early-access version 1676

This commit is contained in:
pineappleEA 2021-05-12 16:01:52 +02:00
parent 97603cd694
commit 63199acc4d
46 changed files with 587 additions and 130 deletions

View file

@ -1,7 +1,7 @@
yuzu emulator early access
=============
This is the source code for early-access 1675.
This is the source code for early-access 1676.
## Legal Notice

View file

@ -157,6 +157,9 @@ if(CMAKE_COMPILER_IS_IAR)
endif(CMAKE_COMPILER_IS_IAR)
if(CMAKE_COMPILER_IS_MSVC)
# Compile with UTF-8 encoding (REMOVE THIS COMMIT ONCE A FIX IS DEPLOYED UPSTREAM)
add_compile_options(/utf-8)
# Strictest warnings, and treat as errors
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3")
set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX")

View file

@ -1,5 +1,52 @@
mbed TLS ChangeLog (Sorted per branch, date)
= mbed TLS 2.16.10 branch released 2021-03-12
Default behavior changes
* In mbedtls_rsa_context objects, the ver field was formerly documented
as always 0. It is now reserved for internal purposes and may take
different values.
Security
* Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating
|A| - |B| where |B| is larger than |A| and has more limbs (so the
function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only
applications calling mbedtls_mpi_sub_abs() directly are affected:
all calls inside the library were safe since this function is
only called with |A| >= |B|. Reported by Guido Vranken in #4042.
* Fix an errorneous estimation for an internal buffer in
mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd
value the function might fail to write a private RSA keys of the largest
supported size.
Found by Daniel Otte, reported in #4093 and fixed in #4094,
backported in #4100.
* Fix a stack buffer overflow with mbedtls_net_poll() and
mbedtls_net_recv_timeout() when given a file descriptor that is
beyond FD_SETSIZE. Reported by FigBug in #4169.
* Guard against strong local side channel attack against base64 tables by
making access aceess to them use constant flow code.
Bugfix
* Fix an incorrect error code if an RSA private operation glitched.
* Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C
is enabled, on platforms where initializing a mutex allocates resources.
This was a regression introduced in the previous release. Reported in
#4017, #4045 and #4071.
* Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free()
twice is safe. This happens for RSA when some Mbed TLS library functions
fail. Such a double-free was not safe when MBEDTLS_THREADING_C was
enabled on platforms where freeing a mutex twice is not safe.
* Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key()
when MBEDTLS_THREADING_C is enabled on platforms where initializing
a mutex allocates resources.
* This change makes 'mbedtls_x509write_crt_set_basic_constraints'
consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST
include this extension in all CA certificates that contain public keys
used to validate digital signatures on certificates and MUST mark the
extension as critical in such certificates." Previous to this change,
the extension was always marked as non-critical. This was fixed by
#4044.
= mbed TLS 2.16.9 branch released 2020-12-11
Security

View file

@ -0,0 +1,3 @@
Bugfix
* Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is
defined. Fixes #4217.

3
externals/mbedtls/ChangeLog.d/aescrypt2.txt vendored Executable file
View file

@ -0,0 +1,3 @@
Changes
* Remove the AES sample application programs/aes/aescrypt2 which shows
bad cryptographic practice. Fix #1906.

View file

@ -0,0 +1,5 @@
Bugfix
* Fix premature fopen() call in mbedtls_entropy_write_seed_file which may
lead to the seed file corruption in case if the path to the seed file is
equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor
Krasnoshchok in #3616.

View file

@ -0,0 +1,4 @@
Bugfix
* In a TLS client, enforce the Diffie-Hellman minimum parameter size
set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the
minimum size was rounded down to the nearest multiple of 8.

View file

@ -0,0 +1,2 @@
Changes
* Fix the setting of the read timeout in the DTLS sample programs.

View file

@ -0,0 +1,2 @@
Bugfix
* Fix an incorrect error code when parsing a PKCS#8 private key.

View file

@ -0,0 +1,3 @@
Bugfix
* mbedtls_mpi_read_string on "-0" produced an MPI object that was not treated
as equal to 0 in all cases. Fix it to produce the same object as "0".

View file

@ -124,11 +124,11 @@ endif
## Editor navigation files
C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function)
# Exuberant-ctags invocation. Other ctags implementations may require different options.
CTAGS = ctags --langmap=c:+.h.function -o
CTAGS = ctags --langmap=c:+.h.function --line-directives=no -o
tags: $(C_SOURCE_FILES)
$(CTAGS) $@ $(C_SOURCE_FILES)
TAGS: $(C_SOURCE_FILES)
etags -o $@ $(C_SOURCE_FILES)
etags --no-line-directive -o $@ $(C_SOURCE_FILES)
global: GPATH GRTAGS GSYMS GTAGS
GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES)
ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc

View file

@ -49,7 +49,7 @@
*/
/**
* @mainpage mbed TLS v2.16.9 source code documentation
* @mainpage mbed TLS v2.16.10 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in

View file

@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
PROJECT_NAME = "mbed TLS v2.16.9"
PROJECT_NAME = "mbed TLS v2.16.10"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or

View file

@ -65,16 +65,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 2
#define MBEDTLS_VERSION_MINOR 16
#define MBEDTLS_VERSION_PATCH 9
#define MBEDTLS_VERSION_PATCH 10
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
#define MBEDTLS_VERSION_NUMBER 0x02100900
#define MBEDTLS_VERSION_STRING "2.16.9"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.9"
#define MBEDTLS_VERSION_NUMBER 0x02100A00
#define MBEDTLS_VERSION_STRING "2.16.10"
#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.10"
#if defined(MBEDTLS_VERSION_C)

