yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
23527 commits 1 branch 0 tags 94 MiB
Commit graph

23527 commits

This branch
This branch
All branches
Author SHA1 Message Date
Hanno Becker
db305ff42e X.509: Improve negative testing for SubjectAltName parsing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-07 05:10:29 -05:00
Hanno Becker
ae8f8c435c Fix X.509 SAN parsing 
Fixes #2838. See the issue description for more information.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-07 05:10:27 -05:00
Gilles Peskine
a0c806aac1
Merge pull request #7003 from lpy4105/issue/do-not-run-x86-tests-on-arm64 
all.sh: test_m32_xx is not supported on arm64 host
 2023-02-07 10:26:10 +01:00
Gilles Peskine
4c77601832
Merge pull request #6975 from davidhorstmann-arm/c-build-helper-improvements 
Minor improvements to `c_build_helper.py`
 2023-02-07 10:25:59 +01:00
Yanray Wang
3f9961bfca compat.sh: remove G_CLIENT_PRIO as it's not used 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:51 +08:00
Yanray Wang
a89c4d51f7 compat.sh: display "no" even if $VERIFY=YES for PSK test cases 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:51 +08:00
Yanray Wang
5d646e705d compat.sh: do not filter PSK ciphersuites for GnuTLS if $VERIFY=YES 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:51 +08:00
Yanray Wang
c66a46f734 compat.sh: remove check_openssl_server_bug 
As there is no $VERIFY for PSK test cases,
check_openssl_server_bug is not functional in compat.sh.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:51 +08:00
Yanray Wang
35c0eadf0f compat.sh: avoid running duplicate test cases for PSK 
With the introduction of PSK_TESTS,
 - Either `compat.sh -V NO` or `compat.sh -V YES` runs the PSK tests
 - `compat.sh` or `compat.sh -V "NO YES"` runs PSK tests only once

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:51 +08:00
Yanray Wang
dae7057e1f compat.sh: ignore $VERIFY in PSK TYPE 
There is no need to provide CA file in PSK. Thus VERIFY is
meaningless for PSK. This change omits the arguments passed to
the client and server for $VERIFY=YES.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-07 16:36:20 +08:00
Valerio Setti
1cdddacc62 pk_wrap: use proper macros for sign and verify 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
5c593af271 pk_wrap: fix comment on closing #endif 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
0568decc0c ecdsa: add comment for ecdsa_context 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
24138d9f83 pk_wrap: re-use identical functions for eckey and ecdsa when possible 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
7ca1318256 pk: add new symbol for generic ECDSA capability 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
bf74f52920 test: add a comment specifying why restartable cannot be tested 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
9e30dd882d removing a leftover printf from debug 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
4836374088 test: ECDSA driver only: fixing disparities in tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
ab363d9fe1 pk/pk_wrap: replace ECDSA_C with generic ECDSA capabilities' defines 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
cf084ae256 pk: add generic defines for ECDSA capabilities 
The idea is to state what are ECDSA capabilities independently from how
this is achieved

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
4e0278d710 test: ECDSA driver only: disable ECP_RESTARTABLE 
This is not yet supported in driver only implementation

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti
4e26df99aa test: ECDSA driver_only: verify disparities in PK 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Gabor Mezei
63aae68b8f
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-06 16:24:08 +01:00
Dave Rodgman
f31c9e441b
Merge pull request #7019 from tom-cosgrove-arm/dont-use-cast-assignment-in-ssl_server2.c 
Don't use cast-assignment in ssl_server.c
 2023-02-06 12:13:08 +00:00
Jan Bruckner
1aabe5c4d7 Fix typos 
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-02-06 12:54:53 +01:00
Jan Bruckner
aa31b19395 Extend test framework for Record Size Limit Extension 
Fixes #7006

