yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-11-23 20:45:44 +01:00
Code Issues Packages Projects Releases Wiki Activity
10,772 Commits 88 Branches 205 Tags 69 MiB
adbec81cc4
Commit Graph

10772 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
f9fbc38e66 Declare key id 0 as invalid 
In keeping with other integral types, declare 0 to be an invalid key
identifier.

Documented, implemented and tested.
 2019-05-15 18:42:09 +02:00
Ron Eldor
51c4507b9c Remove unneeded whitespaces 
Delete extra whitespace in Changelog and in paramter alignment.
 2019-05-15 17:49:54 +03:00
Ron Eldor
801faf0fa1 Fix mingw CI failures 
Change `%z` formatting of `size_t` to `%u` and casting to unsigned.
 2019-05-15 17:45:24 +03:00
Ron Eldor
6b9b1b88fb Initialize psa_crypto in ssl test 
Call `psa_crypto_init()` in `tls_prf` ssl test in case
`MBEDTLS_USE_PSA_CRYPTO` is defined since tls_prf may use psa crypto.
 2019-05-15 17:04:33 +03:00
Ron Eldor
dbbd96652c Check that SAN is not malformed when parsing 
Add a call to `mbedtls_x509_parse_subject_alt_name()` during
certificate parsing, to verify the certificate is not malformed.
 2019-05-15 15:46:03 +03:00
Ron Eldor
c8b5f3f520 Documentation fixes 
Rephrase documentation of the SAN to make it clearer.
 2019-05-15 15:15:55 +03:00
Ron Eldor
2e06a9fb24 Fix ChangeLog entry 
Move the ChangeLog entries to correct location, and
mention sppecifically the support for hardware module name othername.
 2019-05-15 15:14:46 +03:00
Ron Eldor
d2f25f7ea8 Fix missing tls version test failures 
Add checks for tls_prf tests with the relevant tls version configuration.
 2019-05-15 14:54:22 +03:00
Ron Eldor
0810f0babd Fix typo 
Fix typo `returnn` -> `return`
 2019-05-15 13:58:13 +03:00
Ron Eldor
aa947f1cef Fix ChangeLog entry location 
Move the ChangeLog entries to correct section, as it was in an
already released section, due to rebase error.
 2019-05-15 13:58:13 +03:00
Ron Eldor
780d8158f7 Add changeLog entry 
Add changeLog entry describing the new `mbedtls_ssl_tls_prf()` API.
 2019-05-15 13:57:39 +03:00
Ron Eldor
f75e252909 Add test for export keys functionality 
Add test in `ssl-opts.sh` that the export keys callback
is actually called.
 2019-05-15 13:57:39 +03:00
Ron Eldor
cf28009839 Add function to retrieve the tls_prf type 
Add `tls_prf_get_type()` static function that returns the
`mbedtls_tls_prf_types` according to the used `tls_prf` function.
 2019-05-15 13:57:39 +03:00
Ron Eldor
824ad7b351 Add tests for the public tls_prf API 
Add tests for `mbedtls_ssl_tls_prf` wiht and without
the function types dependencies.
 2019-05-15 13:57:39 +03:00
Ron Eldor
51d3ab544f Add public API for tls_prf 
Add a public API for key derivation, introducing an enum for `tls_prf`
type.
 2019-05-15 13:53:02 +03:00
Ron Eldor
b7fd64ce2b Add eap-tls key derivation in the examples. 
Add support for eap-tls key derivation functionality,
in `ssl_client2` and `ssl_server2` reference applications.
 2019-05-15 13:41:42 +03:00
Ron Eldor
c4d3ef4721 Add ChangeLog entry 
Add ChangeLog entry describing the new key export feature.
 2019-05-15 13:38:39 +03:00
Ron Eldor
f5cc10d93b Add an extra key export function 
Add an additional function `mbedtls_ssl_export_keys_ext_t()`
for exporting key, that adds additional information such as
the used `tls_prf` and the random bytes.