View file

@ -165,15 +165,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY)
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedcrypto SHARED ${src_crypto})
set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.9 SOVERSION 3)
set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.10 SOVERSION 3)
target_link_libraries(mbedcrypto ${libs})
add_library(mbedx509 SHARED ${src_x509})
set_target_properties(mbedx509 PROPERTIES VERSION 2.16.9 SOVERSION 0)
set_target_properties(mbedx509 PROPERTIES VERSION 2.16.10 SOVERSION 0)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
add_library(mbedtls SHARED ${src_tls})
set_target_properties(mbedtls PROPERTIES VERSION 2.16.9 SOVERSION 12)
set_target_properties(mbedtls PROPERTIES VERSION 2.16.10 SOVERSION 12)
target_link_libraries(mbedtls ${libs} mbedx509)
install(TARGETS mbedtls mbedx509 mbedcrypto

View file

@ -96,6 +96,99 @@ static const unsigned char base64_dec_map[128] =
#define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */
/*
* Constant flow conditional assignment to unsigned char
*/
static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsigned char * const src,
unsigned char condition )
{
/* MSVC has a warning about unary minus on unsigned integer types,
* but this is well-defined and precisely what we want to do here. */
#if defined(_MSC_VER)
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
/* Generate bitmask from condition, mask will either be 0xFF or 0 */
unsigned char mask = ( condition | -condition );
mask >>= 7;
mask = -mask;
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
*dest = ( ( *src ) & mask ) | ( ( *dest ) & ~mask );
}
/*
* Constant flow conditional assignment to uint_32
*/
static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src,
uint32_t condition )
{
/* MSVC has a warning about unary minus on unsigned integer types,
* but this is well-defined and precisely what we want to do here. */
#if defined(_MSC_VER)
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
/* Generate bitmask from condition, mask will either be 0xFFFFFFFF or 0 */
uint32_t mask = ( condition | -condition );
mask >>= 31;
mask = -mask;
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
*dest = ( src & mask ) | ( ( *dest ) & ~mask );
}
/*
* Constant flow check for equality
*/
static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b )
{
size_t difference = in_a ^ in_b;
/* MSVC has a warning about unary minus on unsigned integer types,
* but this is well-defined and precisely what we want to do here. */
#if defined(_MSC_VER)
#pragma warning( push )
#pragma warning( disable : 4146 )
#endif
difference |= -difference;
#if defined(_MSC_VER)
#pragma warning( pop )
#endif
/* cope with the varying size of size_t per platform */
difference >>= ( sizeof( difference ) * 8 - 1 );
return (unsigned char) ( 1 ^ difference );
}
/*
* Constant flow lookup into table.
*/
static unsigned char mbedtls_base64_table_lookup( const unsigned char * const table,
const size_t table_size, const size_t table_index )
{
size_t i;
unsigned char result = 0;
for( i = 0; i < table_size; ++i )
{
mbedtls_base64_cond_assign_uchar( &result, &table[i], mbedtls_base64_eq( i, table_index ) );
}
return result;
}
/*
* Encode a buffer into base64 format
*/
@ -136,10 +229,17 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
C2 = *src++;
C3 = *src++;
*p++ = base64_enc_map[(C1 >> 2) & 0x3F];
*p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
*p++ = base64_enc_map[(((C2 & 15) << 2) + (C3 >> 6)) & 0x3F];
*p++ = base64_enc_map[C3 & 0x3F];
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
( ( C1 >> 2 ) & 0x3F ) );
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) & 0x3F ) );
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
( C3 & 0x3F ) );
}
if( i < slen )
@ -147,11 +247,15 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen,
C1 = *src++;
C2 = ( ( i + 1 ) < slen ) ? *src++ : 0;
*p++ = base64_enc_map[(C1 >> 2) & 0x3F];
*p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F];
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
( ( C1 >> 2 ) & 0x3F ) );
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) );
if( ( i + 1 ) < slen )
*p++ = base64_enc_map[((C2 & 15) << 2) & 0x3F];
*p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ),
( ( ( C2 & 15 ) << 2 ) & 0x3F ) );
else *p++ = '=';
*p++ = '=';
@ -172,6 +276,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
size_t i, n;
uint32_t j, x;
unsigned char *p;
unsigned char dec_map_lookup;
/* First pass: check for validity and get output length */
for( i = n = j = 0; i < slen; i++ )
@ -202,10 +307,12 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
if( src[i] == '=' && ++j > 2 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if( src[i] > 127 || base64_dec_map[src[i]] == 127 )
dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), src[i] );
if( src[i] > 127 || dec_map_lookup == 127 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
if( base64_dec_map[src[i]] < 64 && j != 0 )
if( dec_map_lookup < 64 && j != 0 )
return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER );
n++;
@ -235,8 +342,10 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen,
if( *src == '\r' || *src == '\n' || *src == ' ' )
continue;
j -= ( base64_dec_map[*src] == 64 );
x = ( x << 6 ) | ( base64_dec_map[*src] & 0x3F );
dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), *src );
mbedtls_base64_cond_assign_uint32( &j, j - 1, mbedtls_base64_eq( dec_map_lookup, 64 ) );
x = ( x << 6 ) | ( dec_map_lookup & 0x3F );
if( ++n == 4 )
{

