TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-02 08:12:14 +02:00
Code Issues Packages Projects Releases Wiki Activity
27,319 Commits 179 Branches 280 Tags
e614129895c8f3d27db24cc5ee72ceb72c0e0e7f
Commit Graph

9758 Commits

Author SHA1 Message Date
Gilles Peskine
7f420faf03 parse_attribute_value_hex_der_encoded: clean up length validation 
Separate the fits-in-buffer check (*data_length <= data_size) from the
we-think-it's-a-sensible-size check (*data_length <=
MBEDTLS_X509_MAX_DN_NAME_SIZE).

This requires using an intermediate buffer for the DER data, since its
maximum sensible size has to be larger than the maximum sensible size for
the payload, due to the overhead of the ASN.1 tag+length.

Remove test cases focusing on the DER length since the implementation no
longer has a threshold for it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
26dd764dc3 parse_attribute_value_hex_der_encoded test case fixups 
Fix the expected output in some test cases.

Add a few more test cases to exercise both a payload length around 256 bytes
and a DER length around 256 bytes, since both are placed in a 256-byte
buffer (value of MBEDTLS_X509_MAX_DN_NAME_SIZE).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
c94500b56b Add may-fail mode to mbedtls_x509_string_to_names output tests 
Due to differing validations amongst X.509 library functions, there are
inputs that mbedtls_x509_string_to_names() accepts, but it produces output
that some library functions can't parse. Accept this for now. Do call the
functions, even when we don't care about their return code: we're ok with
returning errors, but not with e.g. a buffer overflow.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
aa01a038b5 Fix indentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
70a93407ce More test cases for parse_attribute_value_der_encoded 
In particular, "X509 String to Names: long hexstring (DER=258 bytes, too long)"
causes a buffer overflow in parse_attribute_value_der_encoded().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Gilles Peskine
1c7223bda2 Use modern test macros for ease of debugging 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-25 19:59:31 +02:00
Dave Rodgman
6da7872aa2 Merge pull request #1083 from gilles-peskine-arm/development-restricted-merge-20230925 
Merge development into development-restricted
 2023-09-25 18:16:01 +01:00
Gilles Peskine
ffe590d197 Merge pull request #1058 from waleed-elmelegy-arm/check-set_padding-is-called 
Check set_padding has been called in mbedtls_cipher_finish
 2023-09-25 17:12:36 +02:00
Gilles Peskine
ca1e605b9c Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925 
Conflicts:
* `include/mbedtls/build_info.h`: a new fragment to auto-enable
  `MBEDTLS_CIPHER_PADDING_PKCS7` was added in
  c9f4040f7f in `development-restricted`.
  In `development`, this section of the file has moved to
  `include/mbedtls/config_adjust_legacy_crypto.h`.
* `library/bignum.c`: function name change in `development-restricted` vs
  comment change in development. The comment change in `development` is not
  really relevant, so just take the line from `development-restricted`.
 2023-09-25 16:16:26 +02:00
Dave Rodgman
025bed9eb7 Merge pull request #1076 from daverodgman/more-ct 
Use CT module more consistently
 2023-09-25 11:50:10 +01:00
Manuel Pégourié-Gonnard
4fe1e8762d Fix SHA-3 dependencies in test_suite_md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-25 10:05:23 +02:00
Manuel Pégourié-Gonnard
e47c53eeab Fix SHA-3 in accel tests that need it 
Components that accelerate an algorithm that uses hashing internally
(such as deterministic ECDSA and RSA-PSS) need the hash algorithms
available in libtestdriver1.

Previously, the omission of SHA-3 in
tests/include/test/drivers/crypto_config_test_driver_extension.h meant
it was enabled in libtestdriver1 when not requesting its acceleration,
and disabled when requesting it. Adding it in a previous commit fixed
the components that asked it accelerated, but broke the component that
didn't ask for it but still needed it.

Fix those components by explicitly requesting SHA-3 as we already do for
the other hash algorithms that are require for the same reason.

