yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
27544 commits 1 branch 0 tags 94 MiB
Commit graph

27544 commits

This branch
This branch
All branches
Author SHA1 Message Date
Waleed Elmelegy
c9f4040f7f Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function 
Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function
and deprecate mbedtls_pkcs5_pbes2 function.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:28:28 +01:00
Dave Rodgman
1cf181fd46 Reinstate more robust return value handling 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 19:10:17 +01:00
Dave Rodgman
c43a0a4adb rename dont_ignore to in_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 19:09:51 +01:00
Dave Rodgman
e834d6c9f2 Move declaration for robustness against future edits 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 19:09:51 +01:00
Dave Rodgman
c62f7fcce9 Use more meaningful variable name in mbedtls_rsa_rsaes_oaep_decrypt 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 19:09:51 +01:00
Dave Rodgman
e94cd0b99b Correct use of mbedtls_ct_mpi_uint_if_else_0 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 19:09:51 +01:00
Manuel Pégourié-Gonnard
5edb942708
Merge pull request #8041 from mpg/tfm-p256m 
Test TF-M config with p256-m driver
 2023-09-20 16:09:56 +00:00
Paul Elliott
5382ba6987
Merge pull request #8230 from gilles-peskine-arm/test_tls1_2_ecjpake_compatibility-avoid-build-race 
Work around a race condition in parallel builds
 2023-09-20 15:53:04 +00:00
Manuel Pégourié-Gonnard
3ec976c42c Fix typo in variable declaration 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-20 16:12:46 +02:00
Gilles Peskine
edc8456e01 Work around a race condition in parallel builds 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-20 15:03:18 +02:00
Gilles Peskine
eda1b1f744
Merge pull request #7921 from valeriosetti/issue7613 
TLS: Clean up ECDSA dependencies
 2023-09-20 12:47:55 +00:00
Gilles Peskine
452beb9076
Merge pull request #8203 from gilles-peskine-arm/p256-m-production 
Declare p256-m as ready for production
 2023-09-20 09:36:05 +00:00
Dave Rodgman
ee5464fab9 Simplify unnecessarily complex error code handling 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-20 09:13:12 +01:00
Manuel Pégourié-Gonnard
f25189473b Fix documentation of error codes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-20 09:42:55 +02:00
Manuel Pégourié-Gonnard
5ca69349b5 Improve comments on key formats 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-20 09:28:02 +02:00
Manuel Pégourié-Gonnard
fbea9d2e7d Improve return code 
CORRUPTION_DETECTED should be reserved for cases that are impossible,
short of physical corruption during execution or a major bug in the
code. We shouldn't use this for the kind of mistakes that can happen
during configuration or integration, such as calling a driver on a key
type that it doesn't support.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-20 09:22:29 +02:00
Dave Rodgman
fd96579ecd Use properly typed versions of mbedtls_ct_xxx_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 21:52:13 +01:00
Dave Rodgman
143f5f7c68 Add mbedtls_ct_bool_if and mbedtls_ct_bool_if_else_0 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 21:52:13 +01:00
Dave Rodgman
437500c5b1 Fix MSVC type complaint 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 21:52:13 +01:00
Dave Rodgman
814d096420 Fix error in handling of return value from mbedtls_nist_kw_unwrap 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 20:48:51 +01:00
Dave Rodgman
6be4bcff16 code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 19:47:51 +01:00
Dave Rodgman
4fc14cc4ae Fix error in handling of return value from mbedtls_nist_kw_unwrap 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 19:45:54 +01:00
Dave Rodgman
f8182d91a7 Simplify add_zeros_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:39:33 +01:00
Dave Rodgman
d8c68a948a Use CT interface in get_zeros_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:39:33 +01:00
Dave Rodgman
1cfc43c77b Rename mbedtls_ct_bool_xor to mbedtls_ct_bool_ne 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:39:33 +01:00
Dave Rodgman
89a9bd5887 Use CT interface in get_one_and_zeros_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:39:33 +01:00
Dave Rodgman
6cec41c3bb use CT interface in add_zeros_and_len_padding() 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:34:06 +01:00
Dave Rodgman
6b7e2a5809 Use CT interface in get_pkcs_padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:34:06 +01:00
Dave Rodgman
b4e6b41aa0 Use const-time interface throughout mbedtls_rsa_rsaes_oaep_decrypt 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:34:06 +01:00
Dave Rodgman
986006e567 Make TEST_CALLOC_NONNULL more robust 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:30:25 +01:00
Dave Rodgman
6568f60358 Simplify mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:48:24 +01:00
Dave Rodgman
2c9f86b3b6 Add docs for mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:48:13 +01:00
Dave Rodgman
28bc1ab923 Use exact bounds for allocations in mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:34:57 +01:00
Dave Rodgman
a328635305 Introduce TEST_CALLOC_NONNULL 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:34:39 +01:00
Dave Rodgman
ba600b2fd9 Remove expected param from mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:26:13 +01:00
Dave Rodgman
51c15309f2 Make padlen check const-time 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:22:18 +01:00
Dave Rodgman
c2630fac52 Simplify mbedtls_ct_memcmp_partial 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:21:50 +01:00
Waleed Elmelegy
071b69f47b Add correct dependency to DES3 test 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-19 11:24:49 +01:00
Dave Rodgman
66d6ac92e6 Use mbedtls_ct_memcmp in mbedtls_rsa_rsaes_oaep_decrypt 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 09:10:59 +01:00
Dave Rodgman
d337bd9bfe Improve const-timeness of mbedtls_nist_kw_unwrap 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 09:10:59 +01:00
Dave Rodgman
771ac65b0c Add tests for mbedtls_ct_memcmp_partial 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 09:10:59 +01:00
Dave Rodgman
9c14007ac3 Add mbedtls_ct_memcmp_partial 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 09:10:59 +01:00
Dave Rodgman
d26a3d6da7 Eliminate duplicate ct memcmp 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-18 19:09:45 +01:00
Gilles Peskine
faf0b8604a mbedtls_ssl_decrypt_buf(): fix buffer overread with stream cipher 
With stream ciphers, add a check that there's enough room to read a MAC in
the record. Without this check, subtracting the MAC length from the data
length resulted in an integer underflow, causing the MAC calculation to try
reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 19:07:50 +02:00
Gilles Peskine
d2e004e401 Test mbedtls_ssl_decrypt_buf(): stream cipher, negative cases 
Test mbedtls_ssl_decrypt_buf() with a null cipher (the only type of stream
cipher we support). Test the good case (to make sure the test code
constructs the input correctly), test with an invalid MAC, and test with a
shortened input.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 19:07:50 +02:00
Waleed Elmelegy
6d2c5d5f5c Adjust cipher tests to new requirement of specifying padding mode 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-18 17:41:25 +01:00
Gilles Peskine
9099d3fd76 Refactoring: create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 17:21:15 +02:00
Gilles Peskine
bd50d5baec
Merge pull request #8177 from gilles-peskine-arm/generated-files-off-in-release 
Generated files off in release
 2023-09-18 14:11:58 +00:00
Gilles Peskine
68ec3ccc7c Add missing cleanup 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 14:35:52 +02:00
Gilles Peskine
ac5fabed25 Refactoring: prepare to create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 14:35:42 +02:00