View file

@ -500,6 +500,7 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
{
int ret;
size_t i, j, slen, n;
int sign = 1;
mbedtls_mpi_uint d;
mbedtls_mpi T;
MPI_VALIDATE_RET( X != NULL );
@ -510,6 +511,12 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
mbedtls_mpi_init( &T );
if( s[0] == '-' )
{
++s;
sign = -1;
}
slen = strlen( s );
if( radix == 16 )
@ -524,12 +531,6 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
for( i = slen, j = 0; i > 0; i--, j++ )
{
if( i == 1 && s[i - 1] == '-' )
{
X->s = -1;
break;
}
MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) );
X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 );
}
@ -540,26 +541,15 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s )
for( i = 0; i < slen; i++ )
{
if( i == 0 && s[i] == '-' )
{
X->s = -1;
continue;
}
MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) );
MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) );
if( X->s == 1 )
{
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
}
else
{
MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( X, &T, d ) );
}
MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) );
}
}
if( sign < 0 && mbedtls_mpi_bitlen( X ) != 0 )
X->s = -1;
cleanup:
mbedtls_mpi_free( &T );

View file

@ -2505,7 +2505,7 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P
#if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT)
if( mbedtls_internal_ecp_grp_capable( grp ) )
return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng );
return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ) );
#endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */
p_size = ( grp->pbits + 7 ) / 8;

View file

@ -1048,13 +1048,13 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry )
/*
* If the result is negative, we get it in the form
* c * 2^(bits + 32) + N, with c negative and N positive shorter than 'bits'
* c * 2^bits + N, with c negative and N positive shorter than 'bits'
*/
static inline int fix_negative( mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits )
{
int ret;
/* C = - c * 2^(bits + 32) */
/* C = - c * 2^bits */
#if !defined(MBEDTLS_HAVE_INT64)
((void) bits);
#else

View file

@ -494,14 +494,20 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx )
int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path )
{
int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
FILE *f;
FILE *f = NULL;
unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE];
if( ( f = fopen( path, "wb" ) ) == NULL )
return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR );
if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 )
{
ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED;
goto exit;
}
if( ( f = fopen( path, "wb" ) ) == NULL )
{
ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR;
goto exit;
}
if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE )
{
@ -514,7 +520,9 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p
exit:
mbedtls_platform_zeroize( buf, sizeof( buf ) );
fclose( f );
if( f != NULL )
fclose( f );
return( ret );
}

View file

@ -1070,7 +1070,7 @@ static int pk_parse_key_pkcs8_unencrypted_der(
return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret );
if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, &params ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );
return( ret );
if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 )
return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret );

View file

@ -2209,6 +2209,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
unsigned char *end )
{
int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE;
size_t dhm_actual_bitlen;
/*
* Ephemeral DH parameters:
@ -2226,10 +2227,11 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl,
return( ret );
}
if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen )
dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P );
if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen )
{
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d",
ssl->handshake->dhm_ctx.len * 8,
MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %u < %u",
(unsigned) dhm_actual_bitlen,
ssl->conf->dhm_min_bitlen ) );
return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE );
}

View file

@ -2,7 +2,6 @@
*.sln
*.vcxproj
aes/aescrypt2
aes/crypt_and_hash
hash/generic_sum
hash/hello

View file

@ -47,7 +47,7 @@ ifdef ZLIB
LOCAL_LDFLAGS += -lz
endif
APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \
APPS = aes/crypt_and_hash$(EXEXT) \
hash/hello$(EXEXT) hash/generic_sum$(EXEXT) \
pkey/dh_client$(EXEXT) \
pkey/dh_genprime$(EXEXT) pkey/dh_server$(EXEXT) \
@ -93,10 +93,6 @@ all: $(APPS)
$(DEP):
$(MAKE) -C ../library
aes/aescrypt2$(EXEXT): aes/aescrypt2.c $(DEP)
echo " CC aes/aescrypt2.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/aescrypt2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@
aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP)
echo " CC aes/crypt_and_hash.c"
$(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@

View file

@ -5,9 +5,6 @@ This subdirectory mostly contains sample programs that illustrate specific featu
## Symmetric cryptography (AES) examples
* [`aes/aescrypt2.c`](aes/aescrypt2.c): file encryption and authentication with a key derived from a low-entropy secret, demonstrating the low-level AES interface, the digest interface and HMAC.
Warning: this program illustrates how to use low-level functions in the library. It should not be taken as an example of how to build a secure encryption mechanism. To derive a key from a low-entropy secret such as a password, use a standard key stretching mechanism such as PBKDF2 (provided by the `pkcs5` module). To encrypt and authenticate data, use a standard mode such as GCM or CCM (both available as library module).
* [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface.
## Hash (digest) examples

View file

@ -1,9 +1,6 @@
add_executable(aescrypt2 aescrypt2.c)
target_link_libraries(aescrypt2 mbedtls)
add_executable(crypt_and_hash crypt_and_hash.c)
target_link_libraries(crypt_and_hash mbedtls)
install(TARGETS aescrypt2 crypt_and_hash
install(TARGETS crypt_and_hash
DESTINATION "bin"
PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE)

View file

@ -218,6 +218,7 @@ int main( int argc, char *argv[] )
mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL );
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS );
if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 )
{

View file

@ -114,7 +114,7 @@ int main( void )
#include "mbedtls/ssl_cache.h"
#endif
#define READ_TIMEOUT_MS 10000 /* 5 seconds */
#define READ_TIMEOUT_MS 10000 /* 10 seconds */
#define DEBUG_LEVEL 0
@ -250,6 +250,7 @@ int main( void )
mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg );
mbedtls_ssl_conf_dbg( &conf, my_debug, stdout );
mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS );
#if defined(MBEDTLS_SSL_CACHE_C)
mbedtls_ssl_conf_session_cache( &conf, &cache,

