yuzu-emu/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-emu/mbedtls.git synced 2024-12-02 05:54:26 +01:00
Code Issues Packages Projects Releases Wiki Activity
6,167 Commits 88 Branches 205 Tags 69 MiB
d1b1788b40
Commit Graph

6167 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hanno Becker
56bae95e1d Improve style and documentation, fix typo 2017-09-29 15:43:49 +01:00
Hanno Becker
2fdffe0da0 Check exactly for the RSA context fields required in rsa_private 
Previously, the code was also checking for the presence of D for RSA-CRT, which
is not needed in this case.
 2017-09-29 15:28:49 +01:00
Gilles Peskine
26182edd0c Allow comments in test data files 2017-09-29 15:45:12 +02:00
Hanno Becker
4b2f691691 Doxygen: Use typewriter font for variables in rsa.h documentation 2017-09-29 13:36:54 +01:00
Hanno Becker
ed20361321 Increase readability of Doxygen output 
Multiple lists were not properly recognized as such.
 2017-09-29 13:34:25 +01:00
Hanno Becker
91c194dabb Add and document an RSA-specific error code for unsupported exports 
E.g., a private key on an external chip might not be exportable to RAM.
 2017-09-29 12:50:12 +01:00
Hanno Becker
bead71752e Correct typo in rsa.c 2017-09-29 12:41:06 +01:00
Hanno Becker
e1582a832b Add expectation when testing RSA key import/export 
This commit adds a flag to the RSA import/export tests indicating whether it is
expected that a full RSA keypair can be set up from the provided parameters.

Further, the tests of `mbedtls_rsa_import` and `mbedtls_rsa_import_raw` are
expanded to perform key checks and an example encryption-decryption.
 2017-09-29 11:54:05 +01:00
Hanno Becker
4d6e83406c Improve readability of test for mbedtls_rsa_import 2017-09-29 11:54:05 +01:00
Hanno Becker
5063cd2cca Deprecate direct manipulation of structure fields in RSA context 2017-09-29 11:54:05 +01:00
Hanno Becker
ba1ba11a98 Check that length is properly set in mbedtls_rsa_check_pubkey 2017-09-29 11:54:05 +01:00
Hanno Becker
2f8f06aa25 Don't always recompute context length in mbedtls_rsa_get_len 
This commit changes the implementation of `mbedtls_rsa_get_len` to return
`ctx->len` instead of always re-computing the modulus' byte-size via
`mbedtls_mpi_size`.
 2017-09-29 11:54:05 +01:00
Hanno Becker
54cfc585cd Add test cases for mbedtls_rsa_import[_raw] where N is missing 2017-09-29 11:54:05 +01:00
Hanno Becker
2cca6f3290 Always deduce N from P, Q in mbedtls_rsa_complete 
Previously, a parameter set of (-, P, Q, -, E) was completed, but (-, P, Q, D,
E) wasn't - this is odd.
 2017-09-29 11:54:05 +01:00
Hanno Becker
041a6b030f Adapt ChangeLog 2017-09-28 14:52:26 +01:00
Hanno Becker
a6f5539413 Adapt version_features.c to new config options 2017-09-28 13:10:46 +01:00
Hanno Becker
d5ba5effaa Add ASan build-and-test run for MBEDTLS_RSA_NO_CRT in all.sh 2017-09-28 13:10:44 +01:00
Hanno Becker
7c0f17d115 Add MBEDTLS_RSA_NO_CRT to options unaffected by config.pl full 
The effect of `config.pl full` on 'negative' options such as
`NO_PLATFORM_ENTROPY` is usually inverted, but `MBEDTLS_RSA_NO_CRT` was not
included in the list of such options. This commit adds it.
 2017-09-28 12:53:34 +01:00
Hanno Becker
a2f6b72cbb Add warnings regarding the use of DHM in general 2017-09-28 11:06:31 +01:00
Hanno Becker
e764324d96 Improve documentation in dhm.h 2017-09-28 11:06:31 +01:00
Hanno Becker
e71ad12cd5 Minor code-improvements in dhm.c 2017-09-28 11:06:31 +01:00
Hanno Becker
13be990114 Correct expectation in DHM test in ssl-opt.sh 
The previous test expected a DHM group generator of size 2048 bits, while with
the change to RFC 7919, the base is 2, so has bit-size 2.
 2017-09-28 11:06:31 +01:00
Hanno Becker
2c9f027e32 Don't require P,Q if CRT is not used 
Previously, verification used P,Q regardless of whether CRT was used in the
computation, but this has changed in the meantime.
 2017-09-28 11:04:13 +01:00
Hanno Becker
8d1dd1b5b9 Fix bug in mbedtls_mpi_exp_mod 
Calling `mbedtls_mpi_exp_mod` with a freshly initialized exponent MPI `N`,
i.e. `N.p == NULL`, would lead to a null-pointer dereference.
