yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
21284 commits 1 branch 0 tags 94 MiB
Commit graph

21284 commits

This branch
This branch
All branches
Author SHA1 Message Date
Paul Elliott
ff15dbab4c Make definition order a bit neater 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-01 16:30:08 +01:00
Ronald Cron
7922bfbd47
Merge pull request #6005 from ronald-cron-arm/tls13-changelogs-doc-update 
TLS 1.3: Add missing change logs and update doc for 3.2 release

Validated by the internal CI, ready to be merged.
 2022-07-01 17:27:33 +02:00
Neil Armstrong
971f30d917 Fix mbedtls_ssl_get_ciphersuite_sig_alg() by returning MBEDTLS_PK_NONE for MBEDTLS_KEY_EXCHANGE_RSA 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 16:23:50 +02:00
Neil Armstrong
c67e6e96f8 Depends on MBEDTLS_X509_REMOVE_INFO disable for double Opaque keys test requiring cert infos to determine selected key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 15:48:10 +02:00
Gabor Mezei
dc3f3bb8b1
Initilize variable 
Coverity scan detected a problem of an uinitilized variable.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-07-01 15:06:34 +02:00
Ronald Cron
3cb707dc6d Fix and improve logs and documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-01 14:36:52 +02:00
Jerry Yu
7ac0d498de remove force_version for client 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-01 19:29:30 +08:00
Manuel Pégourié-Gonnard
8b8a1610f7
Merge pull request #936 from paul-elliott-arm/fix_tls_record_size_check 
Fix the wrong variable being used for TLS record size checks
 2022-07-01 12:29:48 +02:00
Manuel Pégourié-Gonnard
790ab52ee0
Merge pull request #5962 from gilles-peskine-arm/storage-format-doc-202206 
Documentation about storage format compatibility
 2022-07-01 12:21:17 +02:00
Jerry Yu
52b7d923fe fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-01 18:12:44 +08:00
Ronald Cron
08346434d2 Add TLS 1.3 change logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-01 11:37:07 +02:00
Ronald Cron
2ba0d23c65 Update TLS 1.3 support documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-01 11:25:49 +02:00
Neil Armstrong
7999cb3896 Remove auth_mode=required and client crt_file/key_file when testing server authentication 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 09:51:33 +02:00
Neil Armstrong
4b10209568 Use different certs for double opaque keys and check certificate issuer CN 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 09:48:09 +02:00
Manuel Pégourié-Gonnard
11ccb35987
Merge pull request #5994 from gilles-peskine-arm/storage-format-doc-2.25-development 
Update storage format specification for Mbed TLS 2.25.0+
 2022-07-01 09:25:35 +02:00
Gilles Peskine
0bd76ee2ed Fix Doxygen documentation attached to non-existent elements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 19:32:02 +02:00
Neil Armstrong
1948a20796 Cleanup Order & Title of Opaque TLS tests, fix RSA- test definition 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 18:05:57 +02:00
Neil Armstrong
96eceb8022 Refine mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg() when USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 18:05:05 +02:00
Gilles Peskine
cf4d9f98c7 Changelog entry for mbedtls_setbuf() 
* Security: we're improving a countermeasure.
* Requirement change: the library will no longer compile on a platform
  without setbuf().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 17:11:30 +02:00
Gilles Peskine
6d576c9646 Call setbuf when reading or writing files: programs 
After opening a file containing sensitive data, call mbedtls_setbuf() to
disable buffering. This way, we don't expose sensitive data to a memory
disclosure vulnerability in a buffer outside our control.

This commit adds a call to mbedtls_setbuf() after each call to fopen(),
but only in sample programs that were calling mbedtls_platform_zeroize().
Don't bother protecting stdio buffers in programs where application buffers
weren't protected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 17:06:11 +02:00
Gilles Peskine
da0913ba6b Call setbuf when reading or writing files: library 
After opening a file containing sensitive data, call mbedtls_setbuf() to
disable buffering. This way, we don't expose sensitive data to a memory
disclosure vulnerability in a buffer outside our control.

This commit adds a call to mbedtls_setbuf() after each call to fopen(),
except:
* In ctr_drbg.c, in load_file(), because this is only used for DH parameters
  and they are not confidential data.
* In psa_its_file.c, in psa_its_remove(), because the file is only opened
  to check its existence, we don't read data from it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 17:03:40 +02:00
Gilles Peskine
6497b5a1d1 Add setbuf platform function 
Add a platform function mbedtls_setbuf(), defaulting to setbuf().