View file

@ -101,6 +101,9 @@ STANDARD_CATEGORIES = (
b'Changes',
)
# The maximum line length for an entry
MAX_LINE_LENGTH = 80
CategoryContent = namedtuple('CategoryContent', [
'name', 'title_line', # Title text and line number of the title
'body', 'body_line', # Body text and starting line number of the body
@ -225,6 +228,8 @@ class ChangeLog:
# a version that is not yet released. Something like "3.1a" is accepted.
_version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+')
_incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]')
_only_url_re = re.compile(br'^\s*\w+://\S+\s*$')
_has_url_re = re.compile(br'.*://.*')
def add_categories_from_text(self, filename, line_offset,
text, allow_unknown_category):
@ -241,6 +246,21 @@ class ChangeLog:
line_offset + category.title_line,
'Unknown category: "{}"',
category.name.decode('utf8'))
body_split = category.body.splitlines()
for line_number, line in enumerate(body_split, 1):
if not self._only_url_re.match(line) and \
len(line) > MAX_LINE_LENGTH:
long_url_msg = '. URL exceeding length limit must be alone in its line.' \
if self._has_url_re.match(line) else ""
raise InputFormatError(filename,
category.body_line + line_number,
'Line is longer than allowed: '
'Length {} (Max {}){}',
len(line), MAX_LINE_LENGTH,
long_url_msg)
self.categories[category.name] += category.body
def __init__(self, input_stream, changelog_format):

View file

@ -66,8 +66,9 @@
#
# The baremetal configuration excludes options that require a library or
# operating system feature that is typically not present on bare metal
# systems. Features that are excluded from "full" won't be in "baremetal"
# either.
# systems. It also excludes debugging features that increase the code size
# of other modules.
# Features that are excluded from "full" won't be in "baremetal" either.
use warnings;
use strict;
@ -136,6 +137,7 @@ _ALT\s*$
# Things that should be disabled in "baremetal"
my @excluded_baremetal = qw(
MBEDTLS_DEBUG_C
MBEDTLS_ENTROPY_NV_SEED
MBEDTLS_FS_IO
MBEDTLS_HAVEGE_C
@ -147,6 +149,7 @@ MBEDTLS_NET_C
MBEDTLS_PLATFORM_FPRINTF_ALT
MBEDTLS_PLATFORM_NV_SEED_ALT
MBEDTLS_PLATFORM_TIME_ALT
MBEDTLS_TEST_HOOKS
MBEDTLS_THREADING_C
MBEDTLS_THREADING_PTHREAD
MBEDTLS_TIMING_C

View file

@ -1052,6 +1052,16 @@ cert_md5.crt: cert_md5.csr
$(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=MD5 version=3 output_file=$@
all_final += cert_md5.crt
################################################################
#### Diffie-Hellman parameters
################################################################
dh.998.pem:
$(OPENSSL) dhparam -out $@ -text 998
dh.999.pem:
$(OPENSSL) dhparam -out $@ -text 999
################################################################
#### Meta targets
################################################################

17
externals/mbedtls/tests/data_files/dh.998.pem vendored Executable file
View file

@ -0,0 +1,17 @@
DH Parameters: (998 bit)
prime:
39:5f:30:c0:7b:06:b7:6a:49:c6:c0:81:1f:39:77:
b3:35:e2:8d:66:fc:6a:6e:94:f3:df:97:f2:89:31:
6c:75:39:08:16:d1:a4:b8:0c:68:c5:63:21:61:eb:
48:2d:77:99:08:1d:67:38:37:0a:cd:cf:39:b6:3c:
9d:8a:e5:85:3c:71:e3:4b:3e:1e:b9:80:e3:cc:7a:
fd:84:05:b0:df:36:15:29:4e:3e:23:3b:c3:ae:6b:
c7:11:b9:64:43:40:75:c7:4a:ef:a7:2d:00:e2:62:
8f:93:78:96:8f:2c:25:8d:7d:1f:eb:5c:3c:bf:51:
de:f8:08:25:db
generator: 2 (0x2)
-----BEGIN DH PARAMETERS-----
MIGCAn05XzDAewa3aknGwIEfOXezNeKNZvxqbpTz35fyiTFsdTkIFtGkuAxoxWMh
YetILXeZCB1nODcKzc85tjydiuWFPHHjSz4euYDjzHr9hAWw3zYVKU4+IzvDrmvH
EblkQ0B1x0rvpy0A4mKPk3iWjywljX0f61w8v1He+Agl2wIBAg==
-----END DH PARAMETERS-----

17
externals/mbedtls/tests/data_files/dh.999.pem vendored Executable file
View file

@ -0,0 +1,17 @@
DH Parameters: (999 bit)
prime:
4f:b8:d2:d8:3c:b3:02:c9:64:f5:99:fe:61:cc:b3:
69:1c:ba:bb:a2:33:db:38:2f:85:87:b7:12:fb:69:
6e:a5:32:3e:ff:24:df:c4:61:07:0c:e1:88:72:fa:
14:d4:22:65:18:66:09:7e:43:35:c4:5a:62:f7:0a:
69:be:45:71:6e:ac:c5:56:d8:22:9e:c4:9c:23:2b:
bd:6d:3b:b6:02:4f:5d:12:a7:ac:90:b8:9e:be:93:
82:bc:09:7c:cd:e1:09:21:1e:3d:69:2a:76:41:00:
68:6d:b7:e8:e8:df:d6:1b:82:93:d9:21:4a:ea:71:
f2:e6:c4:94:03
generator: 2 (0x2)
-----BEGIN DH PARAMETERS-----
MIGCAn1PuNLYPLMCyWT1mf5hzLNpHLq7ojPbOC+Fh7cS+2lupTI+/yTfxGEHDOGI
cvoU1CJlGGYJfkM1xFpi9wppvkVxbqzFVtginsScIyu9bTu2Ak9dEqeskLievpOC
vAl8zeEJIR49aSp2QQBobbfo6N/WG4KT2SFK6nHy5sSUAwIBAg==
-----END DH PARAMETERS-----