 2017-09-28 11:02:24 +01:00
Hanno Becker
4c72b000cb Add const-qualifiers to prime constants 2017-09-27 16:06:37 +01:00
Hanno Becker
b1d4d1fa6e Add description of how the primes from RFC 3526/7919 were generated 2017-09-27 12:43:57 +01:00
Hanno Becker
8c8b0ab877 Change default Diffie-Hellman parameters from RFC 5114 to RFC 7919 
The origin of the primes in RFC 5114 is undocumented and their use therefore
constitutes a security risk.
 2017-09-27 12:43:57 +01:00
Hanno Becker
b2bad800e4 Introduce Diffie-Hellman parameters from RFC 7919 2017-09-27 12:43:55 +01:00
Hanno Becker
0e6dc84f3e Deprecate Diffie-Hellman groups from RFC 5114 
Also, change the way the standardized Diffie-Hellman groups are provided from
macro-based string-literals to global variables.
 2017-09-27 11:48:02 +01:00
Hanno Becker
cc56628117 Don't use all_final as a target in tests/data_files/Makefile 
The `neat` target in that Makefile assumes all_final to be a concatenation of
file names.
 2017-09-26 16:21:19 +01:00
Ron Eldor
2f73c9342f Fix Changelog notation 
Remove backticks, since ChangeLog is not in MarkDown
 2017-09-26 15:06:56 +03:00
Ron Eldor
8b766218a8 Update ChangeLog 
Update ChangeLog according to Andres seggestion
 2017-09-24 15:44:56 +03:00
Ron Eldor
2981a0a740 Address Andres PR comments 
Address Andres' comments in the PR
 2017-09-24 15:41:09 +03:00
Jaeden Amero
1526330931 Allow alternate implementation of GCM 
Provide the ability to use an alternative implementation of GCM in place
of the library-provided implementation.
 2017-09-22 17:42:44 +01:00
Hanno Becker
6428f8d78e Let ssl-opt.sh gracefully fail is SSL_MAX_CONTENT_LEN is not 16384 
Some tests in ssl-opt.sh require MBEDTLS_SSL_MAX_CONTENT_LEN to be set to its
default value of 16384 to succeed. While ideally such a dependency should not
exist, as a short-term remedy this commit adds a small check that will at least
lead to graceful exit if that assumption is violated.
 2017-09-22 16:58:50 +01:00
Hanno Becker
d8a6f7cfbe Clarify code-paths in x509write_csr and x509write_crt 2017-09-22 16:05:43 +01:00
Hanno Becker
a20e33ad59 Use X509 CRT version macros for version checks in x509write_crt_der 2017-09-22 15:40:01 +01:00
Hanno Becker
7f3652ddf1 Fix error code printing in cert_write 
Error codes can consume up to two bytes, but only one was printed so far.
 2017-09-22 15:39:02 +01:00
Hanno Becker
38eff43791 Use X509 CRT version macros in cert_write program 2017-09-22 15:38:20 +01:00
Hanno Becker
e1b1d0af8e Fix senseless comment 2017-09-22 15:35:16 +01:00
Janos Follath
1ad1c6d4e1 Fix typo 2017-09-21 12:05:30 +01:00
Janos Follath
b174c84a3b Refine dhm_check_range() fix Changelog entry 2017-09-21 12:05:14 +01:00
Janos Follath
aa325d7b7f DHM: Fix dhm_check_range() always returning 0 
Although the variable ret was initialised to an error, the
MBEDTLS_MPI_CHK macro was overwriting it. Therefore it ended up being
0 whenewer the bignum computation was successfull and stayed 0
independently of the actual check.
 2017-09-21 12:04:41 +01:00
Janos Follath
4b151fabb7 DHM: Add negative tests for parameter checking 
A bug in the dhm_check_range() function makes it pass even when the
parameters are not in the range. This commit adds tests for signalling
this problem as well as a couple of other negative tests.
 2017-09-21 12:03:06 +01:00
Hanno Becker
930025da6d Adapt ChangeLog 2017-09-18 16:12:28 +01:00
Florin
0b7b83fd91 Fixed SIGSEGV problem when writing with ssl_write_real a buffer that is over MBEDTLS_SSL_MAX_CONTENT_LEN bytes 
Signed-off-by: Florin <petriuc.florin@gmail.com>
 2017-09-18 16:11:42 +01:00
Hanno Becker
2b187c4d5f Correct typo 2017-09-18 16:11:42 +01:00
Hanno Becker
09930d1f01 Add expected number of fragments to 16384-byte packet tests 2017-09-18 16:11:42 +01:00
Hanno Becker
c526696c05 Add tests for messages beyond 16384 bytes to ssl-opt.sh 
This commit adds four tests to ssl-opt.sh testing the library's behavior when
`mbedtls_ssl_write` is called with messages beyond 16384 bytes. The combinations
tested are TLS vs. DTLS and MBEDTLS_SSL_MAX_FRAGMENT_LENGTH enabled vs. disabled.
 2017-09-18 16:11:42 +01:00
Hanno Becker
4aed27e469 Add missing test-dependencies for MBEDTLS_SSL_MAX_FRAGMENT_LENGTH 
The tests for the maximum fragment length extension were lacking a dependency on
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH being set in the config.
 2017-09-18 16:11:42 +01:00