yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
16366 commits 1 branch 0 tags 94 MiB
Commit graph

16366 commits

This branch
This branch
All branches
Author SHA1 Message Date
Gilles Peskine
41377d6680
Merge pull request #4560 from gilles-peskine-arm/issue-templates 
Separate issue templates
 2021-06-08 12:01:26 +02:00
Gilles Peskine
6dd92c3f6b Wrap lines in the source to <80 columns 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-08 11:40:04 +02:00
Manuel Pégourié-Gonnard
caa0e93f08
Merge pull request #4617 from daverodgman/cmake-version 
Document minimum tool versions for 3.0
 2021-06-08 11:38:03 +02:00
Manuel Pégourié-Gonnard
16fdab79a5
Merge pull request #4382 from hanno-arm/max_record_payload_api 
Remove MFL query API and add API for maximum plaintext size of incoming records
 2021-06-08 11:07:27 +02:00
Manuel Pégourié-Gonnard
dacd044938
Merge pull request #4516 from TRodziewicz/Remove__CHECK_PARAMS_option 
Remove MBEDTLS_CHECK_PARAMS option
 2021-06-08 09:30:48 +02:00
Manuel Pégourié-Gonnard
68237d718a
Merge pull request #4548 from hanno-arm/tls13_key_schedule_upstream 
TLS 1.3 Key schedule: Second level secret generation
 2021-06-08 09:10:58 +02:00
Hanno Becker
61f292ea0a Fix migration guide for now-removed deprecated functions 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-08 07:50:55 +01:00
Hanno Becker
59d3670fa5 Fix ssl-opt.sh test cases grepping for MFL configuration output 
Use and grep for the new max in/out record payload length API instead.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-08 05:35:29 +01:00
Hanno Becker
df3b86343a Fixup rebase slip in library/ssl_misc.h 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-08 05:30:45 +01:00
Gilles Peskine
8d4e32b888
Merge pull request #4522 from mpg/fix-ssl-cf-hmac-alt-dev 
Fix misuse of MD API in SSL constant-flow HMAC
 2021-06-07 20:53:33 +02:00
Gilles Peskine
87d36e311b Add a section heading for LTS branches 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-07 20:43:35 +02:00
Gilles Peskine
d1a8cd5169 Minor clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-07 20:42:40 +02:00
TRodziewicz
0730cd5d9e Merge branch 'development' into Remove__CHECK_PARAMS_option 2021-06-07 15:41:49 +02:00
TRodziewicz
34428a6849 Remove duplicated ASSERT_ALLOC define 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-07 15:33:15 +02:00
TRodziewicz
442fdc22ea Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-07 13:52:23 +02:00
Ronald Cron
d285b11f21
Merge pull request #4616 from mpg/hide-ssl-deprecated-constant 
Hide ssl deprecated constants
 2021-06-07 13:24:52 +02:00
Manuel Pégourié-Gonnard
13a9776676 Editorial improvements 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 12:00:04 +02:00
Mateusz Starzyk
a74295fb52 Remove outdated note about direct manipulation of private members. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-06-07 11:30:55 +02:00
Mateusz Starzyk
8fc95a06a6 Wrap variable missed by the python script. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-06-07 11:28:24 +02:00
Manuel Pégourié-Gonnard
3b5a7c198c Update ChangeLog and migration guide 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 11:13:34 +02:00
Mateusz Starzyk
2abe51cc75 Extend setup_and_run script to cover remaining configurations. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-06-07 11:08:01 +02:00
Dave Rodgman
be4af04fcf Update minimum CMake version in CMakeLists.txt 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-07 09:18:50 +01:00
Dave Rodgman
f21e4621f8 Changelog entry for updated tool versions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-07 09:18:50 +01:00
Dave Rodgman
2f458d3dcc Update README to document minimum tool versions 
Fixes #4379.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-07 09:18:50 +01:00
Mateusz Starzyk
854a25c7a4 Merge branch 'development' into mbedtls_private_with_python 
Conflicts:
         include/mbedtls/ecp.h

