lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-09 10:01:18 +03:00
Code
32,851 Commits 172 Branches 268 Tags
Commit Graph

2807 Commits

Author SHA1 Message Date
Przemek Stekiel
3a92593d1e Adapt cert_req app to support SAN IP 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-03 12:58:11 +01:00
Gilles Peskine
df6e84a447 Test the PSA alternative header configuration macros 
Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and
MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes
after the standard directory in the include file search path.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-23 17:18:33 +01:00
Valerio Setti
5ba1d5eb2c programs: use proper macro for ECDSA capabilities in ssl_sever2 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-23 08:15:17 +01:00
Hannes Tschofenig
6b108606fa Added ability to include the SubjectAltName extension to a CSR 
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
 2023-02-21 13:42:39 +01:00
Dave Rodgman
54647737f6 Add checks to selftest 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-10 16:16:17 +00:00
Pol Henarejos
b3b220cbf8
Correct style. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-02-08 12:52:18 +01:00
Pol Henarejos
a6779287e8
Style. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-02-08 00:50:04 +01:00
Pol Henarejos
4e747337ee
Merge branch 'development' into sha3 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-02-07 19:55:31 +01:00
Dave Rodgman
f31c9e441b
Merge pull request #7019 from tom-cosgrove-arm/dont-use-cast-assignment-in-ssl_server2.c 
Don't use cast-assignment in ssl_server.c
 2023-02-06 12:13:08 +00:00
Dave Rodgman
94c9c96c94
Merge pull request #6998 from aditya-deshpande-arm/fix-example-programs-usage 
Fix incorrect dispatch to USAGE in example programs, which causes uninitialized memory to be used
 2023-02-06 09:53:50 +00:00
Tom Cosgrove
de85725507 Don't use cast-assignment in ssl_server.c 
Would have used mbedtls_put_unaligned_uint32(), but alignment.h is in library/.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-02-03 16:38:05 +00:00
Aditya Deshpande
9b45f6bb68 Fix more argc checks 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-02-03 16:15:30 +00:00
Dave Rodgman
6dd757a8ba Fix use of sizeof without brackets 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-02 12:40:50 +00:00
Aditya Deshpande
644a5c0b2b Fix bugs in example programs: change argc == 0 to argc < 2 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-01-30 16:48:13 +00:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843 
Improve X.509 cert writing serial number management
 2023-01-30 13:08:57 +01:00
Valerio Setti
af4815c6a4 x509: replace/fix name of new function for setting serial 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-26 17:43:09 +01:00
Pengyu Lv
e2f1dbf5ae update docs of ssl_client2 and improve code format 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-16 12:38:12 +08:00
Pengyu Lv
302feb3955 add cases to test session resumption with different ticket_flags 
This commit add test cases to test if the check of kex change mode
in SessionTicket works well.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:56 +08:00
Valerio Setti
48fdbb3940 programs: cert_write: fixed bug in parsing dec serial 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:45 +01:00
Valerio Setti
791bbe629d programs: improved cert_write serial management 
Now it can accept serial both as decimal and hex number (only one format
at a time, of course, not simultaneously).

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:45 +01:00
Valerio Setti
acf12fb744 x509: fix endianness and input data format for x509write_crt_set_serial_new 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Valerio Setti
5d164c4e23 fix: add missing deprecation guards 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Valerio Setti
da0afcc2fb x509: remove direct dependency from BIGNUM_C 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:44 +01:00
Gilles Peskine
449bd8303e Switch to the new code style 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-11 14:50:10 +01:00
Jerry Yu
a15af37867 Change time resolution of reco_delay from second to millionseconds 
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.

From test result of #6712, this can improve the fail rate from 4%
to 92%.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-01-07 13:01:42 +08:00
David Horstmann
e3d8f31ba1 Workaround Uncrustify parsing of "asm" 
The following code:

 #ifndef asm
 #define asm __asm
 #endif

causes Uncrustify to stop correcting the rest of the file. This may be
due to parsing the "asm" keyword in the definition.