 2019-05-15 13:38:39 +03:00
Ron Eldor
3b350856ff Have the temporary buffer allocated dynamically 
Change `tmp` buffer to be dynamically allocated, as it is now
dependent on external label given as input, in `tls_prf_generic()`.
 2019-05-15 13:38:39 +03:00
Ron Eldor
a9f9a73920 Zeroize secret data in the exit point 
Zeroize the secret data in `mbedtls_ssl_derive_keys()`
in the single exit point.
 2019-05-15 13:38:39 +03:00
Ron Eldor
e699270908 Add a single exit point in key derivation function 
Add a single exit point in `mbedtls_ssl_derive_keys()`.
 2019-05-15 13:38:39 +03:00
Ron Eldor
8b0c3c91e6 Fail in case critical crt policy not supported 
In case the certificate policy is not of type `AnyPolicy`
set the returned error code to `MBEDTLS_ERR_X509_FEATURE_UNAVAILABLE`
and continue parsing. If the extension is critical, return error anyway,
unless `MBEDTLS_X509_ALLOW_UNSUPPORTED_CRITICAL_EXTENSION` is configured.
Fail parsing on any other error.
 2019-05-15 12:20:00 +03:00
Ron Eldor
cc45cd177f Update SAN parsing documentation 
1) Fix typo in `mbedtls_x509_parse_subject_alt_name()` documentation.
2) Add a not in `mbedtls_x509_parse_subject_alt_name()` documentation,
stating that the lifetime of the target structure is restricted
by the lifetime ofthe parsed certificate.
 2019-05-15 10:20:09 +03:00
Gilles Peskine
d6a8f5f1b5 Improve description of PSA_KEY_USAGE_COPY 
Be more clear about when EXPORT is also required.
 2019-05-14 16:25:50 +02:00
Gilles Peskine
ac99e32b79 Documentation improvements 2019-05-14 16:11:07 +02:00
Gilles Peskine
003a4a97d3 Use PSA_AEAD_{ENCRYPT,DECRYPT}_OUTPUT_SIZE in tests 2019-05-14 16:11:07 +02:00
Gilles Peskine
36d477de44 Fix copypasta in PSA_AEAD_DECRYPT_OUTPUT_SIZE 2019-05-14 16:11:07 +02:00
Gilles Peskine
248010caa0 Fix calculation in PSA_AEAD_UPDATE_OUTPUT_SIZE 2019-05-14 16:11:07 +02:00
Gilles Peskine
c160d9ec83 psa_copy_key: enforce PSA_KEY_USAGE_COPY 
Implement the check and add a negative test.
 2019-05-14 14:32:03 +02:00
Gilles Peskine
f9f4a4849c Update psa_copy_key tests to use PSA_KEY_USAGE_COPY 
Pass the new flag to the existing tests and add a few more test cases
to explore more variations of flag sets.
 2019-05-14 14:24:49 +02:00
Gilles Peskine
8e0206aa26 New usage flag PSA_KEY_USAGE_COPY 
Document the new flag and allow its use.
 2019-05-14 14:24:28 +02:00
Gilles Peskine
4318dfc8ec psa_export_key, psa_export_public_key: document the EXPORT flag 2019-05-14 14:23:32 +02:00
Jaeden Amero
81f9539037
Merge pull request #105 from ARMmbed/test-link-seedfile-02 
Add a link to the seedfile for out-of-tree cmake builds
 2019-05-14 08:42:46 +01:00
Ron Eldor
f05f594acb change the type of hardware_module_name member 
Change the type of `hardware_module_name` struct from
`mbedtls_x509_name` to a unique struct, to distinguish it from the
named data type.
 2019-05-13 19:23:08 +03:00
Ron Eldor
890819a597 Change mbedtls_x509_subject_alternative_name 
Make `mbedtls_x509_subject_alternative_name` to be a single item
rather than a list. Adapt the subject alternative name parsing function,
to receive a signle `mbedtls_x509_buf` item from the subject_alt_names
sequence of the certificate.