Conflict resolved by using the code from development branch
and manually applying the MBEDTLS_PRIVATE wrapping.
 2021-06-07 09:49:01 +02:00
Manuel Pégourié-Gonnard
9371a40476 Stop referencing private constants in documentation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-04 12:29:42 +02:00
Manuel Pégourié-Gonnard
cac90a15ed Hide constants for TLS 1.0 and TLS 1.1 
ssl_server2 had a check that we never try to use a minor version lower
than 2 with DTLS, but that check is no longer needed, as there's no way
that would happen now that MBEDTLS_SSL_MINOR_VERSION_1 is no longer
public.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-04 12:29:33 +02:00
Hanno Becker
d60b6c62d5 Remove per-version ciphersuite configuration API 
This commit removes the API

```
    mbedtls_ssl_conf_ciphersuites_for_version()
```

which allows to configure lists of acceptable ciphersuites
for each supported version of SSL/TLS: SSL3, TLS 1.{0,1,2}.

With Mbed TLS 3.0, support for SSL3, TLS 1.0 and TLS 1.1
is dropped. Moreover, upcoming TLS 1.3 support has a different
notion of cipher suite and will require a different API.

This means that it's only for TLS 1.2 that we require
a ciphersuite configuration API, and

```
   mbedtls_ssl_conf_ciphersuites()
```

can be used for that. The version-specific ciphersuite
configuration API `mbedtls_ssl_conf_ciphersuites_for_version()`,
in turn, is no longer needed.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-04 12:20:10 +02:00
Manuel Pégourié-Gonnard
0c1a42a147
Merge pull request #4611 from gilles-peskine-arm/random-range-uniformity-3.0 
Fix non-uniform random generation in a range
 2021-06-04 10:43:15 +02:00
Manuel Pégourié-Gonnard
f9f9cc217c
Merge pull request #4579 from tom-daubney-arm/rm_ecdh_legacy_context_config_option 
Remove `MBEDTLS_ECDH_LEGACY_CONTEXT` config option
 2021-06-04 10:02:59 +02:00
Gilles Peskine
afb2bd2f22 Note that the byte order in mpi_fill_random_internal() is deliberate 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
405b091d9e Use MBEDTLS_MPI_CHK where warranted 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
ed32b576a4 New internal function mbedtls_mpi_resize_clear 
The idiom "resize an mpi to a given size" appeared 4 times. Unify it
in a single function. Guarantee that the value is set to 0, which is
required by some of the callers and not a significant expense where
not required.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
ceefe5d269 Lift function call out of inner loop 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
9077e435c6 Fix mistakes in test case descriptions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
87823d7913 Use ternary operator with the most common case first 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
c7eeeb1e8d Fix long-standing obsolete comment 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
e842e58f61 Correct some comments about ECC in mbedtls_mpi_random 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
3270b14d4b DHM: add test case with x_size < 0 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
19e36207ba DHM tests: add some explanations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
03299dcf5b DHM: add notes about leading zeros 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
ebe9b6a51d mpi_fill_random_internal: remove spurious grow() call 
Since the internal function mpi_fill_random_internal() assumes that X
has the right size, there is no need to call grow().

To further simplify the function, set the sign outside, and zero out
the non-randomized part directly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
0cb493d239 Note that the "0 limb in ..." tests rely on undocumented behavior 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
7ed7c5a37d mbedtls_mpi_random: document MBEDTLS_ERR_MPI_NOT_ACCEPTABLE 
Note that this error has a negligible probability with a "crypto-sized"
bound, but macroscopic probability with a small bound.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
e5381686ef MPI random test: use more iterations for small numbers 
In real life, min << N and the probability that mbedtls_mpi_random()
fails to find a suitable value after 30 iterations is less than one in
a billion. But at least for testing purposes, it's useful to not
outright reject "silly" small values of N, and for such values, 30
iterations is not enough to have a good probability of success.

Pick 250 iterations, which is enough for cases like (min=3, N=4), but
not for cases like (min=255, N=256).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
0ad640ab83 MPI random test: Add test cases with lower_bound > upper_bound 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
d463edf8c5 MPI random test: fix small-range test stats check when min > 1 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
951b5695e3 MPI random test: Add a few more small-range tests 
Do more iterations with small values. This makes it more likely that a
mistake on bounds will be detected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
fbb90098e8 Fix copypasta in test case description 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
ee966c4ae4 Contextualize comment about mbedtls_mpi_random retries 
This comment is no longer in the specific context of generating a
random point on an elliptic curve.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00