View file

@ -55,11 +55,6 @@ EOF
exit
fi
if grep --version|head -n1|grep GNU >/dev/null; then :; else
echo "This script requires GNU grep.">&2
exit 1
fi
trace=
if [ $# -ne 0 ] && [ "$1" = "-v" ]; then
shift

View file

@ -130,8 +130,8 @@ print_usage() {
echo "Usage: $0 [options]"
printf " -h|--help\tPrint this help.\n"
printf " -m|--memcheck\tCheck memory leaks and errors.\n"
printf " -f|--filter\tOnly matching tests are executed (BRE)\n"
printf " -e|--exclude\tMatching tests are excluded (BRE)\n"
printf " -f|--filter\tOnly matching tests are executed (substring or BRE)\n"
printf " -e|--exclude\tMatching tests are excluded (substring or BRE)\n"
printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n"
printf " -s|--show-numbers\tShow test numbers in front of test names\n"
printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n"
@ -184,6 +184,14 @@ get_options() {
done
}
# Read boolean configuration options from config.h for easy and quick
# testing. Skip non-boolean options (with something other than spaces
# and a comment after "#define SYMBOL"). The variable contains a
# space-separated list of symbols.
CONFIGS_ENABLED=" $(<"$CONFIG_H" \
sed -n 's!^ *#define *\([A-Za-z][0-9A-Z_a-z]*\) *\(/*\)*!\1!p' |
tr '\n' ' ')"
# Skip next test; use this macro to skip tests which are legitimate
# in theory and expected to be re-introduced at some point, but
# aren't expected to succeed at the moment due to problems outside
@ -194,16 +202,17 @@ skip_next_test() {
# skip next test if the flag is not enabled in config.h
requires_config_enabled() {
if grep "^#define $1" $CONFIG_H > /dev/null; then :; else
SKIP_NEXT="YES"
fi
case $CONFIGS_ENABLED in
*" $1 "*) :;;
*) SKIP_NEXT="YES";;
esac
}
# skip next test if the flag is enabled in config.h
requires_config_disabled() {
if grep "^#define $1" $CONFIG_H > /dev/null; then
SKIP_NEXT="YES"
fi
case $CONFIGS_ENABLED in
*" $1 "*) SKIP_NEXT="YES";;
esac
}
get_config_value_or_default() {
@ -422,17 +431,21 @@ fail() {
# is_polar <cmd_line>
is_polar() {
echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null
case "$1" in
*ssl_client2*) true;;
*ssl_server2*) true;;
*) false;;
esac
}
# openssl s_server doesn't have -www with DTLS
check_osrv_dtls() {
if echo "$SRV_CMD" | grep 's_server.*-dtls' >/dev/null; then
NEEDS_INPUT=1
SRV_CMD="$( echo $SRV_CMD | sed s/-www// )"
else
NEEDS_INPUT=0
fi
case "$SRV_CMD" in
*s_server*-dtls*)
NEEDS_INPUT=1
SRV_CMD="$( echo $SRV_CMD | sed s/-www// )";;
*) NEEDS_INPUT=0;;
esac
}
# provide input to commands that need it
@ -548,11 +561,10 @@ wait_client_done() {
# check if the given command uses dtls and sets global variable DTLS
detect_dtls() {
if echo "$1" | grep 'dtls=1\|-dtls1\|-u' >/dev/null; then
DTLS=1
else
DTLS=0
fi
case "$1" in
*dtls=1*|-dtls|-u) DTLS=1;;
*) DTLS=0;;
esac
}
# Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]]
@ -568,8 +580,7 @@ run_test() {
NAME="$1"
shift 1
if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then :
else
if is_excluded "$NAME"; then
SKIP_NEXT="NO"
return
fi
@ -577,10 +588,11 @@ run_test() {
print_name "$NAME"
# Do we only run numbered tests?
if [ "X$RUN_TEST_NUMBER" = "X" ]; then :
elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then :
else
SKIP_NEXT="YES"
if [ -n "$RUN_TEST_NUMBER" ]; then
case ",$RUN_TEST_NUMBER," in
*",$TESTS,"*) :;;
*) SKIP_NEXT="YES";;
esac
fi
# should we skip?
@ -606,10 +618,10 @@ run_test() {
shift 3
# Check if test uses files
TEST_USES_FILES=$(echo "$SRV_CMD $CLI_CMD" | grep "\.\(key\|crt\|pem\)" )
if [ ! -z "$TEST_USES_FILES" ]; then
requires_config_enabled MBEDTLS_FS_IO
fi
case "$SRV_CMD $CLI_CMD" in
*data_files/*)
requires_config_enabled MBEDTLS_FS_IO;;
esac
# should we skip?
if [ "X$SKIP_NEXT" = "XYES" ]; then
@ -840,6 +852,46 @@ cleanup() {
get_options "$@"
# Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell
# patterns rather than regular expressions, use a case statement instead
# of calling grep. To keep the optimizer simple, it is incomplete and only
# detects simple cases: plain substring, everything, nothing.
#
# As an exception, the character '.' is treated as an ordinary character
# if it is the only special character in the string. This is because it's
# rare to need "any one character", but needing a literal '.' is common
# (e.g. '-f "DTLS 1.2"').
need_grep=
case "$FILTER" in
'^$') simple_filter=;;
'.*') simple_filter='*';;
*[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep
need_grep=1;;
*) # No regexp or shell-pattern special character
simple_filter="*$FILTER*";;
esac
case "$EXCLUDE" in
'^$') simple_exclude=;;
'.*') simple_exclude='*';;
*[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep
need_grep=1;;
*) # No regexp or shell-pattern special character
simple_exclude="*$EXCLUDE*";;
esac
if [ -n "$need_grep" ]; then
is_excluded () {
! echo "$1" | grep "$FILTER" | grep -q -v "$EXCLUDE"
}
else
is_excluded () {
case "$1" in
$simple_exclude) true;;
$simple_filter) false;;
*) true;;
esac
}
fi
# sanity checks, avoid an avalanche of errors
P_SRV_BIN="${P_SRV%%[ ]*}"
P_CLI_BIN="${P_CLI%%[ ]*}"
@ -3908,6 +3960,20 @@ run_test "DHM size: server 1024, client default, OK" \
0 \
-C "DHM prime too short:"
run_test "DHM size: server 999, client 999, OK" \
"$P_SRV dhm_file=data_files/dh.999.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=999" \
0 \
-C "DHM prime too short:"
run_test "DHM size: server 1000, client 1000, OK" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=1000" \
0 \
-C "DHM prime too short:"
run_test "DHM size: server 1000, client default, rejected" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
@ -3915,6 +3981,27 @@ run_test "DHM size: server 1000, client default, rejected" \
1 \
-c "DHM prime too short:"
run_test "DHM size: server 1000, client 1001, rejected" \
"$P_SRV dhm_file=data_files/dh.1000.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=1001" \
1 \
-c "DHM prime too short:"
run_test "DHM size: server 999, client 1000, rejected" \
"$P_SRV dhm_file=data_files/dh.999.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=1000" \
1 \
-c "DHM prime too short:"
run_test "DHM size: server 998, client 999, rejected" \
"$P_SRV dhm_file=data_files/dh.998.pem" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \
debug_level=1 dhmlen=999" \
1 \
-c "DHM prime too short:"
run_test "DHM size: server default, client 2049, rejected" \
"$P_SRV" \
"$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \

View file

@ -151,6 +151,20 @@ base64_encode_hex:"0102030405060708":"AQIDBAUGBwg=":13:0
Base64 encode hex #4
base64_encode_hex:"01020304050607":"AQIDBAUGBw==":13:0
# Rotate the bytes around so that they end up at each offset modulo 3 in
# successive test cases.
Base64 encode hex all valid input bytes #0
base64_encode_hex:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7/P3+/w==":345:0
Base64 encode hex all valid input bytes #1
base64_encode_hex:"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff00":"AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u/w8fLz9PX29/j5+vv8/f7/AA==":345:0
Base64 encode hex all valid input bytes #2
base64_encode_hex:"02030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff0001":"AgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7/Dx8vP09fb3+Pn6+/z9/v8AAQ==":345:0
Base64 encode all valid output characters at all offsets
base64_encode_hex:"00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7effe00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7efd0":"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/Q":261:0
Base64 decode hex #1
base64_decode_hex:"AQIDBAUGBwgJ":"010203040506070809":9:0
@ -166,6 +180,9 @@ base64_decode_hex:"AQIDBAUGBw==":"01020304050607":7:0
Base64 decode hex #5 (buffer too small)
base64_decode_hex:"AQIDBAUGBw==":"01020304050607":6:MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL
Base64 decode all valid input characters at all offsets
base64_decode_hex:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/Q":"00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7effe00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7efd0":195:0
Base64 Selftest
depends_on:MBEDTLS_SELF_TEST
base64_selftest:

View file

@ -13,13 +13,22 @@ void mbedtls_base64_encode( char * src_string, char * dst_string,
{
unsigned char src_str[1000];
unsigned char dst_str[1000];
size_t len;
size_t len, src_len;
memset(src_str, 0x00, 1000);
memset(dst_str, 0x00, 1000);
strncpy( (char *) src_str, src_string, sizeof(src_str) - 1 );
TEST_ASSERT( mbedtls_base64_encode( dst_str, dst_buf_size, &len, src_str, strlen( (char *) src_str ) ) == result );
src_len = strlen( (char *) src_str );
TEST_CF_SECRET( src_str, sizeof( src_str ) );
TEST_ASSERT( mbedtls_base64_encode( dst_str, dst_buf_size, &len, src_str, src_len) == result );
TEST_CF_PUBLIC( src_str, sizeof( src_str ) );
/* dest_str will have had tainted data copied to it, prevent the TEST_ASSERT below from triggering
CF failures by unmarking it. */
TEST_CF_PUBLIC( dst_str, len );
if( result == 0 )
{
TEST_ASSERT( strcmp( (char *) dst_str, dst_string ) == 0 );
@ -57,7 +66,14 @@ void base64_encode_hex( data_t * src, char * dst, int dst_buf_size,
res = zero_alloc( dst_buf_size );
TEST_CF_SECRET( src->x, src->len );
TEST_ASSERT( mbedtls_base64_encode( res, dst_buf_size, &len, src->x, src->len ) == result );
TEST_CF_PUBLIC( src->x, src->len );
/* res will have had tainted data copied to it, prevent the TEST_ASSERT below from triggering
CF failures by unmarking it. */
TEST_CF_PUBLIC( res, len );
if( result == 0 )
{
TEST_ASSERT( len == strlen( dst ) );