The intent is to allow disabling stdio buffering when reading or writing
files with sensitive data, because this exposes the sensitive data to a
subsequent memory disclosure vulnerability.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 17:01:40 +02:00
Ronald Cron
cb67e1a890
Merge pull request #5917 from gilles-peskine-arm/asn1write-0-fix 
Improve ASN.1 write tests
 2022-06-30 15:42:16 +02:00
Ronald Cron
bcde39ca4a
Merge pull request #5612 from tom-cosgrove-arm/tls13-config-options 
Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3

Fully validated by the internal CI. No need to wait for the open one.
 2022-06-30 15:10:02 +02:00
Gilles Peskine
0b7ee23fe0 Historical update: the layout on stdio changed in Mbed Crypto 1.1.0 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 12:16:50 +02:00
Gilles Peskine
38989612d6 Typos 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 12:16:32 +02:00
Gilles Peskine
219a34839c Repeat the seed file documentation in 2.25.0 
This way the 2.25.0 section is now fully self-contained.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 12:15:53 +02:00
Gilles Peskine
3d65a19ee3 Fix wrong type in C snippet 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 12:15:35 +02:00
Neil Armstrong
167d82c4df Add dual keys Opaque ssl-opt tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 11:32:00 +02:00
Manuel Pégourié-Gonnard
31fcfd5632
Merge pull request #5981 from mprse/hkdf_config_fix 
Add comment to config_psa.h about enabling PSA_HKDF/-EXTRACT/-EXPAND
 2022-06-30 11:27:16 +02:00
Neil Armstrong
36b022334c Reorganize Opaque ssl-opt tests, pass key_opaque_algs=, add less wrong negative server testings 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 11:16:53 +02:00
Neil Armstrong
b2c3b5be2d Fix depends on handshake_ciphersuite_select tests 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 10:49:04 +02:00
Tom Cosgrove
d7adb3c7d9 Add comments about MBEDTLS_PSA_CRYPTO_C also being required by MBEDTLS_SSL_PROTO_TLS1_3 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-06-30 09:48:40 +01:00
Gilles Peskine
25e39f24b9 Add section for Mbed TLS 2.25.0+ 
We hadn't updated the storage specification in a while. There have been no
changes to the storage layout, but the details of the contents of some
fields have changed.

Since this is now a de facto stable format (unchanged between 2.25 and 3.2),
describe it fully, avoiding references to previous versions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 09:16:53 +02:00
Neil Armstrong
db13497490 Reorganize & add more handshake_ciphersuite_select to test all MBEDTLS_KEY_EXCHANGE_XXX cases 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 09:06:28 +02:00
Zhangsen Wang
9b64546eb2 Update tests/ssl-opt.sh, delete 1 blank line. 
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com>
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com>
 2022-06-30 02:35:18 +00:00
Paul Elliott
f6a56cf5ff
Merge pull request #939 from ronald-cron-arm/tls13-add-missing-overread-check 
TLS 1.3: Add missing overread check
 2022-06-29 17:01:14 +01:00
Tom Cosgrove
afb2fe1acf Document that MBEDTLS_SSL_KEEP_PEER_CERTIFICATE is required by MBEDTLS_SSL_PROTO_TLS1_3 
Also have check_config.h enforce this. And MBEDTLS_SSL_EXPORT_KEYS has been removed,
so no longer mention it.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-06-29 16:36:12 +01:00
Werner Lewis
ec0193d019 Update test to cover move-decrypt sequence 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-29 16:17:50 +01:00
Werner Lewis
7656a373b6 Reformat AES changes for readability 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-29 16:17:50 +01:00
Werner Lewis
6d71944f0d Specify unit for rk_offset in AES context 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-29 16:17:50 +01:00
Werner Lewis
dd76ef359d Refactor AES context to be shallow-copyable 
Replace RK pointer in AES context with a buffer offset, to allow
shallow copying. Fixes #2147.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-29 16:17:50 +01:00
Dave Rodgman
1dc6848679
Merge pull request #5976 from gilles-peskine-arm/selftest-calloc-pointer-comparison-fix-development 
Remove largely useless bit of test log to silence GCC 12
 2022-06-29 15:25:04 +01:00
Dave Rodgman
5b50f38f92
Merge pull request #934 from gilles-peskine-arm/mpi-0-mod-2 
Fix null pointer dereference in mpi_mod_int(0, 2)
 2022-06-29 15:02:59 +01:00
Gilles Peskine
955993c4b5 For status values, the macro expansions must not change either 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 14:37:17 +02:00
Gilles Peskine
4fd898e876 More wording improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 14:29:52 +02:00
Jerry Yu
aae28f178b add tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:21:32 +08:00
Jerry Yu
2fe6c638e2 remove supported check from parse sig algs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:20:17 +08:00
Jerry Yu
959e5e030b fix format issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:20:17 +08:00
Jerry Yu
660cb4209c Remove pkcs1 from key cert and sig alg map 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:20:17 +08:00