mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-29 08:34:19 +01:00
Merge remote-tracking branch 'upstream-restricted/pr/613' into mbedtls-2.16-restricted
This commit is contained in:
commit
3a930650c8
@ -2,6 +2,11 @@ mbed TLS ChangeLog (Sorted per branch, date)
|
||||
|
||||
= mbed TLS x.x.x branch released xxxx-xx-xx
|
||||
|
||||
Security
|
||||
* Fix a missing error detection in ECJPAKE. This could have caused a
|
||||
predictable shared secret if a hardware accelerator failed and the other
|
||||
side of the key exchange had a similar bug.
|
||||
|
||||
Bugfix
|
||||
* Fix to allow building test suites with any warning that detects unused
|
||||
functions. Fixes #1628.
|
||||
|
@ -226,7 +226,7 @@ static int ecjpake_hash( const mbedtls_md_info_t *md_info,
|
||||
p += id_len;
|
||||
|
||||
/* Compute hash */
|
||||
mbedtls_md( md_info, buf, p - buf, hash );
|
||||
MBEDTLS_MPI_CHK( mbedtls_md( md_info, buf, p - buf, hash ) );
|
||||
|
||||
/* Turn it into an integer mod n */
|
||||
MBEDTLS_MPI_CHK( mbedtls_mpi_read_binary( h, hash,
|
||||
|
@ -4,6 +4,9 @@ ecjpake_invalid_param:
|
||||
ECJPAKE selftest
|
||||
ecjpake_selftest:
|
||||
|
||||
ECJPAKE fail read corrupt MD
|
||||
read_bad_md:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb51620934d74eb43e54df424fd96306c0117bf131afabf90a9d33d1198d905193735144104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb12"
|
||||
|
||||
ECJPAKE round one: client, valid
|
||||
read_round_one:MBEDTLS_ECJPAKE_CLIENT:"41047ea6e3a4487037a9e0dbd79262b2cc273e779930fc18409ac5361c5fe669d702e147790aeb4ce7fd6575ab0f6c7fd1c335939aa863ba37ec91b7e32bb013bb2b410409f85b3d20ebd7885ce464c08d056d6428fe4dd9287aa365f131f4360ff386d846898bc4b41583c2a5197f65d78742746c12a5ec0a4ffe2f270a750a1d8fb51620934d74eb43e54df424fd96306c0117bf131afabf90a9d33d1198d905193735144104190a07700ffa4be6ae1d79ee0f06aeb544cd5addaabedf70f8623321332c54f355f0fbfec783ed359e5d0bf7377a0fc4ea7ace473c9c112b41ccd41ac56a56124104360a1cea33fce641156458e0a4eac219e96831e6aebc88b3f3752f93a0281d1bf1fb106051db9694a8d6e862a5ef1324a3d9e27894f1ee4f7c59199965a8dd4a2091847d2d22df3ee55faa2a3fb33fd2d1e055a07a7c61ecfb8d80ec00c2c9eb12":0
|
||||
|
||||
|
@ -236,6 +236,27 @@ void ecjpake_selftest( )
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
|
||||
void read_bad_md( data_t *msg )
|
||||
{
|
||||
mbedtls_ecjpake_context corrupt_ctx;
|
||||
const unsigned char * pw = NULL;
|
||||
const size_t pw_len = 0;
|
||||
int any_role = MBEDTLS_ECJPAKE_CLIENT;
|
||||
|
||||
mbedtls_ecjpake_init( &corrupt_ctx );
|
||||
TEST_ASSERT( mbedtls_ecjpake_setup( &corrupt_ctx, any_role,
|
||||
MBEDTLS_MD_SHA256, MBEDTLS_ECP_DP_SECP256R1, pw, pw_len ) == 0 );
|
||||
corrupt_ctx.md_info = NULL;
|
||||
|
||||
TEST_ASSERT( mbedtls_ecjpake_read_round_one( &corrupt_ctx, msg->x,
|
||||
msg->len ) == MBEDTLS_ERR_MD_BAD_INPUT_DATA );
|
||||
|
||||
exit:
|
||||
mbedtls_ecjpake_free( &corrupt_ctx );
|
||||
}
|
||||
/* END_CASE */
|
||||
|
||||
/* BEGIN_CASE depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED:MBEDTLS_SHA256_C */
|
||||
void read_round_one( int role, data_t * msg, int ref_ret )
|
||||
{
|
||||
|
Loading…
Reference in New Issue
Block a user