View file

@ -344,6 +344,14 @@ ECP point multiplication rng fail Curve25519
depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED
ecp_test_mul_rng:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660"
ECP point muladd secp256r1 #1
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_muladd:MBEDTLS_ECP_DP_SECP256R1:"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579":"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1ffffffff20e120e1e1e1e13a4e135157317b79d4ecf329fed4f9eb00dc67dbddae33faca8b6d8a0255b5ce":"04fab65e09aa5dd948320f86246be1d3fc571e7f799d9005170ed5cc868b67598431a668f96aa9fd0b0eb15f0edf4c7fe1be2885eadcb57e3db4fdd093585d3fa6"
ECP point muladd secp256r1 #2
depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED
ecp_muladd:MBEDTLS_ECP_DP_SECP256R1:"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1ffffffff20e120e1e1e1e13a4e135157317b79d4ecf329fed4f9eb00dc67dbddae33faca8b6d8a0255b5ce":"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579":"04fab65e09aa5dd948320f86246be1d3fc571e7f799d9005170ed5cc868b67598431a668f96aa9fd0b0eb15f0edf4c7fe1be2885eadcb57e3db4fdd093585d3fa6"
ECP test vectors secp192k1
depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED
ecp_test_vect:MBEDTLS_ECP_DP_SECP192K1:"D1E13A359F6E0F0698791938E6D60246030AE4B0D8D4E9DE":"281BCA982F187ED30AD5E088461EBE0A5FADBB682546DF79":"3F68A8E9441FB93A4DD48CB70B504FCC9AA01902EF5BE0F3":"BE97C5D2A1A94D081E3FACE53E65A27108B7467BDF58DE43":"5EB35E922CD693F7947124F5920022C4891C04F6A8B8DCB2":"60ECF73D0FC43E0C42E8E155FFE39F9F0B531F87B34B6C3C":"372F5C5D0E18313C82AEF940EC3AFEE26087A46F1EBAE923":"D5A9F9182EC09CEAEA5F57EA10225EC77FA44174511985FD"

View file

@ -699,6 +699,52 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */
void ecp_muladd( int id,
data_t *u1_bin, data_t *P1_bin,
data_t *u2_bin, data_t *P2_bin,
data_t *expected_result )
{
/* Compute R = u1 * P1 + u2 * P2 */
mbedtls_ecp_group grp;
mbedtls_ecp_point P1, P2, R;
mbedtls_mpi u1, u2;
uint8_t actual_result[MBEDTLS_ECP_MAX_PT_LEN];
size_t len;
mbedtls_ecp_group_init( &grp );
mbedtls_ecp_point_init( &P1 );
mbedtls_ecp_point_init( &P2 );
mbedtls_ecp_point_init( &R );
mbedtls_mpi_init( &u1 );
mbedtls_mpi_init( &u2 );
TEST_EQUAL( 0, mbedtls_ecp_group_load( &grp, id ) );
TEST_EQUAL( 0, mbedtls_mpi_read_binary( &u1, u1_bin->x, u1_bin->len ) );
TEST_EQUAL( 0, mbedtls_mpi_read_binary( &u2, u2_bin->x, u2_bin->len ) );
TEST_EQUAL( 0, mbedtls_ecp_point_read_binary( &grp, &P1,
P1_bin->x, P1_bin->len ) );
TEST_EQUAL( 0, mbedtls_ecp_point_read_binary( &grp, &P2,
P2_bin->x, P2_bin->len ) );
TEST_EQUAL( 0, mbedtls_ecp_muladd( &grp, &R, &u1, &P1, &u2, &P2 ) );
TEST_EQUAL( 0, mbedtls_ecp_point_write_binary(
&grp, &R, MBEDTLS_ECP_PF_UNCOMPRESSED,
&len, actual_result, sizeof( actual_result ) ) );
ASSERT_COMPARE( expected_result->x, expected_result->len,
actual_result, len );
exit:
mbedtls_ecp_group_free( &grp );
mbedtls_ecp_point_free( &P1 );
mbedtls_ecp_point_free( &P2 );
mbedtls_ecp_point_free( &R );
mbedtls_mpi_free( &u1 );
mbedtls_mpi_free( &u2 );
}
/* END_CASE */
/* BEGIN_CASE */
void ecp_fast_mod( int id, char * N_str )
{

View file

@ -13,6 +13,9 @@ entropy_seed_file:"data_files/entropy_seed":0
Entropy write/update seed file
entropy_seed_file:"no_such_dir/file":MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR
Entropy write/update seed file: base NV seed file
entropy_write_base_seed_file:0
Entropy too many sources
entropy_too_many_sources:

View file

@ -162,6 +162,21 @@ exit:
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */
void entropy_write_base_seed_file( int ret )
{
mbedtls_entropy_context ctx;
mbedtls_entropy_init( &ctx );
TEST_ASSERT( mbedtls_entropy_write_seed_file( &ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE ) == ret );
TEST_ASSERT( mbedtls_entropy_update_seed_file( &ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE ) == ret );
exit:
mbedtls_entropy_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void entropy_too_many_sources( )
{

