From 63199acc4d31a1c796ec473f37c45566b8a3bf7f Mon Sep 17 00:00:00 2001 From: pineappleEA Date: Wed, 12 May 2021 16:01:52 +0200 Subject: [PATCH] early-access version 1676 --- README.md | 2 +- externals/mbedtls/CMakeLists.txt | 3 + externals/mbedtls/ChangeLog | 47 ++++++ .../ChangeLog.d/add-missing-parenthesis.txt | 3 + externals/mbedtls/ChangeLog.d/aescrypt2.txt | 3 + .../mbedtls/ChangeLog.d/bugfix_PR3616.txt | 5 + .../mbedtls/ChangeLog.d/dhm_min_bitlen.txt | 4 + .../dtls_sample_use_read_timeout.txt | 2 + .../fix-pk-parse-key-error-code.txt | 2 + .../ChangeLog.d/mpi_read_negative_zero.txt | 3 + externals/mbedtls/Makefile | 4 +- .../mbedtls/doxygen/input/doc_mainpage.h | 2 +- externals/mbedtls/doxygen/mbedtls.doxyfile | 2 +- externals/mbedtls/include/mbedtls/version.h | 8 +- externals/mbedtls/library/CMakeLists.txt | 6 +- externals/mbedtls/library/base64.c | 131 ++++++++++++++-- externals/mbedtls/library/bignum.c | 32 ++-- externals/mbedtls/library/ecp.c | 2 +- externals/mbedtls/library/ecp_curves.c | 4 +- externals/mbedtls/library/entropy.c | 18 ++- externals/mbedtls/library/pkparse.c | 2 +- externals/mbedtls/library/ssl_cli.c | 8 +- externals/mbedtls/programs/.gitignore | 1 - externals/mbedtls/programs/Makefile | 6 +- externals/mbedtls/programs/README.md | 3 - externals/mbedtls/programs/aes/CMakeLists.txt | 5 +- externals/mbedtls/programs/ssl/dtls_client.c | 1 + externals/mbedtls/programs/ssl/dtls_server.c | 3 +- .../mbedtls/scripts/assemble_changelog.py | 20 +++ externals/mbedtls/scripts/config.pl | 7 +- externals/mbedtls/tests/data_files/Makefile | 10 ++ externals/mbedtls/tests/data_files/dh.998.pem | 17 ++ externals/mbedtls/tests/data_files/dh.999.pem | 17 ++ .../mbedtls/tests/scripts/check-names.sh | 5 - externals/mbedtls/tests/ssl-opt.sh | 147 ++++++++++++++---- .../tests/suites/test_suite_base64.data | 17 ++ .../tests/suites/test_suite_base64.function | 20 ++- .../mbedtls/tests/suites/test_suite_ecp.data | 8 + .../tests/suites/test_suite_ecp.function | 46 ++++++ .../tests/suites/test_suite_entropy.data | 3 + .../tests/suites/test_suite_entropy.function | 15 ++ .../mbedtls/tests/suites/test_suite_mpi.data | 34 +++- .../tests/suites/test_suite_version.data | 4 +- externals/mbedtls/visualc/VS2010/mbedTLS.sln | 13 -- src/core/hle/service/ssl/ssl.cpp | 21 ++- src/yuzu/configuration/configure_ui.cpp | 1 + 46 files changed, 587 insertions(+), 130 deletions(-) create mode 100755 externals/mbedtls/ChangeLog.d/add-missing-parenthesis.txt create mode 100755 externals/mbedtls/ChangeLog.d/aescrypt2.txt create mode 100755 externals/mbedtls/ChangeLog.d/bugfix_PR3616.txt create mode 100755 externals/mbedtls/ChangeLog.d/dhm_min_bitlen.txt create mode 100755 externals/mbedtls/ChangeLog.d/dtls_sample_use_read_timeout.txt create mode 100755 externals/mbedtls/ChangeLog.d/fix-pk-parse-key-error-code.txt create mode 100755 externals/mbedtls/ChangeLog.d/mpi_read_negative_zero.txt create mode 100755 externals/mbedtls/tests/data_files/dh.998.pem create mode 100755 externals/mbedtls/tests/data_files/dh.999.pem diff --git a/README.md b/README.md index 501807ffc..fc6d8ecbc 100755 --- a/README.md +++ b/README.md @@ -1,7 +1,7 @@ yuzu emulator early access ============= -This is the source code for early-access 1675. +This is the source code for early-access 1676. ## Legal Notice diff --git a/externals/mbedtls/CMakeLists.txt b/externals/mbedtls/CMakeLists.txt index c1b118108..1811c4281 100755 --- a/externals/mbedtls/CMakeLists.txt +++ b/externals/mbedtls/CMakeLists.txt @@ -157,6 +157,9 @@ if(CMAKE_COMPILER_IS_IAR) endif(CMAKE_COMPILER_IS_IAR) if(CMAKE_COMPILER_IS_MSVC) + # Compile with UTF-8 encoding (REMOVE THIS COMMIT ONCE A FIX IS DEPLOYED UPSTREAM) + add_compile_options(/utf-8) + # Strictest warnings, and treat as errors set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /W3") set(CMAKE_C_FLAGS "${CMAKE_C_FLAGS} /WX") diff --git a/externals/mbedtls/ChangeLog b/externals/mbedtls/ChangeLog index 1ecfc8b0a..fe7aecd27 100755 --- a/externals/mbedtls/ChangeLog +++ b/externals/mbedtls/ChangeLog @@ -1,5 +1,52 @@ mbed TLS ChangeLog (Sorted per branch, date) += mbed TLS 2.16.10 branch released 2021-03-12 + +Default behavior changes + * In mbedtls_rsa_context objects, the ver field was formerly documented + as always 0. It is now reserved for internal purposes and may take + different values. + +Security + * Fix a buffer overflow in mbedtls_mpi_sub_abs() when calculating + |A| - |B| where |B| is larger than |A| and has more limbs (so the + function should return MBEDTLS_ERR_MPI_NEGATIVE_VALUE). Only + applications calling mbedtls_mpi_sub_abs() directly are affected: + all calls inside the library were safe since this function is + only called with |A| >= |B|. Reported by Guido Vranken in #4042. + * Fix an errorneous estimation for an internal buffer in + mbedtls_pk_write_key_pem(). If MBEDTLS_MPI_MAX_SIZE is set to an odd + value the function might fail to write a private RSA keys of the largest + supported size. + Found by Daniel Otte, reported in #4093 and fixed in #4094, + backported in #4100. + * Fix a stack buffer overflow with mbedtls_net_poll() and + mbedtls_net_recv_timeout() when given a file descriptor that is + beyond FD_SETSIZE. Reported by FigBug in #4169. + * Guard against strong local side channel attack against base64 tables by + making access aceess to them use constant flow code. + +Bugfix + * Fix an incorrect error code if an RSA private operation glitched. + * Fix a resource leak in CTR_DRBG and HMAC_DRBG when MBEDTLS_THREADING_C + is enabled, on platforms where initializing a mutex allocates resources. + This was a regression introduced in the previous release. Reported in + #4017, #4045 and #4071. + * Ensure that calling mbedtls_rsa_free() or mbedtls_entropy_free() + twice is safe. This happens for RSA when some Mbed TLS library functions + fail. Such a double-free was not safe when MBEDTLS_THREADING_C was + enabled on platforms where freeing a mutex twice is not safe. + * Fix a resource leak in a bad-arguments case of mbedtls_rsa_gen_key() + when MBEDTLS_THREADING_C is enabled on platforms where initializing + a mutex allocates resources. + * This change makes 'mbedtls_x509write_crt_set_basic_constraints' + consistent with RFC 5280 4.2.1.9 which says: "Conforming CAs MUST + include this extension in all CA certificates that contain public keys + used to validate digital signatures on certificates and MUST mark the + extension as critical in such certificates." Previous to this change, + the extension was always marked as non-critical. This was fixed by + #4044. + = mbed TLS 2.16.9 branch released 2020-12-11 Security diff --git a/externals/mbedtls/ChangeLog.d/add-missing-parenthesis.txt b/externals/mbedtls/ChangeLog.d/add-missing-parenthesis.txt new file mode 100755 index 000000000..9576ff379 --- /dev/null +++ b/externals/mbedtls/ChangeLog.d/add-missing-parenthesis.txt @@ -0,0 +1,3 @@ +Bugfix + * Fix a compilation error when MBEDTLS_ECP_RANDOMIZE_MXZ_ALT is + defined. Fixes #4217. diff --git a/externals/mbedtls/ChangeLog.d/aescrypt2.txt b/externals/mbedtls/ChangeLog.d/aescrypt2.txt new file mode 100755 index 000000000..7ffa49eaa --- /dev/null +++ b/externals/mbedtls/ChangeLog.d/aescrypt2.txt @@ -0,0 +1,3 @@ +Changes + * Remove the AES sample application programs/aes/aescrypt2 which shows + bad cryptographic practice. Fix #1906. diff --git a/externals/mbedtls/ChangeLog.d/bugfix_PR3616.txt b/externals/mbedtls/ChangeLog.d/bugfix_PR3616.txt