mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-15 01:20:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,133 Commits 172 Branches 263 Tags
Commit Graph

6452 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
b59bf585ac
Merge pull request #1247 from gilles-peskine-arm/ecdsa-conversion-overflow 
Fix stack buffer overflow in ECDSA signature format conversions
 2024-07-31 12:39:32 +02:00
Waleed Elmelegy
bc5877786b Merge branch 'development' into development-restricted 2024-07-08 14:22:09 +01:00
Gilles Peskine
c971d80faa
Merge pull request #9315 from gilles-peskine-arm/psa_cipher_decrypt-ccm_star-iv_length_enforcement 
psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes
 2024-07-04 14:39:25 +00:00
Ronald Cron
cd906958df
Merge pull request #9214 from eleuzi01/replace-mbedtls-md-can-sha3-512 
Replace MBEDTLS_MD_CAN_SHA3_512 with PSA_WANT_ALG_SHA3_512
 2024-07-04 13:31:47 +00:00
Elena Uziunaite
e8cd45ca65 Replace MBEDTLS_MD_CAN_SHA3_512 with PSA_WANT_ALG_SHA3_512 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-04 11:39:46 +01:00
Ronald Cron
2cf41a273e
Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384 
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
 2024-07-04 08:56:52 +00:00
Tom Cosgrove
97e0028781
Merge pull request #9345 from valeriosetti/fix-coverity 
tests_suite_debug: fix psa initialization
 2024-07-04 08:52:41 +00:00
Ronald Cron
45aa4d50de
Merge pull request #9125 from eleuzi01/replace-mbedtls-md-can-ripemd160 
Replace MBEDTLS_MD_CAN_RIPEMD160 with PSA_WANT_ALG_RIPEMD160
 2024-07-04 08:38:40 +00:00
Valerio Setti
3a994b7dbe tests_suite_debug: fix psa initialization 
Since MD_OR_USE_PSA_INIT() can fail and jump to the "exit"
label it should be placed after all initializations has been
done. This issue was discovered by Coverity testing.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-07-03 16:58:10 +02:00
Gilles Peskine
4a17523e48
Merge pull request #9170 from eleuzi01/replace-mbedtls-md-can-sha224 
Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224
 2024-07-03 14:42:08 +00:00
Gilles Peskine
94f07689d6
Merge pull request #9082 from andre-rosa/check-overflow-when-reading-padding-len-on-aes-128-cbc-decryption 
Add invalid `padding_len` check in `get_pkcs_padding`
 2024-07-03 14:41:06 +00:00
Ronald Cron
5e3c529614
Merge pull request #9172 from gilles-peskine-arm/test_suite_config-booleans 
Report configuration settings in the outcome file
 2024-07-03 13:09:07 +00:00
Elena Uziunaite
b476d4bf21 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-03 10:20:41 +01:00
Valerio Setti
8473390bbb tests: fix guards in test suites to allow testing with PSASIM 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-07-02 15:45:55 +02:00
Gilles Peskine
1b22dd8765 Merge remote-tracking branch 'dev' into test_suite_config-booleans 
Reconcile the framework submodule heads to the latest one.
 2024-07-02 14:24:27 +02:00
Elena Uziunaite
fcc9afaf9d Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-02 11:08:04 +01:00
Elena Uziunaite
66ea31ccd0 Clean up constant-flow memsan testing 
Disable asm in memsan constant-flow testing and adjust
test_suit_bignum_core.function accordingly

Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-06-28 14:54:09 +01:00
Gilles Peskine
db81d7efb0 More diversified sizes in tests 
Test the minimum size that caused an overflow in all configurations,
and also a mostly arbitrary larger size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-27 10:47:47 +02:00
Gilles Peskine
6bba0a8355 Fix stack buffer overflow in ECDSA signature format conversions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-27 08:55:56 +02:00
Gilles Peskine
7b6ddfcd25 psa_cipher_decrypt CCM*: fix rejection of messages shorter than 3 bytes 
Credit to Cryptofuzz. Fixes #9314.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-26 13:16:33 +02:00
Waleed Elmelegy
7ac7f82053 Change mpi_core_exp_mod() constant time testing to be clearer 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-06-25 09:51:37 +00:00
Waleed Elmelegy
7b3024e791 Change mbedtls_mpi_core_exp_mod to constant time 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-06-25 09:51:37 +00:00
Waleed Elmelegy
80ab4f3886 change montmul constant time testing to be clearer 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-06-24 13:31:15 +00:00
Elena Uziunaite
1b6fb219e9 Replace MBEDTLS_MD_CAN_RIPEMD160 with PSA_WANT_ALG_RIPEMD160 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-06-20 16:35:29 +01:00
Gilles Peskine
ada30fe650 New test suite to report configuration options 
Add a test suite intended to report configuration options in the outcome
file: we're only interested in SKIP vs PASS.

Add a few test cases for some interesting combinations of options. The
selection here is just for illustration purposes, more will be added later.