View file

@ -10,21 +10,39 @@ mpi_null:
Base test mpi_read_write_string #1
mpi_read_write_string:10:"128":10:"128":100:0:0
Base test mpi_read_write_string #1 (Leading 0)
mpi_read_write_string:10:"0128":10:"128":100:0:0
Base test mpi_read_write_string #2
mpi_read_write_string:10:"128":16:"80":100:0:0
Base test mpi_read_write_string #3 (Read zero)
Base test mpi_read_write_string #3 (Read zero decimal)
mpi_read_write_string:10:"0":10:"0":100:0:0
Base test mpi_read_write_string #3 (Read zero hex)
mpi_read_write_string:16:"0":16:"00":100:0:0
Base test mpi_read_write_string #3 (Read minus zero decimal)
mpi_read_write_string:10:"-0":10:"0":100:0:0
Base test mpi_read_write_string #3 (Read minus zero hex)
mpi_read_write_string:16:"-0":16:"00":100:0:0
Base test mpi_read_write_string #3 (Negative decimal)
mpi_read_write_string:10:"-23":10:"-23":100:0:0
Base test mpi_read_write_string #3 (Negative hex)
Base test mpi_read_write_string #3 (Negative decimal, leading 0)
mpi_read_write_string:10:"-023":10:"-23":100:0:0
Base test mpi_read_write_string #3 (Negative hex -> decimal)
mpi_read_write_string:16:"-20":10:"-32":100:0:0
Base test mpi_read_write_string #3 (Negative decimal)
Base test mpi_read_write_string #3 (Negative hex)
mpi_read_write_string:16:"-23":16:"-23":100:0:0
Base test mpi_read_write_string #3 (Negative hex, leading 0)
mpi_read_write_string:16:"-023":16:"-23":100:0:0
Base test mpi_read_write_string #4 (Buffer just fits)
mpi_read_write_string:16:"-4":4:"-10":4:0:0
@ -49,12 +67,18 @@ mpi_read_write_string:10:"29":15:"1e":100:0:0
Test mpi_read_write_string #7
mpi_read_write_string:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0:0
Test mpi_read_write_string #8 (Empty MPI -> hex)
Test mpi_read_write_string #8 (Empty MPI hex -> hex)
mpi_read_write_string:16:"":16:"00":4:0:0
Test mpi_read_write_string #9 (Empty MPI -> dec)
Test mpi_read_write_string #9 (Empty MPI hex -> dec)
mpi_read_write_string:16:"":10:"0":4:0:0
Test mpi_read_write_string #8 (Empty MPI dec -> hex)
mpi_read_write_string:10:"":16:"00":4:0:0
Test mpi_read_write_string #9 (Empty MPI dec -> dec)
mpi_read_write_string:10:"":10:"0":4:0:0
Test mpi_write_string #10 (Negative hex with odd number of digits)
mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL

View file

@ -1,8 +1,8 @@
Check compiletime library version
check_compiletime_version:"2.16.9"
check_compiletime_version:"2.16.10"
Check runtime library version
check_runtime_version:"2.16.9"
check_runtime_version:"2.16.10"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0

View file

@ -3,11 +3,6 @@ Microsoft Visual Studio Solution File, Format Version 11.00
# Visual C++ Express 2010
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mbedTLS", "mbedTLS.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}"
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "aescrypt2", "aescrypt2.vcxproj", "{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
EndProjectSection
EndProject
Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crypt_and_hash", "crypt_and_hash.vcxproj", "{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}"
ProjectSection(ProjectDependencies) = postProject
{46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554}
@ -259,14 +254,6 @@ Global
{46CF2D25-6A36-4189-B59C-E4815388E554}.Release|Win32.Build.0 = Release|Win32
{46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.ActiveCfg = Release|x64
{46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.Build.0 = Release|x64
{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|Win32.ActiveCfg = Debug|Win32
{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|Win32.Build.0 = Debug|Win32
{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|x64.ActiveCfg = Debug|x64
{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|x64.Build.0 = Debug|x64
{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|Win32.ActiveCfg = Release|Win32
{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|Win32.Build.0 = Release|Win32
{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|x64.ActiveCfg = Release|x64
{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|x64.Build.0 = Release|x64
{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|Win32.ActiveCfg = Debug|Win32
{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|Win32.Build.0 = Debug|Win32
{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|x64.ActiveCfg = Debug|x64

View file

@ -59,7 +59,7 @@ public:
{2, &ISslContext::CreateConnection, "CreateConnection"},
{3, nullptr, "GetConnectionCount"},
{4, nullptr, "ImportServerPki"},
{5, nullptr, "ImportClientPki"},
{5, &ISslContext::ImportClientPki, "ImportClientPki"},
{6, nullptr, "RemoveServerPki"},
{7, nullptr, "RemoveClientPki"},
{8, nullptr, "RegisterInternalPki"},
@ -94,6 +94,25 @@ private:
rb.Push(RESULT_SUCCESS);
rb.PushIpcInterface<ISslConnection>(system);
}
void ImportClientPki(Kernel::HLERequestContext& ctx) {
const auto pkcs_12_certificate = ctx.ReadBuffer(0);
const auto ascii_password = [&ctx] {
if (ctx.CanReadBuffer(1)) {
return ctx.ReadBuffer(1);
}
return std::vector<u8>{};
}();
constexpr u64 client_id = 0;
ctx.WriteBuffer(client_id);
LOG_WARNING(Service_SSL, "(STUBBED) called");
IPC::ResponseBuilder rb{ctx, 2};
rb.Push(RESULT_SUCCESS);
}
};
class SSL final : public ServiceFramework<SSL> {

View file

@ -46,6 +46,7 @@ ConfigureUi::ConfigureUi(QWidget* parent) : QWidget(parent), ui(new Ui::Configur
SetConfiguration();
// Force game list reload if any of the relevant settings are changed.
connect(ui->show_add_ons, &QCheckBox::stateChanged, this, &ConfigureUi::RequestGameListUpdate);
connect(ui->icon_size_combobox, QOverload<int>::of(&QComboBox::currentIndexChanged), this,
&ConfigureUi::RequestGameListUpdate);
connect(ui->row_1_text_combobox, QOverload<int>::of(&QComboBox::currentIndexChanged), this,