 2019-05-13 19:23:07 +03:00
Ron Eldor
0806379e3e Add length checking in certificate policy parsing 
Change the extension parsing to `policy_end` and verify that
the policy and qualifiers length don't exceed the end of the extension.
 2019-05-13 16:38:39 +03:00
Ron Eldor
78c3040347 Rephrase x509_crt extension member description 
Rephrase doxygen comments for subject alternative name
and certificate policies.
 2019-05-13 15:49:53 +03:00
Ron Eldor
26cfd1361d Rephrase changeLog entries 
Rephrase the changeLog entries for clarity and capitalize RFC.
 2019-05-13 15:48:38 +03:00
Jaeden Amero
1fe90fab30
Merge pull request #101 from gilles-peskine-arm/psa-key_attributes-verify_attributes 
Check unused attributes in import and copy
 2019-05-13 11:48:40 +01:00
Janos Follath
293c3dae6d Remove redundant memset() 
The preceding calloc() already zeroizes that memory area, therfore the
memset() is not necessary. Compilers are likely to optimize this out,
but it still can be confusing to readers.
 2019-05-10 15:53:03 +01:00
Janos Follath
6c379b4b80 Propogate error when parsing SubjectAltNames 
The previous behaviour of mbedtls_x509_parse_subject_alternative_name()
was to silently ignore errors coming from x509_get_other_name(). The
current commit fixes it and returns with an error.
 2019-05-10 14:17:16 +01:00
Janos Follath
2f0ec1e3bf Tidy up style in x509_info_subject_alt_name 2019-05-10 11:06:31 +01:00
Janos Follath
22f605fbab Print unparseable SubjectAlternativeNames 
In x509_info_subject_alt_name() we silently dropped names that we
couldn't parse because they are not supported or are malformed. (Being
malformed might mean damaged file, but can be a sign of incompatibility
between applications.)

This commit adds code notifying the user that there is something, but
we can't parse it.
 2019-05-10 10:57:44 +01:00
Janos Follath
ab23cd1eae Remove unneeded checks from x509_get_other_name 
Lengths are aleady checked in mbedtls_asn1_get_len() which is called in
mbedtls_asn1_get_tag(), therefore it is not necessary to check
the lengths explicitly afterwards.

Also with the previous flow data was left in the output buffer on some
errors.
 2019-05-09 15:05:30 +01:00
Darryl Green
d2dba36f44 Only use submodule if present 
Enabling the USE_CRYPTO_SUBMODULE option causes problems if the
crypto submodule isn't present. For example, when building
mbed-crypto as a submodule, it should use error.c from the parent
project if USE_CRYPTO_SUBMODULE is set. However if the parent
project isn't present, then the build will fail. Only enable it
if the submodule actually exists.
 2019-05-09 13:17:53 +01:00
Janos Follath
11b41eb12b Fix typos in x509_crt.h 2019-05-08 15:30:33 +01:00
Janos Follath
5091bec3ea Fix doxygen for new x509 structures 
The documentation for some new structures and members was only a C style
comment and wasn't picked up by doxygen. This commit adds the missing
asterisks.
 2019-05-08 15:23:08 +01:00
Ron Eldor
3c4734a2a5 Add Wisun Fan device certificate 
Add certificate with Wisun fan device extended key usage,
support parsing it and add tests.
 2019-05-07 17:06:47 +03:00
Ron Eldor
226991e624 Add ChangeLog entry for new extensions change 
Add an entry for the new x509 extension parsing support.
 2019-05-07 17:05:45 +03:00
Ron Eldor
74d9acc144 Add support for certificate policies extension 
Add support for certificate policies, as defined in rfc 5280.
Currently support only `anyPolicy` policy.
 2019-05-07 17:05:45 +03:00