new file mode 100755 index 000000000..47d104492 --- /dev/null +++ b/externals/mbedtls/ChangeLog.d/bugfix_PR3616.txt @@ -0,0 +1,5 @@ +Bugfix + * Fix premature fopen() call in mbedtls_entropy_write_seed_file which may + lead to the seed file corruption in case if the path to the seed file is + equal to MBEDTLS_PLATFORM_STD_NV_SEED_FILE. Contributed by Victor + Krasnoshchok in #3616. diff --git a/externals/mbedtls/ChangeLog.d/dhm_min_bitlen.txt b/externals/mbedtls/ChangeLog.d/dhm_min_bitlen.txt new file mode 100755 index 000000000..e7ea82730 --- /dev/null +++ b/externals/mbedtls/ChangeLog.d/dhm_min_bitlen.txt @@ -0,0 +1,4 @@ +Bugfix + * In a TLS client, enforce the Diffie-Hellman minimum parameter size + set with mbedtls_ssl_conf_dhm_min_bitlen() precisely. Before, the + minimum size was rounded down to the nearest multiple of 8. diff --git a/externals/mbedtls/ChangeLog.d/dtls_sample_use_read_timeout.txt b/externals/mbedtls/ChangeLog.d/dtls_sample_use_read_timeout.txt new file mode 100755 index 000000000..e3150d6ef --- /dev/null +++ b/externals/mbedtls/ChangeLog.d/dtls_sample_use_read_timeout.txt @@ -0,0 +1,2 @@ +Changes + * Fix the setting of the read timeout in the DTLS sample programs. diff --git a/externals/mbedtls/ChangeLog.d/fix-pk-parse-key-error-code.txt b/externals/mbedtls/ChangeLog.d/fix-pk-parse-key-error-code.txt new file mode 100755 index 000000000..3aa330b1a --- /dev/null +++ b/externals/mbedtls/ChangeLog.d/fix-pk-parse-key-error-code.txt @@ -0,0 +1,2 @@ +Bugfix + * Fix an incorrect error code when parsing a PKCS#8 private key. diff --git a/externals/mbedtls/ChangeLog.d/mpi_read_negative_zero.txt b/externals/mbedtls/ChangeLog.d/mpi_read_negative_zero.txt new file mode 100755 index 000000000..e338de70b --- /dev/null +++ b/externals/mbedtls/ChangeLog.d/mpi_read_negative_zero.txt @@ -0,0 +1,3 @@ +Bugfix + * mbedtls_mpi_read_string on "-0" produced an MPI object that was not treated + as equal to 0 in all cases. Fix it to produce the same object as "0". diff --git a/externals/mbedtls/Makefile b/externals/mbedtls/Makefile index 3942fbd3d..ffa3aa04f 100755 --- a/externals/mbedtls/Makefile +++ b/externals/mbedtls/Makefile @@ -124,11 +124,11 @@ endif ## Editor navigation files C_SOURCE_FILES = $(wildcard include/*/*.h library/*.[hc] programs/*/*.[hc] tests/suites/*.function) # Exuberant-ctags invocation. Other ctags implementations may require different options. -CTAGS = ctags --langmap=c:+.h.function -o +CTAGS = ctags --langmap=c:+.h.function --line-directives=no -o tags: $(C_SOURCE_FILES) $(CTAGS) $@ $(C_SOURCE_FILES) TAGS: $(C_SOURCE_FILES) - etags -o $@ $(C_SOURCE_FILES) + etags --no-line-directive -o $@ $(C_SOURCE_FILES) global: GPATH GRTAGS GSYMS GTAGS GPATH GRTAGS GSYMS GTAGS: $(C_SOURCE_FILES) ls $(C_SOURCE_FILES) | gtags -f - --gtagsconf .globalrc diff --git a/externals/mbedtls/doxygen/input/doc_mainpage.h b/externals/mbedtls/doxygen/input/doc_mainpage.h index 4fe1613d7..e640c7bbd 100755 --- a/externals/mbedtls/doxygen/input/doc_mainpage.h +++ b/externals/mbedtls/doxygen/input/doc_mainpage.h @@ -49,7 +49,7 @@ */ /** - * @mainpage mbed TLS v2.16.9 source code documentation + * @mainpage mbed TLS v2.16.10 source code documentation * * This documentation describes the internal structure of mbed TLS. It was * automatically generated from specially formatted comment blocks in diff --git a/externals/mbedtls/doxygen/mbedtls.doxyfile b/externals/mbedtls/doxygen/mbedtls.doxyfile index 9197a4a7e..61a42c48a 100755 --- a/externals/mbedtls/doxygen/mbedtls.doxyfile +++ b/externals/mbedtls/doxygen/mbedtls.doxyfile @@ -28,7 +28,7 @@ DOXYFILE_ENCODING = UTF-8 # identify the project. Note that if you do not use Doxywizard you need # to put quotes around the project name if it contains spaces. -PROJECT_NAME = "mbed TLS v2.16.9" +PROJECT_NAME = "mbed TLS v2.16.10" # The PROJECT_NUMBER tag can be used to enter a project or revision number. # This could be handy for archiving the generated documentation or diff --git a/externals/mbedtls/include/mbedtls/version.h b/externals/mbedtls/include/mbedtls/version.h index 5f0a8f114..bd5c730c1 100755 --- a/externals/mbedtls/include/mbedtls/version.h +++ b/externals/mbedtls/include/mbedtls/version.h @@ -65,16 +65,16 @@ */ #define MBEDTLS_VERSION_MAJOR 2 #define MBEDTLS_VERSION_MINOR 16 -#define MBEDTLS_VERSION_PATCH 9 +#define MBEDTLS_VERSION_PATCH 10 /** * The single version number has the following structure: * MMNNPP00 * Major version | Minor version | Patch version */ -#define MBEDTLS_VERSION_NUMBER 0x02100900 -#define MBEDTLS_VERSION_STRING "2.16.9" -#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.9" +#define MBEDTLS_VERSION_NUMBER 0x02100A00 +#define MBEDTLS_VERSION_STRING "2.16.10" +#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.16.10" #if defined(MBEDTLS_VERSION_C) diff --git a/externals/mbedtls/library/CMakeLists.txt b/externals/mbedtls/library/CMakeLists.txt index 8002cdbe6..4f61f9994 100755 --- a/externals/mbedtls/library/CMakeLists.txt +++ b/externals/mbedtls/library/CMakeLists.txt @@ -165,15 +165,15 @@ endif(USE_STATIC_MBEDTLS_LIBRARY) if(USE_SHARED_MBEDTLS_LIBRARY) add_library(mbedcrypto SHARED ${src_crypto}) - set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.9 SOVERSION 3) + set_target_properties(mbedcrypto PROPERTIES VERSION 2.16.10 SOVERSION 3) target_link_libraries(mbedcrypto ${libs}) add_library(mbedx509 SHARED ${src_x509}) - set_target_properties(mbedx509 PROPERTIES VERSION 2.16.9 SOVERSION 0) + set_target_properties(mbedx509 PROPERTIES VERSION 2.16.10 SOVERSION 0) target_link_libraries(mbedx509 ${libs} mbedcrypto) add_library(mbedtls SHARED ${src_tls}) - set_target_properties(mbedtls PROPERTIES VERSION 2.16.9 SOVERSION 12) + set_target_properties(mbedtls PROPERTIES VERSION 2.16.10 SOVERSION 12) target_link_libraries(mbedtls ${libs} mbedx509) install(TARGETS mbedtls mbedx509 mbedcrypto diff --git a/externals/mbedtls/library/base64.c b/externals/mbedtls/library/base64.c index bfafb0535..692e11e3f 100755 --- a/externals/mbedtls/library/base64.c +++ b/externals/mbedtls/library/base64.c @@ -96,6 +96,99 @@ static const unsigned char base64_dec_map[128] = #define BASE64_SIZE_T_MAX ( (size_t) -1 ) /* SIZE_T_MAX is not standard */ +/* + * Constant flow conditional assignment to unsigned char + */ +static void mbedtls_base64_cond_assign_uchar( unsigned char * dest, const unsigned char * const src, + unsigned char condition ) +{ + /* MSVC has a warning about unary minus on unsigned integer types, + * but this is well-defined and precisely what we want to do here. */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + + /* Generate bitmask from condition, mask will either be 0xFF or 0 */ + unsigned char mask = ( condition | -condition ); + mask >>= 7; + mask = -mask; + +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif + + *dest = ( ( *src ) & mask ) | ( ( *dest ) & ~mask ); +} + +/* + * Constant flow conditional assignment to uint_32 + */ +static void mbedtls_base64_cond_assign_uint32( uint32_t * dest, const uint32_t src, + uint32_t condition ) +{ + /* MSVC has a warning about unary minus on unsigned integer types, + * but this is well-defined and precisely what we want to do here. */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + + /* Generate bitmask from condition, mask will either be 0xFFFFFFFF or 0 */ + uint32_t mask = ( condition | -condition ); + mask >>= 31; + mask = -mask; + +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif + + *dest = ( src & mask ) | ( ( *dest ) & ~mask ); +} + +/* + * Constant flow check for equality + */ +static unsigned char mbedtls_base64_eq( size_t in_a, size_t in_b ) +{ + size_t difference = in_a ^ in_b; + + /* MSVC has a warning about unary minus on unsigned integer types, + * but this is well-defined and precisely what we want to do here. */ +#if defined(_MSC_VER) +#pragma warning( push ) +#pragma warning( disable : 4146 ) +#endif + + difference |= -difference; + +#if defined(_MSC_VER) +#pragma warning( pop ) +#endif + + /* cope with the varying size of size_t per platform */ + difference >>= ( sizeof( difference ) * 8 - 1 ); + + return (unsigned char) ( 1 ^ difference ); +} + +/* + * Constant flow lookup into table. + */ +static unsigned char mbedtls_base64_table_lookup( const unsigned char * const table, + const size_t table_size, const size_t table_index ) +{ + size_t i; + unsigned char result = 0; + + for( i = 0; i < table_size; ++i ) + { + mbedtls_base64_cond_assign_uchar( &result, &table[i], mbedtls_base64_eq( i, table_index ) ); + } + + return result; +} + /* * Encode a buffer into base64 format */ @@ -136,10 +229,17 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, C2 = *src++; C3 = *src++; - *p++ = base64_enc_map[(C1 >> 2) & 0x3F]; - *p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F]; - *p++ = base64_enc_map[(((C2 & 15) << 2) + (C3 >> 6)) & 0x3F]; - *p++ = base64_enc_map[C3 & 0x3F]; + *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), + ( ( C1 >> 2 ) & 0x3F ) ); + + *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), + ( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) ); + + *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), + ( ( ( ( C2 & 15 ) << 2 ) + ( C3 >> 6 ) ) & 0x3F ) ); + + *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), + ( C3 & 0x3F ) ); } if( i < slen ) @@ -147,11 +247,15 @@ int mbedtls_base64_encode( unsigned char *dst, size_t dlen, size_t *olen, C1 = *src++; C2 = ( ( i + 1 ) < slen ) ? *src++ : 0; - *p++ = base64_enc_map[(C1 >> 2) & 0x3F]; - *p++ = base64_enc_map[(((C1 & 3) << 4) + (C2 >> 4)) & 0x3F]; + *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), + ( ( C1 >> 2 ) & 0x3F ) ); + + *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), + ( ( ( ( C1 & 3 ) << 4 ) + ( C2 >> 4 ) ) & 0x3F ) ); if( ( i + 1 ) < slen ) - *p++ = base64_enc_map[((C2 & 15) << 2) & 0x3F]; + *p++ = mbedtls_base64_table_lookup( base64_enc_map, sizeof( base64_enc_map ), + ( ( ( C2 & 15 ) << 2 ) & 0x3F ) ); else *p++ = '='; *p++ = '='; @@ -172,6 +276,7 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, size_t i, n; uint32_t j, x; unsigned char *p; + unsigned char dec_map_lookup; /* First pass: check for validity and get output length */ for( i = n = j = 0; i < slen; i++ ) @@ -202,10 +307,12 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, if( src[i] == '=' && ++j > 2 ) return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); - if( src[i] > 127 || base64_dec_map[src[i]] == 127 ) + dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), src[i] ); + + if( src[i] > 127 || dec_map_lookup == 127 ) return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); - if( base64_dec_map[src[i]] < 64 && j != 0 ) + if( dec_map_lookup < 64 && j != 0 ) return( MBEDTLS_ERR_BASE64_INVALID_CHARACTER ); n++; @@ -235,8 +342,10 @@ int mbedtls_base64_decode( unsigned char *dst, size_t dlen, size_t *olen, if( *src == '\r' || *src == '\n' || *src == ' ' ) continue; - j -= ( base64_dec_map[*src] == 64 ); - x = ( x << 6 ) | ( base64_dec_map[*src] & 0x3F ); + dec_map_lookup = mbedtls_base64_table_lookup( base64_dec_map, sizeof( base64_dec_map ), *src ); + + mbedtls_base64_cond_assign_uint32( &j, j - 1, mbedtls_base64_eq( dec_map_lookup, 64 ) ); + x = ( x << 6 ) | ( dec_map_lookup & 0x3F ); if( ++n == 4 ) { diff --git a/externals/mbedtls/library/bignum.c b/externals/mbedtls/library/bignum.c index f133f6c13..bd352e1bb 100755 --- a/externals/mbedtls/library/bignum.c +++ b/externals/mbedtls/library/bignum.c @@ -500,6 +500,7 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ) { int ret; size_t i, j, slen, n; + int sign = 1; mbedtls_mpi_uint d; mbedtls_mpi T; MPI_VALIDATE_RET( X != NULL ); @@ -510,6 +511,12 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ) mbedtls_mpi_init( &T ); + if( s[0] == '-' ) + { + ++s; + sign = -1; + } + slen = strlen( s ); if( radix == 16 ) @@ -524,12 +531,6 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ) for( i = slen, j = 0; i > 0; i--, j++ ) { - if( i == 1 && s[i - 1] == '-' ) - { - X->s = -1; - break; - } - MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i - 1] ) ); X->p[j / ( 2 * ciL )] |= d << ( ( j % ( 2 * ciL ) ) << 2 ); } @@ -540,26 +541,15 @@ int mbedtls_mpi_read_string( mbedtls_mpi *X, int radix, const char *s ) for( i = 0; i < slen; i++ ) { - if( i == 0 && s[i] == '-' ) - { - X->s = -1; - continue; - } - MBEDTLS_MPI_CHK( mpi_get_digit( &d, radix, s[i] ) ); MBEDTLS_MPI_CHK( mbedtls_mpi_mul_int( &T, X, radix ) ); - - if( X->s == 1 ) - { - MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) ); - } - else - { - MBEDTLS_MPI_CHK( mbedtls_mpi_sub_int( X, &T, d ) ); - } + MBEDTLS_MPI_CHK( mbedtls_mpi_add_int( X, &T, d ) ); } } + if( sign < 0 && mbedtls_mpi_bitlen( X ) != 0 ) + X->s = -1; + cleanup: mbedtls_mpi_free( &T ); diff --git a/externals/mbedtls/library/ecp.c b/externals/mbedtls/library/ecp.c index fe41b4128..2168981af 100755 --- a/externals/mbedtls/library/ecp.c +++ b/externals/mbedtls/library/ecp.c @@ -2505,7 +2505,7 @@ static int ecp_randomize_mxz( const mbedtls_ecp_group *grp, mbedtls_ecp_point *P #if defined(MBEDTLS_ECP_RANDOMIZE_MXZ_ALT) if( mbedtls_internal_ecp_grp_capable( grp ) ) - return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ); + return( mbedtls_internal_ecp_randomize_mxz( grp, P, f_rng, p_rng ) ); #endif /* MBEDTLS_ECP_RANDOMIZE_MXZ_ALT */ p_size = ( grp->pbits + 7 ) / 8; diff --git a/externals/mbedtls/library/ecp_curves.c b/externals/mbedtls/library/ecp_curves.c index b04596b56..396734d17 100755 --- a/externals/mbedtls/library/ecp_curves.c +++ b/externals/mbedtls/library/ecp_curves.c @@ -1048,13 +1048,13 @@ static inline void sub32( uint32_t *dst, uint32_t src, signed char *carry ) /* * If the result is negative, we get it in the form - * c * 2^(bits + 32) + N, with c negative and N positive shorter than 'bits' + * c * 2^bits + N, with c negative and N positive shorter than 'bits' */ static inline int fix_negative( mbedtls_mpi *N, signed char c, mbedtls_mpi *C, size_t bits ) { int ret; - /* C = - c * 2^(bits + 32) */ + /* C = - c * 2^bits */ #if !defined(MBEDTLS_HAVE_INT64) ((void) bits); #else diff --git a/externals/mbedtls/library/entropy.c b/externals/mbedtls/library/entropy.c index c5f414a01..9f1a32bdc 100755 --- a/externals/mbedtls/library/entropy.c +++ b/externals/mbedtls/library/entropy.c @@ -494,14 +494,20 @@ int mbedtls_entropy_update_nv_seed( mbedtls_entropy_context *ctx ) int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *path ) { int ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; - FILE *f; + FILE *f = NULL; unsigned char buf[MBEDTLS_ENTROPY_BLOCK_SIZE]; - if( ( f = fopen( path, "wb" ) ) == NULL ) - return( MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR ); - if( ( ret = mbedtls_entropy_func( ctx, buf, MBEDTLS_ENTROPY_BLOCK_SIZE ) ) != 0 ) + { + ret = MBEDTLS_ERR_ENTROPY_SOURCE_FAILED; goto exit; + } + + if( ( f = fopen( path, "wb" ) ) == NULL ) + { + ret = MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR; + goto exit; + } if( fwrite( buf, 1, MBEDTLS_ENTROPY_BLOCK_SIZE, f ) != MBEDTLS_ENTROPY_BLOCK_SIZE ) { @@ -514,7 +520,9 @@ int mbedtls_entropy_write_seed_file( mbedtls_entropy_context *ctx, const char *p exit: mbedtls_platform_zeroize( buf, sizeof( buf ) ); - fclose( f ); + if( f != NULL ) + fclose( f ); + return( ret ); } diff --git a/externals/mbedtls/library/pkparse.c b/externals/mbedtls/library/pkparse.c index e410f3aae..2622351a4 100755 --- a/externals/mbedtls/library/pkparse.c +++ b/externals/mbedtls/library/pkparse.c @@ -1070,7 +1070,7 @@ static int pk_parse_key_pkcs8_unencrypted_der( return( MBEDTLS_ERR_PK_KEY_INVALID_VERSION + ret ); if( ( ret = pk_get_pk_alg( &p, end, &pk_alg, ¶ms ) ) != 0 ) - return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); + return( ret ); if( ( ret = mbedtls_asn1_get_tag( &p, end, &len, MBEDTLS_ASN1_OCTET_STRING ) ) != 0 ) return( MBEDTLS_ERR_PK_KEY_INVALID_FORMAT + ret ); diff --git a/externals/mbedtls/library/ssl_cli.c b/externals/mbedtls/library/ssl_cli.c index bd7f28134..073311b07 100755 --- a/externals/mbedtls/library/ssl_cli.c +++ b/externals/mbedtls/library/ssl_cli.c @@ -2209,6 +2209,7 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, unsigned char *end ) { int ret = MBEDTLS_ERR_SSL_FEATURE_UNAVAILABLE; + size_t dhm_actual_bitlen; /* * Ephemeral DH parameters: @@ -2226,10 +2227,11 @@ static int ssl_parse_server_dh_params( mbedtls_ssl_context *ssl, return( ret ); } - if( ssl->handshake->dhm_ctx.len * 8 < ssl->conf->dhm_min_bitlen ) + dhm_actual_bitlen = mbedtls_mpi_bitlen( &ssl->handshake->dhm_ctx.P ); + if( dhm_actual_bitlen < ssl->conf->dhm_min_bitlen ) { - MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %d < %d", - ssl->handshake->dhm_ctx.len * 8, + MBEDTLS_SSL_DEBUG_MSG( 1, ( "DHM prime too short: %u < %u", + (unsigned) dhm_actual_bitlen, ssl->conf->dhm_min_bitlen ) ); return( MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE ); } diff --git a/externals/mbedtls/programs/.gitignore b/externals/mbedtls/programs/.gitignore index 4d789309d..d9ca31c62 100755 --- a/externals/mbedtls/programs/.gitignore +++ b/externals/mbedtls/programs/.gitignore @@ -2,7 +2,6 @@ *.sln *.vcxproj -aes/aescrypt2 aes/crypt_and_hash hash/generic_sum hash/hello diff --git a/externals/mbedtls/programs/Makefile b/externals/mbedtls/programs/Makefile index d09949bbf..d5ebfd71b 100755 --- a/externals/mbedtls/programs/Makefile +++ b/externals/mbedtls/programs/Makefile @@ -47,7 +47,7 @@ ifdef ZLIB LOCAL_LDFLAGS += -lz endif -APPS = aes/aescrypt2$(EXEXT) aes/crypt_and_hash$(EXEXT) \ +APPS = aes/crypt_and_hash$(EXEXT) \ hash/hello$(EXEXT) hash/generic_sum$(EXEXT) \ pkey/dh_client$(EXEXT) \ pkey/dh_genprime$(EXEXT) pkey/dh_server$(EXEXT) \ @@ -93,10 +93,6 @@ all: $(APPS) $(DEP): $(MAKE) -C ../library -aes/aescrypt2$(EXEXT): aes/aescrypt2.c $(DEP) - echo " CC aes/aescrypt2.c" - $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/aescrypt2.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ - aes/crypt_and_hash$(EXEXT): aes/crypt_and_hash.c $(DEP) echo " CC aes/crypt_and_hash.c" $(CC) $(LOCAL_CFLAGS) $(CFLAGS) aes/crypt_and_hash.c $(LOCAL_LDFLAGS) $(LDFLAGS) -o $@ diff --git a/externals/mbedtls/programs/README.md b/externals/mbedtls/programs/README.md index d26349d0f..e9e9f5773 100755 --- a/externals/mbedtls/programs/README.md +++ b/externals/mbedtls/programs/README.md @@ -5,9 +5,6 @@ This subdirectory mostly contains sample programs that illustrate specific featu ## Symmetric cryptography (AES) examples -* [`aes/aescrypt2.c`](aes/aescrypt2.c): file encryption and authentication with a key derived from a low-entropy secret, demonstrating the low-level AES interface, the digest interface and HMAC. - Warning: this program illustrates how to use low-level functions in the library. It should not be taken as an example of how to build a secure encryption mechanism. To derive a key from a low-entropy secret such as a password, use a standard key stretching mechanism such as PBKDF2 (provided by the `pkcs5` module). To encrypt and authenticate data, use a standard mode such as GCM or CCM (both available as library module). - * [`aes/crypt_and_hash.c`](aes/crypt_and_hash.c): file encryption and authentication, demonstrating the generic cipher interface and the generic hash interface. ## Hash (digest) examples diff --git a/externals/mbedtls/programs/aes/CMakeLists.txt b/externals/mbedtls/programs/aes/CMakeLists.txt index f5a0caabb..ac70de858 100755 --- a/externals/mbedtls/programs/aes/CMakeLists.txt +++ b/externals/mbedtls/programs/aes/CMakeLists.txt @@ -1,9 +1,6 @@ -add_executable(aescrypt2 aescrypt2.c) -target_link_libraries(aescrypt2 mbedtls) - add_executable(crypt_and_hash crypt_and_hash.c) target_link_libraries(crypt_and_hash mbedtls) -install(TARGETS aescrypt2 crypt_and_hash +install(TARGETS crypt_and_hash DESTINATION "bin" PERMISSIONS OWNER_READ OWNER_WRITE OWNER_EXECUTE GROUP_READ GROUP_EXECUTE WORLD_READ WORLD_EXECUTE) diff --git a/externals/mbedtls/programs/ssl/dtls_client.c b/externals/mbedtls/programs/ssl/dtls_client.c index 69d4f3392..fa7a0875a 100755 --- a/externals/mbedtls/programs/ssl/dtls_client.c +++ b/externals/mbedtls/programs/ssl/dtls_client.c @@ -218,6 +218,7 @@ int main( int argc, char *argv[] ) mbedtls_ssl_conf_ca_chain( &conf, &cacert, NULL ); mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); + mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS ); if( ( ret = mbedtls_ssl_setup( &ssl, &conf ) ) != 0 ) { diff --git a/externals/mbedtls/programs/ssl/dtls_server.c b/externals/mbedtls/programs/ssl/dtls_server.c index 8339d9d11..cebeffac4 100755 --- a/externals/mbedtls/programs/ssl/dtls_server.c +++ b/externals/mbedtls/programs/ssl/dtls_server.c @@ -114,7 +114,7 @@ int main( void ) #include "mbedtls/ssl_cache.h" #endif -#define READ_TIMEOUT_MS 10000 /* 5 seconds */ +#define READ_TIMEOUT_MS 10000 /* 10 seconds */ #define DEBUG_LEVEL 0 @@ -250,6 +250,7 @@ int main( void ) mbedtls_ssl_conf_rng( &conf, mbedtls_ctr_drbg_random, &ctr_drbg ); mbedtls_ssl_conf_dbg( &conf, my_debug, stdout ); + mbedtls_ssl_conf_read_timeout( &conf, READ_TIMEOUT_MS ); #if defined(MBEDTLS_SSL_CACHE_C) mbedtls_ssl_conf_session_cache( &conf, &cache, diff --git a/externals/mbedtls/scripts/assemble_changelog.py b/externals/mbedtls/scripts/assemble_changelog.py index 02bae25b7..b7dee4753 100755 --- a/externals/mbedtls/scripts/assemble_changelog.py +++ b/externals/mbedtls/scripts/assemble_changelog.py @@ -101,6 +101,9 @@ STANDARD_CATEGORIES = ( b'Changes', ) +# The maximum line length for an entry +MAX_LINE_LENGTH = 80 + CategoryContent = namedtuple('CategoryContent', [ 'name', 'title_line', # Title text and line number of the title 'body', 'body_line', # Body text and starting line number of the body @@ -225,6 +228,8 @@ class ChangeLog: # a version that is not yet released. Something like "3.1a" is accepted. _version_number_re = re.compile(br'[0-9]+\.[0-9A-Za-z.]+') _incomplete_version_number_re = re.compile(br'.*\.[A-Za-z]') + _only_url_re = re.compile(br'^\s*\w+://\S+\s*$') + _has_url_re = re.compile(br'.*://.