yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
16043 commits 1 branch 0 tags 94 MiB
Commit graph

6979 commits

Author SHA1 Message Date
Paul Elliott
ed08cf884a Add safety check to chachapoly finish 
Previous code checked that the buffer was big enough for the tag size
for the given algorithm, however chachapoly finish expects a 16 byte
buffer passed in, no matter what. If we start supporting smaller
chachapoly tags in the future, this could potentially end up in buffer
overflow, so add a safety check.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-22 18:52:20 +01:00
Paul Elliott
2fe5db87d5 Fix passing wrong tag size to GCM finish 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-22 18:52:20 +01:00
Paul Elliott
99f548d974 Fix format issues with check nonce size 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-22 18:52:20 +01:00
Paul Elliott
315628d91a Remove internal aead_verify endpoint 
The internal verify endpoint was only calling the finish endpoint to get
a tag to compare against the tag passed in. Moved this logic to the
driver wrapper (still allowing a driver to call verify if required) and
removed the internal implementation endpoint.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-21 18:51:23 +01:00
Paul Elliott
32925b9e5b Make sure unused parts of tag buffer are cleared 
We already did this on failure, but make sure the buffer does not leak
what was in it previously on success

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-21 18:51:23 +01:00
Paul Elliott
96b0173cec Add common nonce checking to oneshot encrypt 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-21 18:51:23 +01:00
Paul Elliott
a561444561 Add missing space 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-21 18:51:23 +01:00
Paul Elliott
ed68d7464d Move buffer size checks up to psa_crypto layer 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-24 20:40:47 +01:00
Paul Elliott
c2b7144da0 Simplify logic and factor out initial checks 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-24 20:40:47 +01:00
Paul Elliott
7f429b747b Remove code duplication and fix formatting 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-24 20:40:47 +01:00
Paul Elliott
a8940ed876 Fix documented error codes 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-24 20:40:47 +01:00
Paul Elliott
cf2d66e022 Remove permitting of 8 byte nonce with PolyChaCha 
Also unify nonce length checking

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-23 18:50:59 +01:00
Paul Elliott
95271f10c3 Call set_nonce direct rather than by wrapper 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-23 18:30:20 +01:00
Paul Elliott
d7ab9f1260 Move the setting of id in driver wrappers 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-23 09:58:05 +01:00
Paul Elliott
ad53dcc975 Move common final checks to function 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-23 08:51:29 +01:00
Paul Elliott
534d0b4484 Finish / Verify state checks 
Ensure finish only called when encrypting and verify only called for
decrypting, and add tests to ensure this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 22:14:48 +01:00
Paul Elliott
f88a565f18 Better tag size default for m-aead finish 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 22:14:48 +01:00
Paul Elliott
d89304ebb7 Fix formatting issues 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 22:14:48 +01:00
Paul Elliott
e4030f2cd1 Replace function with macro that already exists 
I wrote a function to determine the base algorithm given a variant,
however this is already implemented by
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 22:14:48 +01:00
Paul Elliott
7220cae93c Ensure generate nonce unavailable in decrypt 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 22:14:47 +01:00
Paul Elliott
8eb9dafda1 Add generate nonce test 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 16:31:09 +01:00
Paul Elliott
1c8de15490 Update documentation to tally with recent changes 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 16:31:09 +01:00
Paul Elliott
bc94978d8c Add missing unused arguments 
No algorithm defined case generally doesn't use the operation.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 16:31:09 +01:00
Paul Elliott
40ef3a9454 Fix state logic and return codes 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-01 17:17:58 +01:00
Paul Elliott
83f09ef056 Proper multipart AEAD GCM Implementation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-01 17:17:47 +01:00
Paul Elliott
b2ce2ed6d8 Merge remote-tracking branch 'upstream/development' into psa-m-aead 
Conflicts:
* None
 2021-06-01 17:13:19 +01:00
Gilles Peskine
9f5c34cc88
Merge pull request #4596 from gilles-peskine-arm/nist_kw-null_dereference-3.0 
Fix null pointer arithmetic in NIST_KW
 2021-06-01 16:40:19 +02:00
Gilles Peskine
89ee599092 Fix null pointer arithmetic in error case 
When mbedtls_nist_kw_wrap was called with output=NULL and out_size=0, it
performed arithmetic on the null pointer before detecting that the output
buffer is too small and returning an error code. This was unlikely to have
consequences on real-world hardware today, but it is undefined behavior and
UBSan with Clang 10 flagged it. So fix it (fix #4025).

