yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
27320 commits 1 branch 0 tags 94 MiB
Commit graph

27320 commits

This branch
This branch
All branches
Author SHA1 Message Date
Dave Rodgman
3a098e9090
Merge pull request #1084 from daverodgman/update-ct-changelog 
Update padding const-time fix changelog
 2023-09-28 11:34:07 +01:00
Dave Rodgman
e614129895 Update padding const-time fix changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-27 16:27:50 +01:00
Gilles Peskine
641250f42b
Merge pull request #1080 from gilles-peskine-arm/parse_attribute_value_der_encoded-buffer_overflow 
Fix buffer overflow in parse_attribute_value_der_encoded
 2023-09-26 16:32:36 +02:00
Gilles Peskine
391dd7fe87 Fix propagation of return value from parse_attribute_value_hex_der_encoded 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
7f420faf03 parse_attribute_value_hex_der_encoded: clean up length validation 
Separate the fits-in-buffer check (*data_length <= data_size) from the
we-think-it's-a-sensible-size check (*data_length <=
MBEDTLS_X509_MAX_DN_NAME_SIZE).

This requires using an intermediate buffer for the DER data, since its
maximum sensible size has to be larger than the maximum sensible size for
the payload, due to the overhead of the ASN.1 tag+length.

Remove test cases focusing on the DER length since the implementation no
longer has a threshold for it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
26dd764dc3 parse_attribute_value_hex_der_encoded test case fixups 
Fix the expected output in some test cases.

Add a few more test cases to exercise both a payload length around 256 bytes
and a DER length around 256 bytes, since both are placed in a 256-byte
buffer (value of MBEDTLS_X509_MAX_DN_NAME_SIZE).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
c94500b56b Add may-fail mode to mbedtls_x509_string_to_names output tests 
Due to differing validations amongst X.509 library functions, there are
inputs that mbedtls_x509_string_to_names() accepts, but it produces output
that some library functions can't parse. Accept this for now. Do call the
functions, even when we don't care about their return code: we're ok with
returning errors, but not with e.g. a buffer overflow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
7077781af5 Fix integer overflow with an input buffer larger than INT_MAX 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
aa01a038b5 Fix indentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
25665781f6 Rewrite parse_attribute_value_hex_der_encoded() 
Rename the function from parse_attribute_value_der_encoded: the hex aspect
seems important.

There was a buffer overflow due to not validating that the intermediate data
fit in the stack buffer. The rewrite doesn't use this buffer, and takes care
not to overflow the buffer that it does use.

Document all that's going on.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
70a93407ce More test cases for parse_attribute_value_der_encoded 
In particular, "X509 String to Names: long hexstring (DER=258 bytes, too long)"
causes a buffer overflow in parse_attribute_value_der_encoded().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
1c7223bda2 Use modern test macros for ease of debugging 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Dave Rodgman
6da7872aa2
Merge pull request #1083 from gilles-peskine-arm/development-restricted-merge-20230925 
Merge development into development-restricted
 2023-09-25 18:16:01 +01:00
Gilles Peskine
ffe590d197
Merge pull request #1058 from waleed-elmelegy-arm/check-set_padding-is-called 
Check set_padding has been called in mbedtls_cipher_finish
 2023-09-25 17:12:36 +02:00
Gilles Peskine
ca1e605b9c Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925 
Conflicts:
* `include/mbedtls/build_info.h`: a new fragment to auto-enable
  `MBEDTLS_CIPHER_PADDING_PKCS7` was added in
  c9f4040f7f in `development-restricted`.
  In `development`, this section of the file has moved to
  `include/mbedtls/config_adjust_legacy_crypto.h`.
* `library/bignum.c`: function name change in `development-restricted` vs
  comment change in development. The comment change in `development` is not
  really relevant, so just take the line from `development-restricted`.
 2023-09-25 16:16:26 +02:00
Dave Rodgman
76059e5ef8
Merge pull request #1078 from daverodgman/padding-ct-changelog 
Padding ct changelog
 2023-09-25 14:02:42 +01:00
Gilles Peskine
87fe99627f
Merge pull request #8249 from bensze01/fixed-typing-package-versions 
Set explicit version for the typing packages (fix CI failure)
 2023-09-25 14:35:01 +02:00
Dave Rodgman
68dca1ed6f
Merge pull request #8247 from mpg/sha3-fixup 
Fix SHA-3 dependencies in test_suite_md
 2023-09-25 12:02:21 +01:00
Dave Rodgman
025bed9eb7
Merge pull request #1076 from daverodgman/more-ct 
Use CT module more consistently
 2023-09-25 11:50:10 +01:00
Dave Rodgman
5a3add2c67
Merge pull request #8234 from kouzhudong/development 
Fix MSVC error C4703 about possibly uninitialized variable in pkwrite.c
 2023-09-25 10:51:46 +01:00
Bence Szépkúti
d06e70c6b8 Set explicit version for the typing packages 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2023-09-25 10:25:18 +02:00
Manuel Pégourié-Gonnard
4fe1e8762d Fix SHA-3 dependencies in test_suite_md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 10:05:23 +02:00
Dave Rodgman
f6f76c5a25
Merge pull request #8240 from mpg/doc-driver-only-hashes 
Document driver only hashes (overdue)
 2023-09-24 13:41:45 +01:00
Manuel Pégourié-Gonnard
030f11b0b1 Type fixes and wording improvements 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-24 09:48:47 +02:00
Manuel Pégourié-Gonnard
e47c53eeab Fix SHA-3 in accel tests that need it 
Components that accelerate an algorithm that uses hashing internally
(such as deterministic ECDSA and RSA-PSS) need the hash algorithms
available in libtestdriver1.