A subsequent commit will automatically generate test cases for single options.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-20 17:10:24 +02:00
Waleed Elmelegy
122ae06ca9 Add constant time tests to mbedtls_mpi_core_montmul() 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-06-14 15:00:05 +00:00
Elena Uziunaite
118d040544 Code style fix 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-06-13 15:12:02 +01:00
Elena Uziunaite
7e47fdb184 Fix compiler warnings in test_suite_pk.function 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-06-13 10:36:37 +01:00
Manuel Pégourié-Gonnard
fe9129d14d
Merge pull request #1239 from Mbed-TLS/change-mpi-mla-to-constant-time 
Change mbedtls_mpi_core_mla() to be constant time
 2024-06-12 09:53:57 +02:00
Bence Szépkúti
c085cc767d
Merge pull request #9200 from davidhorstmann-arm/move-test-generation-files 
Move test generation files to framework
 2024-06-04 09:23:17 +00:00
David Horstmann
f6f3bcae43 Update file paths for moved files 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-05-31 15:49:02 +01:00
Gilles Peskine
d961929615
Merge pull request #9155 from ttytm/fix-typo 
fix typo
 2024-05-30 17:24:55 +00:00
Waleed Elmelegy
473dea26a6 Remove unnecessary testing and documentation 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-05-28 11:15:21 +00:00
Waleed Elmelegy
77bd479825 Change mbedtls_mpi_core_mla() to be constant time 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-05-23 00:22:44 +00:00
Waleed Elmelegy
e27738308c Merge mbedtls_mpi_core_sub() constant time testing and functional testing 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-05-21 16:05:52 +00:00
Turiiya
27098b458b fix typo 
Signed-off-by: Turiiya <34311583+ttytm@users.noreply.github.com>
 2024-05-18 18:08:12 +02:00
Ronald Cron
1f95ede98c Fix "maybe-uninitialized" warning with GCC 11.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-05-16 08:12:03 +02:00
Waleed Elmelegy
3235165e07 Change mpi_core_check_sub to be constant time 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-05-13 13:47:04 +00:00
Manuel Pégourié-Gonnard
0e7aaae1fd
Merge pull request #9017 from valeriosetti/issue9010 
Improve generate_test_keys.py
 2024-05-07 11:59:54 +00:00
Andre Goddard Rosa
043aa9e2a2 Add check ensuring output is set to the least-harmful value in error cases 
With the robustness fix:
`PASSED (125 suites, 26639 tests run)`

Without the robustness fix:
`FAILED (125 suites, 26639 tests run)`

Signed-off-by: Andre Goddard Rosa <andre.goddard@gmail.com>
Signed-off-by: Andre Goddard Rosa <agoddardrosa@roku.com>
 2024-05-02 09:51:49 -05:00
Manuel Pégourié-Gonnard
898066b851
Merge pull request #9049 from gilles-peskine-arm/test-dependencies-20240314-development 
Fix some test case dependencies (PEM_C)
 2024-05-02 08:00:25 +00:00
Valerio Setti
c21147efe7 test_suite_pk: use explicit key bit size instead of RSA_KEY_SIZE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-29 17:38:37 +02:00
Manuel Pégourié-Gonnard
024d3daa7d
Merge pull request #8986 from valeriosetti/issue8871 
Improve test key generation in test_suite_pk
 2024-04-29 09:25:37 +00:00
Gilles Peskine
cbb4507b44 Use large enough keys when testing parsing of non-word-aligned RSA sizes 
When PSA is available, we exercise the parsed RSA key with PKCS#1v1.5
signature, which requires the modulus size in bytes to be at least
tLen + 11 (per RFC 8017 §9.2) where tLen = hLen + oidLen + 6 and
hLen = 32, oidLen = 9 for SHA-512 or SHA3-512. 10 is the DER overhead
(3 ASN.1 type-length headers with lengths <128). Replace 512-bit test
cases (good enough for SHA-256 but not SHA-384 and up) by 768-bit and
up (good enough for SHA-512).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-24 16:28:00 +02:00
Gilles Peskine
1f4e0390bd Fix misspelled dependency: there is no MBEDTLS_PEM_C 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-22 17:24:45 +02:00
Gilles Peskine
6b3a9ee2d8 Allow PSA to not support RSA keys with non-byte-aligned sizes 
Work around https://github.com/Mbed-TLS/mbedtls/issues/9048

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-22 17:24:45 +02:00
Gilles Peskine
57a0b915fd Remove redundant dependency 
In the test data, remove a dependency that is already present on the function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-04-22 17:24:45 +02:00
Valerio Setti
36188219fc generate_test_keys: split group_id and key bitsize in the generated structure 
- group_id is only used for EC keys;
- key bitsize only for RSA.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-17 17:06:26 +02:00
Valerio Setti
40eaf120af test_suite_pk: fix some descriptions in data file 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-17 17:06:26 +02:00
Valerio Setti
37bc93cbeb test_suite_pk: fix guards for pk_psa_setup() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-17 05:25:40 +02:00