Note: this broke test_suite_psa_crypto_storage_format.v0 which is
apparently the only place exercising signatures with SHA-3.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-24 09:48:47 +02:00
Manuel Pégourié-Gonnard
f4ceb16813 Fix dependencies for SHA-3 MD dispatch tests 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-24 09:48:46 +02:00
Manuel Pégourié-Gonnard
cc21ad441a Add SHA-3 support to libtestdriver1 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-24 09:48:45 +02:00
Gilles Peskine
ae3cda9541 Merge pull request #8092 from silabs-Kusumit/PBKDF2_output_key 
PBKDF2: test output_key
 2023-09-22 18:01:06 +00:00
Gilles Peskine
18e1d11cfe Merge pull request #1049 from waleed-elmelegy-arm/Switch-pkparse-to-mbedtls_pkcs5_pbe2_ext 
Switch pkparse to use new pkcs5/12 pbe functions
 2023-09-22 18:06:50 +02:00
Dave Rodgman
9fc868012c Fix test error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 10:56:13 +01:00
Gilles Peskine
193f94276e Merge pull request #1071 from gilles-peskine-arm/ssl_decrypt_stream_short_buffer 
Fix buffer overread in mbedtls_ssl_decrypt_buf with stream cipher
 2023-09-22 11:43:03 +02:00
Dave Rodgman
fbe74a9e51 Add mbedtls_ct_error_if, with tests 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-22 09:58:25 +01:00
Dave Rodgman
9d0869140b Remove tests for mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 21:54:08 +01:00
Dave Rodgman
f1915f623d Improve testing for mbedtls_ct_int_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 19:22:59 +01:00
Dave Rodgman
cc3c670670 Fix compiler cast warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 16:33:26 +01:00
Waleed Elmelegy
3643947a1e Add correct dependencies for AES-192/256 cipher tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 16:22:15 +01:00
Waleed Elmelegy
38202a2b18 Improve pkparse test dependencies and changelog 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 15:21:10 +01:00
Waleed Elmelegy
f4e665101d Add more tests to check setting padding mode 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 14:04:35 +01:00
Dave Rodgman
93b3228d42 Add tests for mbedtls_ct_error_if 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-21 13:50:51 +01:00
Waleed Elmelegy
556a0790f6 Fix code style in pkparse tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 09:19:56 +01:00
Waleed Elmelegy
9d4d8ebaf2 Add PKCS5/12 dependecies to pkparse tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-21 08:45:56 +01:00
Gilles Peskine
29d0bfba0d Rename option where concatenated with -D 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-20 23:11:33 +02:00
Waleed Elmelegy
15bcf38e88 Add test pkparse test dependencies 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 20:02:16 +01:00
Waleed Elmelegy
1db5cdaf57 Add tests to test pkcs8 parsing of encrypted keys 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:29:02 +01:00
Waleed Elmelegy
d527896b7e Switch pkparse to use new mbedtls_pkcs12_pbe_ext function 
Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
and deprecate mbedtls_pkcs12_pbe function.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:29:02 +01:00
Waleed Elmelegy
c9f4040f7f Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function 
Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function
and deprecate mbedtls_pkcs5_pbes2 function.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-20 19:28:28 +01:00
Manuel Pégourié-Gonnard
5edb942708 Merge pull request #8041 from mpg/tfm-p256m 
Test TF-M config with p256-m driver
 2023-09-20 16:09:56 +00:00
Paul Elliott
5382ba6987 Merge pull request #8230 from gilles-peskine-arm/test_tls1_2_ecjpake_compatibility-avoid-build-race 
Work around a race condition in parallel builds
 2023-09-20 15:53:04 +00:00
Gilles Peskine
edc8456e01 Work around a race condition in parallel builds 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-20 15:03:18 +02:00
Gilles Peskine
eda1b1f744 Merge pull request #7921 from valeriosetti/issue7613 
TLS: Clean up ECDSA dependencies
 2023-09-20 12:47:55 +00:00
Dave Rodgman
143f5f7c68 Add mbedtls_ct_bool_if and mbedtls_ct_bool_if_else_0 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 21:52:13 +01:00
Dave Rodgman
1cfc43c77b Rename mbedtls_ct_bool_xor to mbedtls_ct_bool_ne 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:39:33 +01:00
Dave Rodgman
986006e567 Make TEST_CALLOC_NONNULL more robust 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 18:30:25 +01:00
Dave Rodgman
6568f60358 Simplify mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:48:24 +01:00
Dave Rodgman
2c9f86b3b6 Add docs for mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:48:13 +01:00
Dave Rodgman
28bc1ab923 Use exact bounds for allocations in mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:34:57 +01:00
Dave Rodgman
a328635305 Introduce TEST_CALLOC_NONNULL 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:34:39 +01:00
Dave Rodgman
ba600b2fd9 Remove expected param from mbedtls_ct_memcmp_partial test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 17:26:13 +01:00
Waleed Elmelegy
071b69f47b Add correct dependency to DES3 test 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-19 11:24:49 +01:00
Dave Rodgman
771ac65b0c Add tests for mbedtls_ct_memcmp_partial 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-09-19 09:10:59 +01:00
Gilles Peskine
d2e004e401 Test mbedtls_ssl_decrypt_buf(): stream cipher, negative cases 
Test mbedtls_ssl_decrypt_buf() with a null cipher (the only type of stream
cipher we support). Test the good case (to make sure the test code
constructs the input correctly), test with an invalid MAC, and test with a
shortened input.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 19:07:50 +02:00
Waleed Elmelegy
6d2c5d5f5c Adjust cipher tests to new requirement of specifying padding mode 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-09-18 17:41:25 +01:00
Gilles Peskine
9099d3fd76 Refactoring: create mbedtls_test_ssl_prepare_record_mac() 
No semantic change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-18 17:21:15 +02:00