Fix a similar-looking pattern in unwrap, though I haven't verified that it's
reachable there.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-01 11:22:56 +02:00
Manuel Pégourié-Gonnard
6d84e917bb
Merge pull request #4568 from creiter32/to_upstream/csr_critical_extensions 
Expose flag for critical extensions
 2021-05-31 12:46:59 +02:00
Ronald Cron
ea62d2f391
Merge pull request #4369 from hanno-arm/relax_psk_config 
Implement relaxed semantics for static PSK configuration in Mbed TLS 3.0
 2021-05-31 10:03:56 +02:00
Ronald Cron
f1eb425782
Merge pull request #4469 from xiaoxiang781216/padlock 
aes: Check aes_padlock_ace > 0 before calling padlock
 2021-05-28 11:06:40 +02:00
Ronald Cron
c44a1d522a
Merge pull request #4507 from Venafi/userid-oid 
Add OID for User ID
 2021-05-28 10:43:41 +02:00
Christoph Reiter
95273f4b07 Expose flag for critical extensions 
Enables creating X.509 CSRs with critical extensions.

Signed-off-by: Christoph Reiter <christoph.reiter@infineon.com>
 2021-05-27 14:27:43 +02:00
Ronald Cron
142c205ffc
Merge pull request #4513 from Patater/psa-without-genprime-fix 
psa: Support RSA signature without MBEDTLS_GENPRIME
 2021-05-27 14:19:24 +02:00
TRodziewicz
46cccb8f39 _SSL_DTLS_BADMAC_LIMIT config.h option removed 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-26 13:36:21 +02:00
Gilles Peskine
b7abba28e3
Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2 
Remove rsa mode params part 2
 2021-05-25 20:36:33 +02:00
Gilles Peskine
8a5304d446
Merge pull request #4553 from gilles-peskine-arm/aria_alt-3.0 
Fix ARIA_ALT header and self-test and CAMELLIA_ALT self-test
 2021-05-25 20:32:40 +02:00
Gilles Peskine
c537aa83f4 CAMELLIA: add missing context init/free 
This fixes the self-test with alternative implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-25 09:23:10 +02:00
Gilles Peskine
be89fea1a7 ARIA: add missing context init/free 
This fixes the self-test with alternative implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-25 09:23:10 +02:00
TRodziewicz
4ca18aae38 Corrections after the code review 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 13:38:00 +02:00
TRodziewicz
6370dbeb1d Remove the _SSL_FALLBACK_ parts 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:49:59 +02:00
TRodziewicz
2d8800e227 Small corrections in the comments 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:49:24 +02:00
TRodziewicz
b5850c5216 Correction of too restrictive ssl cli minor check 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:49:15 +02:00
TRodziewicz
ef73f01927 Removing strayed dtls1 after doing tests 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:49:04 +02:00
TRodziewicz
28126050f2 Removal of constants and functions and a new ChangeLog file 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:48:12 +02:00
TRodziewicz
0f82ec6740 Remove the TLS 1.0 and 1.1 support 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:45:20 +02:00
Paul Elliott
3a16e014f2 Ensure tag lengths match in verification 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Paul Elliott
f47b0957ab Set tag to 'impossible' value on failure to encrypt 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Paul Elliott
6eb959854b Improve state logic 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Paul Elliott
6981fbcf10 Remove unneccessary guard for key unlock 
Also make sure failure is not hidden by key unlock failure

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00