Work around this by wrapping the idiom in an *INDENT-OFF* comment
wherever it appears.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-01-03 11:07:09 +00:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702 
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
 2023-01-03 09:36:58 +01:00
Valerio Setti
d10e0a6341 sha: fix minor issues/typos 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-22 14:25:26 +01:00
Dave Rodgman
2038da9266
Merge pull request #6826 from daverodgman/fix_gettimeofday 
Fix gettimeofday overflow
 2022-12-20 16:01:53 +00:00
Dave Rodgman
7796cc4f24 Fix overflow in mbedtls_timing_hardclock 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-20 13:12:23 +00:00
Valerio Setti
e7221a21ad test: adjust depends.py to new SHA224/SHA384 changes 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-16 14:43:48 +01:00
Gilles Peskine
6b21820bd3
Merge pull request #6687 from gilles-peskine-arm/fuzz-cflags 
programs/fuzz: set sensible default CFLAGS
 2022-12-15 19:47:22 +01:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599 
Allow isolation of EC J-PAKE password when used in TLS
 2022-12-14 11:04:33 +01:00
Valerio Setti
46e8fd8263 test: sha: test SHA224 and SHA256 separately 
This is meant to adapt to the new library design in which
SHA224 and SHA256 can be built independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-14 10:58:02 +01:00
Valerio Setti
898e7a3afe test: sha: test SHA384 and SHA512 separately 
This is meant to adapt to the new library design in which
SHA384 and SHA512 can be built independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-14 10:50:54 +01:00
Manuel Pégourié-Gonnard
ebf322ddf6
Merge pull request #6629 from concatime/cmake-config-dir 
Install CMake files in MbedTLS dir
 2022-12-14 10:30:52 +01:00
Valerio Setti
d75c5c4405 test: pake: fail in case the opaque key is destroyed unexpectedly 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-13 11:51:32 +01:00
Valerio Setti
785116a5be test: pake: modify opaque key verification before destruction 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-12 11:59:25 +01:00
Manuel Pégourié-Gonnard
1a100b69a4
Merge pull request #6705 from davidhorstmann-arm/code-style-script-non-corrected 
Add code style correction script
 2022-12-09 09:41:14 +01:00
Valerio Setti
eb3f788b03 tls: pake: do not destroy password key in TLS 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-08 18:42:58 +01:00
Valerio Setti
d5fa0bfb85 test: pake: check psa key validity before destroying it 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-07 16:02:42 +01:00
Ronald Cron
fbba0e9d75
Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface 
TLS 1.3: Refactor early data configuration interface.
 2022-12-07 09:42:12 +01:00
Jerry Yu
d146a37d56 Change the definition of max_early_data_size argument. 
`conf_max_early_data_size` does not reuse as en/disable. When
call it, we should call `conf_early_data()` also.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-06 14:56:54 +08:00
Jerry Yu
2c93fc1544 Revert "Add reco_debug_level to reduce debug output" 
This reverts commit a6934776c90a834a321daf7eeb35f2ad7d402c50.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-06 11:05:54 +08:00
Jerry Yu
54dfcb7794 fix comments and debug info issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-05 15:43:09 +08:00
Tom Cosgrove
1797b05602 Fix typos prior to release 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-04 17:19:59 +00:00
Issam E. Maghni
760f3a0a48 Install CMake files in MbedTLS dir 
Right now, CMake files are installed in <prefix>/cmake. That being said,
it gets easily bloated, and the standard is to use a directory with the
same name as the project.

I discovered this issue with this "bug":
https://github.com/termux/termux-packages/issues/12416
The issue's author claimed that MbedTLS's files were not installed in
the lib directory. But the patch applied by termux team broke CMake's
search of MbedTLS config files. So I wanted to upstream the real fix
here instead.

Here are some examples of projects using directories:
 - https://github.com/xiph/flac/blob/1.4.2/CMakeLists.txt#L239
 - https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.15.2/CMakeLists.txt#L675
 - https://github.com/catchorg/Catch2/blob/v3.2.0/CMakeLists.txt#L62
 - https://github.com/capnproto/capnproto/blob/v0.10.2/c++/CMakeLists.txt#L162

Signed-off-by: Issam E. Maghni <issam.e.maghni@mailbox.org>
 2022-12-04 03:00:38 +00:00
Valerio Setti
d6feb20869 test: pake: allow opaque password only when USE_PSA is enabled 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-02 14:28:49 +01:00
Jerry Yu
7854a4e019 Add max_early_data_size option for ssl_sever2 
- to set max_early_data_set

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-01 23:11:48 +08:00
Jerry Yu
a6934776c9 Add reco_debug_level to reduce debug output 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-01 23:11:48 +08:00