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-02-06 12:54:29 +01:00
Manuel Pégourié-Gonnard
cced3521cb Fix style in test_suite_md.function 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-06 12:37:02 +01:00
Dave Rodgman
94c9c96c94
Merge pull request #6998 from aditya-deshpande-arm/fix-example-programs-usage 
Fix incorrect dispatch to USAGE in example programs, which causes uninitialized memory to be used
 2023-02-06 09:53:50 +00:00
Nick Child
50886c25f3 pkcs7/test: Add test for parsing a disabled algorithm 
If the digest algorithm is not compiled into Mbedtls,
then any pkcs7 structure which uses this algorithm
should fail with MBEDTLS_ERR_PKCS7_INVALID_ALG.
Add test for this case.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-02-03 20:33:12 +00:00
Nick Child
6291cc2444 pkcs7/test: Remove f strings in generator script 
MbedTLS CI uses python v3.5, f strings are not supported
until v3.6 . Remove f string's from generate_pkcs7_tests.py.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-02-03 20:33:12 +00:00
Tom Cosgrove
de85725507 Don't use cast-assignment in ssl_server.c 
Would have used mbedtls_put_unaligned_uint32(), but alignment.h is in library/.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-02-03 16:38:05 +00:00
Aditya Deshpande
9b45f6bb68 Fix more argc checks 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-02-03 16:15:30 +00:00
Gilles Peskine
10ada35019
Merge pull request #7022 from daverodgman/3DES-warning 
Improve warnings for DES/3DES
 2023-02-03 16:41:34 +01:00
Gilles Peskine
0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3 
Parsing v3 extensions from a CSR - v.2
 2023-02-03 16:41:11 +01:00
Manuel Pégourié-Gonnard
f5e2331f8a Use TEST_EQUAL when applicable in test_suite_md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-03 12:51:03 +01:00
Manuel Pégourié-Gonnard
b707bedca4 Avoid unnecessary copy in test_suite_md 
Also avoids buffer with an arbitrary size while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-03 12:32:41 +01:00
Manuel Pégourié-Gonnard
4ba98f5350 Use MBEDTLS_MD_MAX_SIZE in test_suite_md 
Not only was the size of 100 arbitrary, it's also not great for testing:
using MBEDTLS_MD_MAX_SIZE will get us an ASan error if it ever is too
small.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-03 12:25:53 +01:00
Manuel Pégourié-Gonnard
c90514ee11 Use MD type not string to in MD test data 
For all test that want to use a hash, identify it by its numerical type
rather than a string. The motivation is that when we isolate the
MD-light subset from the larger MD, it won't have support for string
identifiers. Do the change for all tests, not just those that will
exercise functions in MD-light, for the sake of uniformity and because
numerical identifiers just feel better.

Note: mbedtls_md_info_from_string is still tested in md_info().

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-03 12:13:10 +01:00
Gilles Peskine
80c552556a
Merge pull request #6791 from yanrayw/6675-change-some-key-generation-funcs-to-static 
TLS 1.3: Key Generation: change some key generation functions to static
 2023-02-03 11:56:35 +01:00
Gilles Peskine
753ad17a41
Merge pull request #6982 from aditya-deshpande-arm/check-files-characters 
check_files.py: Allow specific Box Drawing characters to be used
 2023-02-03 11:46:06 +01:00
Gilles Peskine
e2db23d741
Merge pull request #6902 from yanrayw/6651-enable-cipher-suite-names-consistent 
compat.sh: report and filter cipher suite names consistently
 2023-02-03 11:38:31 +01:00
Manuel Pégourié-Gonnard
bae8d2ae13
Merge pull request #7028 from daverodgman/sizeof-brackets 
Fix use of sizeof without brackets
 2023-02-03 10:29:56 +01:00
Manuel Pégourié-Gonnard
d56def5c30
Merge pull request #6946 from valeriosetti/issue6856 
driver-only ECDSA: fix testing disparities in ecp, random, se_driver_hal
 2023-02-03 08:51:04 +01:00
Yanray Wang
f206c1493b Remove duplicate mbedtls_platform_zeroize for tls13_early_secrets 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-03 13:55:47 +08:00
Yanray Wang
131ec931eb Remove the additional dot in output of compat.sh 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-03 12:13:04 +08:00
Gilles Peskine
34c43a871f Make the fields of mbedtls_pk_rsassa_pss_options public 
This makes it possible to verify RSA PSS signatures with the pk module,
which was inadvertently broken since Mbed TLS 3.0. Fixes #7040.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-02 23:06:37 +01:00
Dave Rodgman
fdbfaafc2f Additional warnings in cipher.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-02 13:44:31 +00:00
Dave Rodgman
23caf02c5b Update warnings in cipher.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-02 13:17:34 +00:00
Dave Rodgman
6dd757a8ba Fix use of sizeof without brackets 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-02 12:40:50 +00:00
Dave Rodgman
c04515b83c Improve warnings for DES/3DES 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-02 10:47:58 +00:00