*') def add_categories_from_text(self, filename, line_offset, text, allow_unknown_category): @@ -241,6 +246,21 @@ class ChangeLog: line_offset + category.title_line, 'Unknown category: "{}"', category.name.decode('utf8')) + + body_split = category.body.splitlines() + + for line_number, line in enumerate(body_split, 1): + if not self._only_url_re.match(line) and \ + len(line) > MAX_LINE_LENGTH: + long_url_msg = '. URL exceeding length limit must be alone in its line.' \ + if self._has_url_re.match(line) else "" + raise InputFormatError(filename, + category.body_line + line_number, + 'Line is longer than allowed: ' + 'Length {} (Max {}){}', + len(line), MAX_LINE_LENGTH, + long_url_msg) + self.categories[category.name] += category.body def __init__(self, input_stream, changelog_format): diff --git a/externals/mbedtls/scripts/config.pl b/externals/mbedtls/scripts/config.pl index e5cc69756..35a0af22d 100755 --- a/externals/mbedtls/scripts/config.pl +++ b/externals/mbedtls/scripts/config.pl @@ -66,8 +66,9 @@ # # The baremetal configuration excludes options that require a library or # operating system feature that is typically not present on bare metal -# systems. Features that are excluded from "full" won't be in "baremetal" -# either. +# systems. It also excludes debugging features that increase the code size +# of other modules. +# Features that are excluded from "full" won't be in "baremetal" either. use warnings; use strict; @@ -136,6 +137,7 @@ _ALT\s*$ # Things that should be disabled in "baremetal" my @excluded_baremetal = qw( +MBEDTLS_DEBUG_C MBEDTLS_ENTROPY_NV_SEED MBEDTLS_FS_IO MBEDTLS_HAVEGE_C @@ -147,6 +149,7 @@ MBEDTLS_NET_C MBEDTLS_PLATFORM_FPRINTF_ALT MBEDTLS_PLATFORM_NV_SEED_ALT MBEDTLS_PLATFORM_TIME_ALT +MBEDTLS_TEST_HOOKS MBEDTLS_THREADING_C MBEDTLS_THREADING_PTHREAD MBEDTLS_TIMING_C diff --git a/externals/mbedtls/tests/data_files/Makefile b/externals/mbedtls/tests/data_files/Makefile index db4ee3b3d..3ac237a6a 100755 --- a/externals/mbedtls/tests/data_files/Makefile +++ b/externals/mbedtls/tests/data_files/Makefile @@ -1052,6 +1052,16 @@ cert_md5.crt: cert_md5.csr $(MBEDTLS_CERT_WRITE) request_file=$< serial=6 issuer_crt=$(test_ca_crt) issuer_key=$(test_ca_key_file_rsa) issuer_pwd=$(test_ca_pwd_rsa) not_before=20190210144406 not_after=20290210144406 md=MD5 version=3 output_file=$@ all_final += cert_md5.crt +################################################################ +#### Diffie-Hellman parameters +################################################################ + +dh.998.pem: + $(OPENSSL) dhparam -out $@ -text 998 + +dh.999.pem: + $(OPENSSL) dhparam -out $@ -text 999 + ################################################################ #### Meta targets ################################################################ diff --git a/externals/mbedtls/tests/data_files/dh.998.pem b/externals/mbedtls/tests/data_files/dh.998.pem new file mode 100755 index 000000000..96d6cf2b8 --- /dev/null +++ b/externals/mbedtls/tests/data_files/dh.998.pem @@ -0,0 +1,17 @@ + DH Parameters: (998 bit) + prime: + 39:5f:30:c0:7b:06:b7:6a:49:c6:c0:81:1f:39:77: + b3:35:e2:8d:66:fc:6a:6e:94:f3:df:97:f2:89:31: + 6c:75:39:08:16:d1:a4:b8:0c:68:c5:63:21:61:eb: + 48:2d:77:99:08:1d:67:38:37:0a:cd:cf:39:b6:3c: + 9d:8a:e5:85:3c:71:e3:4b:3e:1e:b9:80:e3:cc:7a: + fd:84:05:b0:df:36:15:29:4e:3e:23:3b:c3:ae:6b: + c7:11:b9:64:43:40:75:c7:4a:ef:a7:2d:00:e2:62: + 8f:93:78:96:8f:2c:25:8d:7d:1f:eb:5c:3c:bf:51: + de:f8:08:25:db + generator: 2 (0x2) +-----BEGIN DH PARAMETERS----- +MIGCAn05XzDAewa3aknGwIEfOXezNeKNZvxqbpTz35fyiTFsdTkIFtGkuAxoxWMh +YetILXeZCB1nODcKzc85tjydiuWFPHHjSz4euYDjzHr9hAWw3zYVKU4+IzvDrmvH +EblkQ0B1x0rvpy0A4mKPk3iWjywljX0f61w8v1He+Agl2wIBAg== +-----END DH PARAMETERS----- diff --git a/externals/mbedtls/tests/data_files/dh.999.pem b/externals/mbedtls/tests/data_files/dh.999.pem new file mode 100755 index 000000000..6e3ceb3ba --- /dev/null +++ b/externals/mbedtls/tests/data_files/dh.999.pem @@ -0,0 +1,17 @@ + DH Parameters: (999 bit) + prime: + 4f:b8:d2:d8:3c:b3:02:c9:64:f5:99:fe:61:cc:b3: + 69:1c:ba:bb:a2:33:db:38:2f:85:87:b7:12:fb:69: + 6e:a5:32:3e:ff:24:df:c4:61:07:0c:e1:88:72:fa: + 14:d4:22:65:18:66:09:7e:43:35:c4:5a:62:f7:0a: + 69:be:45:71:6e:ac:c5:56:d8:22:9e:c4:9c:23:2b: + bd:6d:3b:b6:02:4f:5d:12:a7:ac:90:b8:9e:be:93: + 82:bc:09:7c:cd:e1:09:21:1e:3d:69:2a:76:41:00: + 68:6d:b7:e8:e8:df:d6:1b:82:93:d9:21:4a:ea:71: + f2:e6:c4:94:03 + generator: 2 (0x2) +-----BEGIN DH PARAMETERS----- +MIGCAn1PuNLYPLMCyWT1mf5hzLNpHLq7ojPbOC+Fh7cS+2lupTI+/yTfxGEHDOGI +cvoU1CJlGGYJfkM1xFpi9wppvkVxbqzFVtginsScIyu9bTu2Ak9dEqeskLievpOC +vAl8zeEJIR49aSp2QQBobbfo6N/WG4KT2SFK6nHy5sSUAwIBAg== +-----END DH PARAMETERS----- diff --git a/externals/mbedtls/tests/scripts/check-names.sh b/externals/mbedtls/tests/scripts/check-names.sh index 7c979bcd8..c6a200854 100755 --- a/externals/mbedtls/tests/scripts/check-names.sh +++ b/externals/mbedtls/tests/scripts/check-names.sh @@ -55,11 +55,6 @@ EOF exit fi -if grep --version|head -n1|grep GNU >/dev/null; then :; else - echo "This script requires GNU grep.">&2 - exit 1 -fi - trace= if [ $# -ne 0 ] && [ "$1" = "-v" ]; then shift diff --git a/externals/mbedtls/tests/ssl-opt.sh b/externals/mbedtls/tests/ssl-opt.sh index b6c03224e..01235218a 100755 --- a/externals/mbedtls/tests/ssl-opt.sh +++ b/externals/mbedtls/tests/ssl-opt.sh @@ -130,8 +130,8 @@ print_usage() { echo "Usage: $0 [options]" printf " -h|--help\tPrint this help.\n" printf " -m|--memcheck\tCheck memory leaks and errors.\n" - printf " -f|--filter\tOnly matching tests are executed (BRE)\n" - printf " -e|--exclude\tMatching tests are excluded (BRE)\n" + printf " -f|--filter\tOnly matching tests are executed (substring or BRE)\n" + printf " -e|--exclude\tMatching tests are excluded (substring or BRE)\n" printf " -n|--number\tExecute only numbered test (comma-separated, e.g. '245,256')\n" printf " -s|--show-numbers\tShow test numbers in front of test names\n" printf " -p|--preserve-logs\tPreserve logs of successful tests as well\n" @@ -184,6 +184,14 @@ get_options() { done } +# Read boolean configuration options from config.h for easy and quick +# testing. Skip non-boolean options (with something other than spaces +# and a comment after "#define SYMBOL"). The variable contains a +# space-separated list of symbols. +CONFIGS_ENABLED=" $(<"$CONFIG_H" \ + sed -n 's!^ *#define *\([A-Za-z][0-9A-Z_a-z]*\) *\(/*\)*!\1!p' | + tr '\n' ' ')" + # Skip next test; use this macro to skip tests which are legitimate # in theory and expected to be re-introduced at some point, but # aren't expected to succeed at the moment due to problems outside @@ -194,16 +202,17 @@ skip_next_test() { # skip next test if the flag is not enabled in config.h requires_config_enabled() { - if grep "^#define $1" $CONFIG_H > /dev/null; then :; else - SKIP_NEXT="YES" - fi + case $CONFIGS_ENABLED in + *" $1 "*) :;; + *) SKIP_NEXT="YES";; + esac } # skip next test if the flag is enabled in config.h requires_config_disabled() { - if grep "^#define $1" $CONFIG_H > /dev/null; then - SKIP_NEXT="YES" - fi + case $CONFIGS_ENABLED in + *" $1 "*) SKIP_NEXT="YES";; + esac } get_config_value_or_default() { @@ -422,17 +431,21 @@ fail() { # is_polar is_polar() { - echo "$1" | grep 'ssl_server2\|ssl_client2' > /dev/null + case "$1" in + *ssl_client2*) true;; + *ssl_server2*) true;; + *) false;; + esac } # openssl s_server doesn't have -www with DTLS check_osrv_dtls() { - if echo "$SRV_CMD" | grep 's_server.