yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
16374 commits 1 branch 0 tags 94 MiB
Commit graph

16374 commits

This branch
This branch
All branches
Author SHA1 Message Date
Janos Follath
5e1948d2a3 PSA PAKE: define size macros as 0 
Define the size macros to 0 rather than empty. That will lead to fewer
weird errors when we start implementing.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2021-06-08 14:40:57 +01:00
Gilles Peskine
73876cf9cb Clarify "between major version changes" 
This was diversely interpreted as "compatibility in the period between
two major version changes" (as intended) or "compatibility between two
versions whose major version is different" (unintended).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-08 15:33:53 +02:00
Ronald Cron
3a0375fff4 Fail if a padding disabled by the build-time configuration is selected 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:57 +02:00
Ronald Cron
266b6d2121 tests: Assert success of calls to mbedtls_rsa_set_padding() 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:19 +02:00
Ronald Cron
d2cfa3e980 Improve mbedtls_rsa_init/set_padding() descriptions 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:19 +02:00
Ronald Cron
6fe1bc3f24 Add change log and migration guide 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:19 +02:00
Ronald Cron
c1905a1c3d Change mbedtls_rsa_init() signature 
Remove padding parameters as mbedtls_rsa_init()
cannot return an error code when padding
parameters are invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:19 +02:00
Ronald Cron
ea7631be1c Change mbedtls_rsa_set_padding() signature 
mbedtls_rsa_set_padding() now returns the error
code MBEDTLS_ERR_RSA_INVALID_PADDING when
padding parameters are invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-06-08 14:11:10 +02:00
Gilles Peskine
41377d6680
Merge pull request #4560 from gilles-peskine-arm/issue-templates 
Separate issue templates
 2021-06-08 12:01:26 +02:00
Gilles Peskine
6dd92c3f6b Wrap lines in the source to <80 columns 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-08 11:40:04 +02:00
Manuel Pégourié-Gonnard
caa0e93f08
Merge pull request #4617 from daverodgman/cmake-version 
Document minimum tool versions for 3.0
 2021-06-08 11:38:03 +02:00
Manuel Pégourié-Gonnard
16fdab79a5
Merge pull request #4382 from hanno-arm/max_record_payload_api 
Remove MFL query API and add API for maximum plaintext size of incoming records
 2021-06-08 11:07:27 +02:00
Manuel Pégourié-Gonnard
dacd044938
Merge pull request #4516 from TRodziewicz/Remove__CHECK_PARAMS_option 
Remove MBEDTLS_CHECK_PARAMS option
 2021-06-08 09:30:48 +02:00
Manuel Pégourié-Gonnard
68237d718a
Merge pull request #4548 from hanno-arm/tls13_key_schedule_upstream 
TLS 1.3 Key schedule: Second level secret generation
 2021-06-08 09:10:58 +02:00
Hanno Becker
61f292ea0a Fix migration guide for now-removed deprecated functions 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-08 07:50:55 +01:00
Hanno Becker
59d3670fa5 Fix ssl-opt.sh test cases grepping for MFL configuration output 
Use and grep for the new max in/out record payload length API instead.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-08 05:35:29 +01:00
Hanno Becker
df3b86343a Fixup rebase slip in library/ssl_misc.h 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-08 05:30:45 +01:00
Gilles Peskine
8d4e32b888
Merge pull request #4522 from mpg/fix-ssl-cf-hmac-alt-dev 
Fix misuse of MD API in SSL constant-flow HMAC
 2021-06-07 20:53:33 +02:00
Gilles Peskine
87d36e311b Add a section heading for LTS branches 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-07 20:43:35 +02:00
Gilles Peskine
d1a8cd5169 Minor clarifications 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-07 20:42:40 +02:00
TRodziewicz
0730cd5d9e Merge branch 'development' into Remove__CHECK_PARAMS_option 2021-06-07 15:41:49 +02:00
TRodziewicz
34428a6849 Remove duplicated ASSERT_ALLOC define 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-07 15:33:15 +02:00
TRodziewicz
442fdc22ea Remove MBEDTLS_X509_CHECK_*_KEY_USAGE options but enable the code 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-07 13:52:23 +02:00
Ronald Cron
d285b11f21
Merge pull request #4616 from mpg/hide-ssl-deprecated-constant 
Hide ssl deprecated constants
 2021-06-07 13:24:52 +02:00
Manuel Pégourié-Gonnard
13a9776676 Editorial improvements 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 12:00:04 +02:00
Mateusz Starzyk
a74295fb52 Remove outdated note about direct manipulation of private members. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-06-07 11:30:55 +02:00
Mateusz Starzyk
8fc95a06a6 Wrap variable missed by the python script. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-06-07 11:28:24 +02:00
Manuel Pégourié-Gonnard
3b5a7c198c Update ChangeLog and migration guide 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-07 11:13:34 +02:00
Mateusz Starzyk
2abe51cc75 Extend setup_and_run script to cover remaining configurations. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-06-07 11:08:01 +02:00
Dave Rodgman
be4af04fcf Update minimum CMake version in CMakeLists.txt 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-07 09:18:50 +01:00
Dave Rodgman
f21e4621f8 Changelog entry for updated tool versions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-07 09:18:50 +01:00
Dave Rodgman
2f458d3dcc Update README to document minimum tool versions 
Fixes #4379.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-07 09:18:50 +01:00
Mateusz Starzyk
854a25c7a4 Merge branch 'development' into mbedtls_private_with_python 
Conflicts:
         include/mbedtls/ecp.h