Previously, the omission of SHA-3 in
tests/include/test/drivers/crypto_config_test_driver_extension.h meant
it was enabled in libtestdriver1 when not requesting its acceleration,
and disabled when requesting it. Adding it in a previous commit fixed
the components that asked it accelerated, but broke the component that
didn't ask for it but still needed it.

Fix those components by explicitly requesting SHA-3 as we already do for
the other hash algorithms that are require for the same reason.

Note: this broke test_suite_psa_crypto_storage_format.v0 which is
apparently the only place exercising signatures with SHA-3.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-24 09:48:47 +02:00
Manuel Pégourié-Gonnard
f4ceb16813 Fix dependencies for SHA-3 MD dispatch tests 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-24 09:48:46 +02:00
Manuel Pégourié-Gonnard
1f61b7b8ea Document driver-only hashes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-24 09:48:46 +02:00
Manuel Pégourié-Gonnard
cc21ad441a Add SHA-3 support to libtestdriver1 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-24 09:48:45 +02:00
Gilles Peskine
10304d8329
Merge pull request #8244 from paul-elliott-arm/remove_travis_ci 
Remove all travis builds except for coverity_scan
 2023-09-22 21:53:33 +00:00
Dave Rodgman
27b7e2f350
Merge pull request #8243 from daverodgman/update-tfm-config 
Update TF-M config
 2023-09-22 18:52:29 +00:00
Gilles Peskine
6809f231a6
Merge pull request #8210 from yanrayw/aes_128bit_improvement 
AES 128bit only: add guards in cipher_wrap.c
 2023-09-22 18:15:03 +00:00
Gilles Peskine
ae3cda9541
Merge pull request #8092 from silabs-Kusumit/PBKDF2_output_key 
PBKDF2: test output_key
 2023-09-22 18:01:06 +00:00
Paul Elliott
645a541747 Remove all travis builds except for coverity_scan 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-09-22 17:50:44 +01:00
Waleed Elmelegy
a86b776f94 Remove invalid comment from mbedtls_cipher_set_padding_mode() 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-22 17:44:58 +01:00
Dave Rodgman
739d815b7f Remove PK options 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 17:40:24 +01:00
Dave Rodgman
84e8f1d618 Set MBEDTLS_MD_C 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 17:40:18 +01:00
Gilles Peskine
18e1d11cfe
Merge pull request #1049 from waleed-elmelegy-arm/Switch-pkparse-to-mbedtls_pkcs5_pbe2_ext 
Switch pkparse to use new pkcs5/12 pbe functions
 2023-09-22 18:06:50 +02:00
Dave Rodgman
d162c662b0 Update changelog text 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 16:33:12 +01:00
Dave Rodgman
4f53520f54
Merge pull request #8241 from daverodgman/cast_warning 
fix cast warning
 2023-09-22 14:23:05 +00:00
Dave Rodgman
9fc868012c Fix test error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 10:56:13 +01:00
Dave Rodgman
c0633bc777 Add comment 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 10:54:43 +01:00
Dave Rodgman
38c3228f3e fix cast warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 10:51:37 +01:00
Gilles Peskine
193f94276e
Merge pull request #1071 from gilles-peskine-arm/ssl_decrypt_stream_short_buffer 
Fix buffer overread in mbedtls_ssl_decrypt_buf with stream cipher
 2023-09-22 11:43:03 +02:00
Dave Rodgman
d03f483dbe Use mbedtls_ct_error_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 10:01:47 +01:00
Dave Rodgman
fbe74a9e51 Add mbedtls_ct_error_if, with tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 09:58:25 +01:00
Tom Cosgrove
41434d043c
Merge pull request #8237 from tom-cosgrove-arm/mbedtls_pk_write_key_der-unused-len-and-unreachable-ret 
Remove unused variable and unreachable return from mbedtls_pk_write_key_der()
 2023-09-22 08:45:48 +00:00
Dave Rodgman
9d0869140b Remove tests for mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 21:54:08 +01:00
Dave Rodgman
a9d70125a3 Remove mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 21:53:54 +01:00
Dave Rodgman
7ad37e40a6 Remove use of mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 21:53:31 +01:00
Dave Rodgman
530c3da698 Improve implementation of mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 21:06:48 +01:00