*-dtls' >/dev/null; then - NEEDS_INPUT=1 - SRV_CMD="$( echo $SRV_CMD | sed s/-www// )" - else - NEEDS_INPUT=0 - fi + case "$SRV_CMD" in + *s_server*-dtls*) + NEEDS_INPUT=1 + SRV_CMD="$( echo $SRV_CMD | sed s/-www// )";; + *) NEEDS_INPUT=0;; + esac } # provide input to commands that need it @@ -548,11 +561,10 @@ wait_client_done() { # check if the given command uses dtls and sets global variable DTLS detect_dtls() { - if echo "$1" | grep 'dtls=1\|-dtls1\|-u' >/dev/null; then - DTLS=1 - else - DTLS=0 - fi + case "$1" in + *dtls=1*|-dtls|-u) DTLS=1;; + *) DTLS=0;; + esac } # Usage: run_test name [-p proxy_cmd] srv_cmd cli_cmd cli_exit [option [...]] @@ -568,8 +580,7 @@ run_test() { NAME="$1" shift 1 - if echo "$NAME" | grep "$FILTER" | grep -v "$EXCLUDE" >/dev/null; then : - else + if is_excluded "$NAME"; then SKIP_NEXT="NO" return fi @@ -577,10 +588,11 @@ run_test() { print_name "$NAME" # Do we only run numbered tests? - if [ "X$RUN_TEST_NUMBER" = "X" ]; then : - elif echo ",$RUN_TEST_NUMBER," | grep ",$TESTS," >/dev/null; then : - else - SKIP_NEXT="YES" + if [ -n "$RUN_TEST_NUMBER" ]; then + case ",$RUN_TEST_NUMBER," in + *",$TESTS,"*) :;; + *) SKIP_NEXT="YES";; + esac fi # should we skip? @@ -606,10 +618,10 @@ run_test() { shift 3 # Check if test uses files - TEST_USES_FILES=$(echo "$SRV_CMD $CLI_CMD" | grep "\.\(key\|crt\|pem\)" ) - if [ ! -z "$TEST_USES_FILES" ]; then - requires_config_enabled MBEDTLS_FS_IO - fi + case "$SRV_CMD $CLI_CMD" in + *data_files/*) + requires_config_enabled MBEDTLS_FS_IO;; + esac # should we skip? if [ "X$SKIP_NEXT" = "XYES" ]; then @@ -840,6 +852,46 @@ cleanup() { get_options "$@" +# Optimize filters: if $FILTER and $EXCLUDE can be expressed as shell +# patterns rather than regular expressions, use a case statement instead +# of calling grep. To keep the optimizer simple, it is incomplete and only +# detects simple cases: plain substring, everything, nothing. +# +# As an exception, the character '.' is treated as an ordinary character +# if it is the only special character in the string. This is because it's +# rare to need "any one character", but needing a literal '.' is common +# (e.g. '-f "DTLS 1.2"'). +need_grep= +case "$FILTER" in + '^$') simple_filter=;; + '.*') simple_filter='*';; + *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep + need_grep=1;; + *) # No regexp or shell-pattern special character + simple_filter="*$FILTER*";; +esac +case "$EXCLUDE" in + '^$') simple_exclude=;; + '.*') simple_exclude='*';; + *[][$+*?\\^{\|}]*) # Regexp special characters (other than .), we need grep + need_grep=1;; + *) # No regexp or shell-pattern special character + simple_exclude="*$EXCLUDE*";; +esac +if [ -n "$need_grep" ]; then + is_excluded () { + ! echo "$1" | grep "$FILTER" | grep -q -v "$EXCLUDE" + } +else + is_excluded () { + case "$1" in + $simple_exclude) true;; + $simple_filter) false;; + *) true;; + esac + } +fi + # sanity checks, avoid an avalanche of errors P_SRV_BIN="${P_SRV%%[ ]*}" P_CLI_BIN="${P_CLI%%[ ]*}" @@ -3908,6 +3960,20 @@ run_test "DHM size: server 1024, client default, OK" \ 0 \ -C "DHM prime too short:" +run_test "DHM size: server 999, client 999, OK" \ + "$P_SRV dhm_file=data_files/dh.999.pem" \ + "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ + debug_level=1 dhmlen=999" \ + 0 \ + -C "DHM prime too short:" + +run_test "DHM size: server 1000, client 1000, OK" \ + "$P_SRV dhm_file=data_files/dh.1000.pem" \ + "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ + debug_level=1 dhmlen=1000" \ + 0 \ + -C "DHM prime too short:" + run_test "DHM size: server 1000, client default, rejected" \ "$P_SRV dhm_file=data_files/dh.1000.pem" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ @@ -3915,6 +3981,27 @@ run_test "DHM size: server 1000, client default, rejected" \ 1 \ -c "DHM prime too short:" +run_test "DHM size: server 1000, client 1001, rejected" \ + "$P_SRV dhm_file=data_files/dh.1000.pem" \ + "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ + debug_level=1 dhmlen=1001" \ + 1 \ + -c "DHM prime too short:" + +run_test "DHM size: server 999, client 1000, rejected" \ + "$P_SRV dhm_file=data_files/dh.999.pem" \ + "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ + debug_level=1 dhmlen=1000" \ + 1 \ + -c "DHM prime too short:" + +run_test "DHM size: server 998, client 999, rejected" \ + "$P_SRV dhm_file=data_files/dh.998.pem" \ + "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ + debug_level=1 dhmlen=999" \ + 1 \ + -c "DHM prime too short:" + run_test "DHM size: server default, client 2049, rejected" \ "$P_SRV" \ "$P_CLI force_ciphersuite=TLS-DHE-RSA-WITH-AES-128-CBC-SHA \ diff --git a/externals/mbedtls/tests/suites/test_suite_base64.data b/externals/mbedtls/tests/suites/test_suite_base64.data index da99ffa87..3a892f479 100755 --- a/externals/mbedtls/tests/suites/test_suite_base64.data +++ b/externals/mbedtls/tests/suites/test_suite_base64.data @@ -151,6 +151,20 @@ base64_encode_hex:"0102030405060708":"AQIDBAUGBwg=":13:0 Base64 encode hex #4 base64_encode_hex:"01020304050607":"AQIDBAUGBw==":13:0 +# Rotate the bytes around so that they end up at each offset modulo 3 in +# successive test cases. +Base64 encode hex all valid input bytes #0 +base64_encode_hex:"000102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff":"AAECAwQFBgcICQoLDA0ODxAREhMUFRYXGBkaGxwdHh8gISIjJCUmJygpKissLS4vMDEyMzQ1Njc4OTo7PD0+P0BBQkNERUZHSElKS0xNTk9QUVJTVFVWV1hZWltcXV5fYGFiY2RlZmdoaWprbG1ub3BxcnN0dXZ3eHl6e3x9fn+AgYKDhIWGh4iJiouMjY6PkJGSk5SVlpeYmZqbnJ2en6ChoqOkpaanqKmqq6ytrq+wsbKztLW2t7i5uru8vb6/wMHCw8TFxsfIycrLzM3Oz9DR0tPU1dbX2Nna29zd3t/g4eLj5OXm5+jp6uvs7e7v8PHy8/T19vf4+fr7/P3+/w==":345:0 + +Base64 encode hex all valid input bytes #1 +base64_encode_hex:"0102030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff00":"AQIDBAUGBwgJCgsMDQ4PEBESExQVFhcYGRobHB0eHyAhIiMkJSYnKCkqKywtLi8wMTIzNDU2Nzg5Ojs8PT4/QEFCQ0RFRkdISUpLTE1OT1BRUlNUVVZXWFlaW1xdXl9gYWJjZGVmZ2hpamtsbW5vcHFyc3R1dnd4eXp7fH1+f4CBgoOEhYaHiImKi4yNjo+QkZKTlJWWl5iZmpucnZ6foKGio6SlpqeoqaqrrK2ur7CxsrO0tba3uLm6u7y9vr/AwcLDxMXGx8jJysvMzc7P0NHS09TV1tfY2drb3N3e3+Dh4uPk5ebn6Onq6+zt7u/w8fLz9PX29/j5+vv8/f7/AA==":345:0 + +Base64 encode hex all valid input bytes #2 +base64_encode_hex:"02030405060708090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f202122232425262728292a2b2c2d2e2f303132333435363738393a3b3c3d3e3f404142434445464748494a4b4c4d4e4f505152535455565758595a5b5c5d5e5f606162636465666768696a6b6c6d6e6f707172737475767778797a7b7c7d7e7f808182838485868788898a8b8c8d8e8f909192939495969798999a9b9c9d9e9fa0a1a2a3a4a5a6a7a8a9aaabacadaeafb0b1b2b3b4b5b6b7b8b9babbbcbdbebfc0c1c2c3c4c5c6c7c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7e8e9eaebecedeeeff0f1f2f3f4f5f6f7f8f9fafbfcfdfeff0001":"AgMEBQYHCAkKCwwNDg8QERITFBUWFxgZGhscHR4fICEiIyQlJicoKSorLC0uLzAxMjM0NTY3ODk6Ozw9Pj9AQUJDREVGR0hJSktMTU5PUFFSU1RVVldYWVpbXF1eX2BhYmNkZWZnaGlqa2xtbm9wcXJzdHV2d3h5ent8fX5/gIGCg4SFhoeIiYqLjI2Oj5CRkpOUlZaXmJmam5ydnp+goaKjpKWmp6ipqqusra6vsLGys7S1tre4ubq7vL2+v8DBwsPExcbHyMnKy8zNzs/Q0dLT1NXW19jZ2tvc3d7f4OHi4+Tl5ufo6err7O3u7/Dx8vP09fb3+Pn6+/z9/v8AAQ==":345:0 + +Base64 encode all valid output characters at all offsets +base64_encode_hex:"00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7effe00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7efd0":"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/Q":261:0 + Base64 decode hex #1 base64_decode_hex:"AQIDBAUGBwgJ":"010203040506070809":9:0 @@ -166,6 +180,9 @@ base64_decode_hex:"AQIDBAUGBw==":"01020304050607":7:0 Base64 decode hex #5 (buffer too small) base64_decode_hex:"AQIDBAUGBw==":"01020304050607":6:MBEDTLS_ERR_BASE64_BUFFER_TOO_SMALL +Base64 decode all valid input characters at all offsets +base64_decode_hex:"ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/+ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/Q":"00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7effe00108310518720928b30d38f41149351559761969b71d79f8218a39259a7a29aabb2dbafc31cb3d35db7e39ebbf3dfbff800420c41461c824a2cc34e3d04524d45565d865a6dc75e7e08628e49669e8a6aaecb6ebf0c72cf4d76df8e7aefcf7efd0":195:0 + Base64 Selftest depends_on:MBEDTLS_SELF_TEST base64_selftest: diff --git a/externals/mbedtls/tests/suites/test_suite_base64.function b/externals/mbedtls/tests/suites/test_suite_base64.function index 3a8bf430f..0185f3b24 100755 --- a/externals/mbedtls/tests/suites/test_suite_base64.function +++ b/externals/mbedtls/tests/suites/test_suite_base64.function @@ -13,13 +13,22 @@ void mbedtls_base64_encode( char * src_string, char * dst_string, { unsigned char src_str[1000]; unsigned char dst_str[1000]; - size_t len; + size_t len, src_len; memset(src_str, 0x00, 1000); memset(dst_str, 0x00, 1000); strncpy( (char *) src_str, src_string, sizeof(src_str) - 1 ); - TEST_ASSERT( mbedtls_base64_encode( dst_str, dst_buf_size, &len, src_str, strlen( (char *) src_str ) ) == result ); + src_len = strlen( (char *) src_str ); + + TEST_CF_SECRET( src_str, sizeof( src_str ) ); + TEST_ASSERT( mbedtls_base64_encode( dst_str, dst_buf_size, &len, src_str, src_len) == result ); + TEST_CF_PUBLIC( src_str, sizeof( src_str ) ); + + /* dest_str will have had tainted data copied to it, prevent the TEST_ASSERT below from triggering + CF failures by unmarking it. */ + TEST_CF_PUBLIC( dst_str, len ); + if( result == 0 ) { TEST_ASSERT( strcmp( (char *) dst_str, dst_string ) == 0 ); @@ -57,7 +66,14 @@ void base64_encode_hex( data_t * src, char * dst, int dst_buf_size, res = zero_alloc( dst_buf_size ); + TEST_CF_SECRET( src->x, src->len ); TEST_ASSERT( mbedtls_base64_encode( res, dst_buf_size, &len, src->x, src->len ) == result ); + TEST_CF_PUBLIC( src->x, src->len ); + + /* res will have had tainted data copied to it, prevent the TEST_ASSERT below from triggering + CF failures by unmarking it. */ + TEST_CF_PUBLIC( res, len ); + if( result == 0 ) { TEST_ASSERT( len == strlen( dst ) ); diff --git a/externals/mbedtls/tests/suites/test_suite_ecp.data b/externals/mbedtls/tests/suites/test_suite_ecp.data index 2c25cd7c4..398ba597c 100755 --- a/externals/mbedtls/tests/suites/test_suite_ecp.data +++ b/externals/mbedtls/tests/suites/test_suite_ecp.data @@ -344,6 +344,14 @@ ECP point multiplication rng fail Curve25519 depends_on:MBEDTLS_ECP_DP_CURVE25519_ENABLED ecp_test_mul_rng:MBEDTLS_ECP_DP_CURVE25519:"5AC99F33632E5A768DE7E81BF854C27C46E3FBF2ABBACD29EC4AFF517369C660" +ECP point muladd secp256r1 #1 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_muladd:MBEDTLS_ECP_DP_SECP256R1:"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579":"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1ffffffff20e120e1e1e1e13a4e135157317b79d4ecf329fed4f9eb00dc67dbddae33faca8b6d8a0255b5ce":"04fab65e09aa5dd948320f86246be1d3fc571e7f799d9005170ed5cc868b67598431a668f96aa9fd0b0eb15f0edf4c7fe1be2885eadcb57e3db4fdd093585d3fa6" + +ECP point muladd secp256r1 #2 +depends_on:MBEDTLS_ECP_DP_SECP256R1_ENABLED +ecp_muladd:MBEDTLS_ECP_DP_SECP256R1:"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1ffffffff20e120e1e1e1e13a4e135157317b79d4ecf329fed4f9eb00dc67dbddae33faca8b6d8a0255b5ce":"01":"04e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e1e0e1ff20e1ffe120e1e1e173287170a761308491683e345cacaebb500c96e1a7bbd37772968b2c951f0579":"04fab65e09aa5dd948320f86246be1d3fc571e7f799d9005170ed5cc868b67598431a668f96aa9fd0b0eb15f0edf4c7fe1be2885eadcb57e3db4fdd093585d3fa6" + ECP test vectors secp192k1 depends_on:MBEDTLS_ECP_DP_SECP192K1_ENABLED ecp_test_vect:MBEDTLS_ECP_DP_SECP192K1:"D1E13A359F6E0F0698791938E6D60246030AE4B0D8D4E9DE":"281BCA982F187ED30AD5E088461EBE0A5FADBB682546DF79":"3F68A8E9441FB93A4DD48CB70B504FCC9AA01902EF5BE0F3":"BE97C5D2A1A94D081E3FACE53E65A27108B7467BDF58DE43":"5EB35E922CD693F7947124F5920022C4891C04F6A8B8DCB2":"60ECF73D0FC43E0C42E8E155FFE39F9F0B531F87B34B6C3C":"372F5C5D0E18313C82AEF940EC3AFEE26087A46F1EBAE923":"D5A9F9182EC09CEAEA5F57EA10225EC77FA44174511985FD" diff --git a/externals/mbedtls/tests/suites/test_suite_ecp.function b/externals/mbedtls/tests/suites/test_suite_ecp.function index e37a017a6..9c90e9c2a 100755 --- a/externals/mbedtls/tests/suites/test_suite_ecp.function +++ b/externals/mbedtls/tests/suites/test_suite_ecp.function @@ -699,6 +699,52 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ECP_SHORT_WEIERSTRASS_ENABLED */ +void ecp_muladd( int id, + data_t *u1_bin, data_t *P1_bin, + data_t *u2_bin, data_t *P2_bin, + data_t *expected_result ) +{ + /* Compute R = u1 * P1 + u2 * P2 */ + mbedtls_ecp_group grp; + mbedtls_ecp_point P1, P2, R; + mbedtls_mpi u1, u2; + uint8_t actual_result[MBEDTLS_ECP_MAX_PT_LEN]; + size_t len; + + mbedtls_ecp_group_init( &grp ); + mbedtls_ecp_point_init( &P1 ); + mbedtls_ecp_point_init( &P2 ); + mbedtls_ecp_point_init( &R ); + mbedtls_mpi_init( &u1 ); + mbedtls_mpi_init( &u2 ); + + TEST_EQUAL( 0, mbedtls_ecp_group_load( &grp, id ) ); + TEST_EQUAL( 0, mbedtls_mpi_read_binary( &u1, u1_bin->x, u1_bin->len ) ); + TEST_EQUAL( 0, mbedtls_mpi_read_binary( &u2, u2_bin->x, u2_bin->len ) ); + TEST_EQUAL( 0, mbedtls_ecp_point_read_binary( &grp, &P1, + P1_bin->x, P1_bin->len ) ); + TEST_EQUAL( 0, mbedtls_ecp_point_read_binary( &grp, &P2, + P2_bin->x, P2_bin->len ) ); + + TEST_EQUAL( 0, mbedtls_ecp_muladd( &grp, &R, &u1, &P1, &u2, &P2 ) ); + TEST_EQUAL( 0, mbedtls_ecp_point_write_binary( + &grp, &R, MBEDTLS_ECP_PF_UNCOMPRESSED, + &len, actual_result, sizeof( actual_result ) ) ); + + ASSERT_COMPARE( expected_result->x, expected_result->len, + actual_result, len ); + +exit: + mbedtls_ecp_group_free( &grp ); + mbedtls_ecp_point_free( &P1 ); + mbedtls_ecp_point_free( &P2 ); + mbedtls_ecp_point_free( &R ); + mbedtls_mpi_free( &u1 ); + mbedtls_mpi_free( &u2 ); +} +/* END_CASE */ + /* BEGIN_CASE */ void ecp_fast_mod( int id, char * N_str ) { diff --git a/externals/mbedtls/tests/suites/test_suite_entropy.data b/externals/mbedtls/tests/suites/test_suite_entropy.data index 8ad8760e2..25fd57fe3 100755 --- a/externals/mbedtls/tests/suites/test_suite_entropy.data +++ b/externals/mbedtls/tests/suites/test_suite_entropy.data @@ -13,6 +13,9 @@ entropy_seed_file:"data_files/entropy_seed":0 Entropy write/update seed file entropy_seed_file:"no_such_dir/file":MBEDTLS_ERR_ENTROPY_FILE_IO_ERROR +Entropy write/update seed file: base NV seed file +entropy_write_base_seed_file:0 + Entropy too many sources entropy_too_many_sources: diff --git a/externals/mbedtls/tests/suites/test_suite_entropy.function b/externals/mbedtls/tests/suites/test_suite_entropy.function index f4f9693fb..6aa8dd343 100755 --- a/externals/mbedtls/tests/suites/test_suite_entropy.function +++ b/externals/mbedtls/tests/suites/test_suite_entropy.function @@ -162,6 +162,21 @@ exit: } /* END_CASE */ +/* BEGIN_CASE depends_on:MBEDTLS_ENTROPY_NV_SEED:MBEDTLS_FS_IO */ +void entropy_write_base_seed_file( int ret ) +{ + mbedtls_entropy_context ctx; + + mbedtls_entropy_init( &ctx ); + + TEST_ASSERT( mbedtls_entropy_write_seed_file( &ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE ) == ret ); + TEST_ASSERT( mbedtls_entropy_update_seed_file( &ctx, MBEDTLS_PLATFORM_STD_NV_SEED_FILE ) == ret ); + +exit: + mbedtls_entropy_free( &ctx ); +} +/* END_CASE */ + /* BEGIN_CASE */ void entropy_too_many_sources( ) { diff --git a/externals/mbedtls/tests/suites/test_suite_mpi.data b/externals/mbedtls/tests/suites/test_suite_mpi.data index 5229253f6..b7f7ee53d 