and fix style. 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-08 13:31:19 +01:00
Valerio Setti 733de595e3 psa_crypto_rsa: remove PK_WRITE_C in psa_rsa_export_key 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti c0e7da55c5 test: removing remaning dependencies of PK_WRITE/PK_PARSE from test_suite_psa_crypto suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti 73a218513b psa_crypto_rsa: add comment/explanation for residual PK_WRITE_C guard 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti f9bc5b75f1 test: remove dependencies on PK_WRITE and PK_PARSE from test_suite_psa_crypto suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti ccfad9ae0e ssl-opt: remove remaining redundant dependencies 
There were some dependencies that are now automatically satisfied by the
detect_required_features() function.

After this check there should be no redundant requirement for:
- requires_pk_alg "ECDSA"
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 10:25:05 +01:00
Valerio Setti 3b2c02821e ssl-opt: return to previous debug level in test 
This was a leftover from some debug activity that unfortunately ended up
in previous commits.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 10:22:29 +01:00
Przemek Stekiel 691e91adac Further pake code optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-08 09:54:00 +01:00
Gilles Peskine 429e90153c Improve pip instructions 
Our build scripts invoke `python3` in preference to `python`, so make the
default instruction use `python3`. On many systems (macOS, some Linux),
`python` invokes Python 2 which our scripts do not support.

Suggest --user by default. It's usually the right thing outside of venvs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-07 20:40:04 +01:00
Gilles Peskine ed7b5978cd
Merge pull request #6172 from gilles-peskine-arm/doc-tls13-psa_crypto_init 
Document the need to call psa_crypto_init for TLS 1.3
 2023-03-07 20:13:53 +01:00
Gilles Peskine a2fc399f57
Merge pull request #6829 from AndrzejKurek/unify-psa-errors 
Unify PSA to Mbed TLS error translation
 2023-03-07 19:55:44 +01:00
Gilles Peskine 12e3c8e019
Merge pull request #7168 from mpg/use-md 
Use MD (not low-level hash interface) in X.509 and TLS
 2023-03-07 19:55:12 +01:00