Conflict resolved by using the code from development branch
and manually applying the MBEDTLS_PRIVATE wrapping.
 2021-06-07 09:49:01 +02:00
Manuel Pégourié-Gonnard
9371a40476 Stop referencing private constants in documentation 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-04 12:29:42 +02:00
Manuel Pégourié-Gonnard
cac90a15ed Hide constants for TLS 1.0 and TLS 1.1 
ssl_server2 had a check that we never try to use a minor version lower
than 2 with DTLS, but that check is no longer needed, as there's no way
that would happen now that MBEDTLS_SSL_MINOR_VERSION_1 is no longer
public.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-04 12:29:33 +02:00
Hanno Becker
d60b6c62d5 Remove per-version ciphersuite configuration API 
This commit removes the API

```
    mbedtls_ssl_conf_ciphersuites_for_version()
```

which allows to configure lists of acceptable ciphersuites
for each supported version of SSL/TLS: SSL3, TLS 1.{0,1,2}.

With Mbed TLS 3.0, support for SSL3, TLS 1.0 and TLS 1.1
is dropped. Moreover, upcoming TLS 1.3 support has a different
notion of cipher suite and will require a different API.

This means that it's only for TLS 1.2 that we require
a ciphersuite configuration API, and

```
   mbedtls_ssl_conf_ciphersuites()
```

can be used for that. The version-specific ciphersuite
configuration API `mbedtls_ssl_conf_ciphersuites_for_version()`,
in turn, is no longer needed.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-04 12:20:10 +02:00
Manuel Pégourié-Gonnard
0c1a42a147
Merge pull request #4611 from gilles-peskine-arm/random-range-uniformity-3.0 
Fix non-uniform random generation in a range
 2021-06-04 10:43:15 +02:00
Manuel Pégourié-Gonnard
f9f9cc217c
Merge pull request #4579 from tom-daubney-arm/rm_ecdh_legacy_context_config_option 
Remove `MBEDTLS_ECDH_LEGACY_CONTEXT` config option
 2021-06-04 10:02:59 +02:00
Gilles Peskine
afb2bd2f22 Note that the byte order in mpi_fill_random_internal() is deliberate 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
405b091d9e Use MBEDTLS_MPI_CHK where warranted 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
ed32b576a4 New internal function mbedtls_mpi_resize_clear 
The idiom "resize an mpi to a given size" appeared 4 times. Unify it
in a single function. Guarantee that the value is set to 0, which is
required by some of the callers and not a significant expense where
not required.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
ceefe5d269 Lift function call out of inner loop 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
9077e435c6 Fix mistakes in test case descriptions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
87823d7913 Use ternary operator with the most common case first 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
c7eeeb1e8d Fix long-standing obsolete comment 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
e842e58f61 Correct some comments about ECC in mbedtls_mpi_random 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
3270b14d4b DHM: add test case with x_size < 0 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
19e36207ba DHM tests: add some explanations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
03299dcf5b DHM: add notes about leading zeros 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00
Gilles Peskine
ebe9b6a51d mpi_fill_random_internal: remove spurious grow() call 
Since the internal function mpi_fill_random_internal() assumes that X
has the right size, there is no need to call grow().

To further simplify the function, set the sign outside, and zero out
the non-randomized part directly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-03 18:10:04 +02:00