100755 --- a/externals/mbedtls/tests/suites/test_suite_mpi.data +++ b/externals/mbedtls/tests/suites/test_suite_mpi.data @@ -10,21 +10,39 @@ mpi_null: Base test mpi_read_write_string #1 mpi_read_write_string:10:"128":10:"128":100:0:0 +Base test mpi_read_write_string #1 (Leading 0) +mpi_read_write_string:10:"0128":10:"128":100:0:0 + Base test mpi_read_write_string #2 mpi_read_write_string:10:"128":16:"80":100:0:0 -Base test mpi_read_write_string #3 (Read zero) +Base test mpi_read_write_string #3 (Read zero decimal) mpi_read_write_string:10:"0":10:"0":100:0:0 +Base test mpi_read_write_string #3 (Read zero hex) +mpi_read_write_string:16:"0":16:"00":100:0:0 + +Base test mpi_read_write_string #3 (Read minus zero decimal) +mpi_read_write_string:10:"-0":10:"0":100:0:0 + +Base test mpi_read_write_string #3 (Read minus zero hex) +mpi_read_write_string:16:"-0":16:"00":100:0:0 + Base test mpi_read_write_string #3 (Negative decimal) mpi_read_write_string:10:"-23":10:"-23":100:0:0 -Base test mpi_read_write_string #3 (Negative hex) +Base test mpi_read_write_string #3 (Negative decimal, leading 0) +mpi_read_write_string:10:"-023":10:"-23":100:0:0 + +Base test mpi_read_write_string #3 (Negative hex -> decimal) mpi_read_write_string:16:"-20":10:"-32":100:0:0 -Base test mpi_read_write_string #3 (Negative decimal) +Base test mpi_read_write_string #3 (Negative hex) mpi_read_write_string:16:"-23":16:"-23":100:0:0 +Base test mpi_read_write_string #3 (Negative hex, leading 0) +mpi_read_write_string:16:"-023":16:"-23":100:0:0 + Base test mpi_read_write_string #4 (Buffer just fits) mpi_read_write_string:16:"-4":4:"-10":4:0:0 @@ -49,12 +67,18 @@ mpi_read_write_string:10:"29":15:"1e":100:0:0 Test mpi_read_write_string #7 mpi_read_write_string:10:"56125680981752282334141896320372489490613963693556392520816017892111350604111697682705498319512049040516698827829292076808006940873974979584527073481012636016353913462376755556720019831187364993587901952757307830896531678727717924":16:"0941379d00fed1491fe15df284dfde4a142f68aa8d412023195cee66883e6290ffe703f4ea5963bf212713cee46b107c09182b5edcd955adac418bf4918e2889af48e1099d513830cec85c26ac1e158b52620e33ba8692f893efbb2f958b4424":200:0:0 -Test mpi_read_write_string #8 (Empty MPI -> hex) +Test mpi_read_write_string #8 (Empty MPI hex -> hex) mpi_read_write_string:16:"":16:"00":4:0:0 -Test mpi_read_write_string #9 (Empty MPI -> dec) +Test mpi_read_write_string #9 (Empty MPI hex -> dec) mpi_read_write_string:16:"":10:"0":4:0:0 +Test mpi_read_write_string #8 (Empty MPI dec -> hex) +mpi_read_write_string:10:"":16:"00":4:0:0 + +Test mpi_read_write_string #9 (Empty MPI dec -> dec) +mpi_read_write_string:10:"":10:"0":4:0:0 + Test mpi_write_string #10 (Negative hex with odd number of digits) mpi_read_write_string:16:"-1":16:"":3:0:MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL diff --git a/externals/mbedtls/tests/suites/test_suite_version.data b/externals/mbedtls/tests/suites/test_suite_version.data index d43ddad87..66ee453f4 100755 --- a/externals/mbedtls/tests/suites/test_suite_version.data +++ b/externals/mbedtls/tests/suites/test_suite_version.data @@ -1,8 +1,8 @@ Check compiletime library version -check_compiletime_version:"2.16.9" +check_compiletime_version:"2.16.10" Check runtime library version -check_runtime_version:"2.16.9" +check_runtime_version:"2.16.10" Check for MBEDTLS_VERSION_C check_feature:"MBEDTLS_VERSION_C":0 diff --git a/externals/mbedtls/visualc/VS2010/mbedTLS.sln b/externals/mbedtls/visualc/VS2010/mbedTLS.sln index 349d1504d..4653edf44 100755 --- a/externals/mbedtls/visualc/VS2010/mbedTLS.sln +++ b/externals/mbedtls/visualc/VS2010/mbedTLS.sln @@ -3,11 +3,6 @@ Microsoft Visual Studio Solution File, Format Version 11.00 # Visual C++ Express 2010 Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "mbedTLS", "mbedTLS.vcxproj", "{46CF2D25-6A36-4189-B59C-E4815388E554}" EndProject -Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "aescrypt2", "aescrypt2.vcxproj", "{7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}" - ProjectSection(ProjectDependencies) = postProject - {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} - EndProjectSection -EndProject Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "crypt_and_hash", "crypt_and_hash.vcxproj", "{5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}" ProjectSection(ProjectDependencies) = postProject {46CF2D25-6A36-4189-B59C-E4815388E554} = {46CF2D25-6A36-4189-B59C-E4815388E554} @@ -259,14 +254,6 @@ Global {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|Win32.Build.0 = Release|Win32 {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.ActiveCfg = Release|x64 {46CF2D25-6A36-4189-B59C-E4815388E554}.Release|x64.Build.0 = Release|x64 - {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|Win32.ActiveCfg = Debug|Win32 - {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|Win32.Build.0 = Debug|Win32 - {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|x64.ActiveCfg = Debug|x64 - {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Debug|x64.Build.0 = Debug|x64 - {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|Win32.ActiveCfg = Release|Win32 - {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|Win32.Build.0 = Release|Win32 - {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|x64.ActiveCfg = Release|x64 - {7A851DBD-7D57-E8F4-85E5-CCA72AEA7DF8}.Release|x64.Build.0 = Release|x64 {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|Win32.ActiveCfg = Debug|Win32 {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|Win32.Build.0 = Debug|Win32 {5DBB9FC3-6FD6-CA8D-E0FA-35F1E75EFAE7}.Debug|x64.ActiveCfg = Debug|x64 diff --git a/src/core/hle/service/ssl/ssl.cpp b/src/core/hle/service/ssl/ssl.cpp index dc2baca4a..4b5c99d82 100755 --- a/src/core/hle/service/ssl/ssl.cpp +++ b/src/core/hle/service/ssl/ssl.cpp @@ -59,7 +59,7 @@ public: {2, &ISslContext::CreateConnection, "CreateConnection"}, {3, nullptr, "GetConnectionCount"}, {4, nullptr, "ImportServerPki"}, - {5, nullptr, "ImportClientPki"}, + {5, &ISslContext::ImportClientPki, "ImportClientPki"}, {6, nullptr, "RemoveServerPki"}, {7, nullptr, "RemoveClientPki"}, {8, nullptr, "RegisterInternalPki"}, @@ -94,6 +94,25 @@ private: rb.Push(RESULT_SUCCESS); rb.PushIpcInterface(system); } + + void ImportClientPki(Kernel::HLERequestContext& ctx) { + const auto pkcs_12_certificate = ctx.ReadBuffer(0); + const auto ascii_password = [&ctx] { + if (ctx.CanReadBuffer(1)) { + return ctx.ReadBuffer(1); + } + + return std::vector{}; + }(); + + constexpr u64 client_id = 0; + ctx.WriteBuffer(client_id); + + LOG_WARNING(Service_SSL, "(STUBBED) called"); + + IPC::ResponseBuilder rb{ctx, 2}; + rb.Push(RESULT_SUCCESS); + } }; class SSL final : public ServiceFramework { diff --git a/src/yuzu/configuration/configure_ui.cpp b/src/yuzu/configuration/configure_ui.cpp index 943be555a..0a28c87c0 100755 --- a/src/yuzu/configuration/configure_ui.cpp +++ b/src/yuzu/configuration/configure_ui.cpp @@ -46,6 +46,7 @@ ConfigureUi::ConfigureUi(QWidget* parent) : QWidget(parent), ui(new Ui::Configur SetConfiguration(); // Force game list reload if any of the relevant settings are changed. + connect(ui->show_add_ons, &QCheckBox::stateChanged, this, &ConfigureUi::RequestGameListUpdate); connect(ui->icon_size_combobox, QOverload::of(&QComboBox::currentIndexChanged), this, &ConfigureUi::RequestGameListUpdate); connect(ui->row_1_text_combobox, QOverload::of(&QComboBox::currentIndexChanged), this,