lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-10 21:01:41 +03:00
Code
32,851 Commits 172 Branches 268 Tags
Commit Graph

12188 Commits

Author SHA1 Message Date
Valerio Setti
3a815cbd2f all.sh: keep RSA_C enabled in component_full_no_pkparse_pkwrite() 
This is possible because after #8740 RSA_C no longer depends on
PK to parse and write private/public keys.

This commit also solves related issues that arose after this change
in "pk.c" and "test_suite_pk". In particular now we can use
rsa's module functions for parsing and writing keys without need
to rely on pk_parse and pk_write functions.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 11:34:53 +01:00
Minos Galanakis
f9a6893b55 Changelog: Added entry for ssl_session accessors. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-11 10:09:44 +00:00
Valerio Setti
61532e9a6b test_suite_pk: fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Valerio Setti
01ba66d56e pk: replace CRYPTO_CLIENT guards with CRYPTO_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Valerio Setti
a41654d5b1 all.sh: add test component based on full config without PK_[PARSE|WRITE]_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Valerio Setti
452d2d2ccb test_suite_pk: add some initial testing for mbedtls_pk_copy_from_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:48:40 +01:00
Manuel Pégourié-Gonnard
af3e574f5f
Merge pull request #8862 from valeriosetti/issue8825 
Improve support of mbedtls_psa_get_random in client-only builds
 2024-03-10 20:06:27 +00:00
Ronald Cron
61fd13c6a5 Merge remote-tracking branch 'mbedtls/development' into tls13-cli-max-early-data-size 2024-03-10 18:09:47 +01:00
Ronald Cron
9422725aba tls13: cli: Discard ticket with zero lifetime 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-10 17:48:26 +01:00
Jerry Yu
ce79488dd5 tls13: srv: Fail connection if ticket lifetime exceed 7 days 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-10 17:42:43 +01:00
Ronald Cron
7e1f9f290f
Merge pull request #8854 from ronald-cron-arm/tls13-srv-max-early-data-size 
TLS 1.3: Enforce max_early_data_size on server
 2024-03-09 00:16:07 +00:00
Ronald Cron
e1295fabaf tests: ssl: early data: Fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 17:05:27 +01:00
Janos Follath
080a5171e2
Merge pull request #8861 from ronald-cron-arm/tls13-srv-select-kex 
TLS 1.3: SRV: Improve key exchange mode selection
 2024-03-08 14:58:36 +00:00
Ronald Cron
52472104a2 tests: suite: early data: Add comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
4facb0a9cd tests: ssl: Improve early data test code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
1a13e2f43e tests: ssl: Improve test code for very small max_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
e14770fc42 ssl-opt.sh: Fix early data test option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:57:36 +01:00
Ronald Cron
1f63fe4d74 tls13: srv: Fix resume flag in case of cancelled PSK 
If we prefer ephemeral key exchange mode over
the pure PSK one, make sure the resume flag is
disabled as eventually we are not going to
resume a session even if we aimed to at some
point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
cf284565c5 tls13: srv: Determine best key exchange mode for a PSK 
Determine best key exchange for for ticket based and
external PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
12e72f1664 tls13: srv: Always parse the pre-shared key extension 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
139a4185b1
Merge pull request #8587 from yanrayw/issue/4911/ssl_setup-check-RNG-configuration 
TLS: check RNG when calling mbedtls_ssl_setup()
 2024-03-08 07:38:39 +00:00
Dave Rodgman
4c4f1f1428 Avoid recursion for relative paths 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-07 17:25:52 +00:00
Dave Rodgman
c02c5b1520 Follow-up for less verbose logging 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-07 17:25:52 +00:00
tom-daubney-arm
d4c57c0ad2
Merge branch 'development-restricted' into key_agreement_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-03-06 16:47:13 +00:00
Ryan Everett
63c1cf7eaa Remove MBEDTLS_THREADING_C check in check_test_dependencies 
At the moment our tests only check for MBEDTLS_THREADIN_PTHREAD

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-06 16:46:15 +00:00
Paul Elliott
16d5160504 Allow the use of threading dependancies in PSA tests. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-06 16:46:15 +00:00
Ryan
b0b3c0d80a Disable MBEDTLS_SELF_TEST in the TSan config 
Enabling this causes TSan warnings, as some self-tests use unprotected globals
(see X_count variables in ecp.c). This isn't an issue, as these globals are only
read in self tests, which do not use threads.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-06 16:46:08 +00:00
Ryan
2066d0451f Add test cases for concurrently_generate_keys 
For every generate_key test there is now a concurrently_generate_keys test.
8 threads per test, and 5 repetitions.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-06 16:46:00 +00:00
Ryan
3a1b786d5d Add a concurrent key generation test function 
Split into n threads, each thread will repeatedly generate,
exercise and destroy a key.
Then join the threads, and ensure using PSA_DONE that no keys still exist.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-06 16:45:36 +00:00
Thomas Daubney
a4866945b8 Fix issue with large allocation in tests 
In test_suite_psa_crypto_op_fail.generated.function
the function key_agreement_fail was setting the
public_key_length variable to SIZE_MAX which meant that
a huge allocation was being attempted.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-03-06 16:32:25 +00:00
Paul Elliott
8a2062c538
Merge pull request #8892 from paul-elliott-arm/add_threading_to_drivers 
Ensure drivers have threading enabled if required
 2024-03-06 14:35:49 +00:00
Minos Galanakis
411cb6c30f test_suite_ssl: Added ssl_session_id_accessors_check. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-06 13:52:03 +00:00
David Horstmann
a5175634b0
Merge branch 'development-restricted' into copying-pake 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-06 11:18:28 +00:00
Gilles Peskine
31403a4ca8
Merge pull request #8678 from daverodgman/quietbuild 
Make builds less verbose
 2024-03-05 18:04:16 +00:00
Gilles Peskine
71cc260563
Merge pull request #8728 from minosgalanakis/features/add_mbedtls_x509_crt_get_ca_istrue_accesor_6151 
[MBEDTLS_PRIVATE] Add mbedtls_x509_crt_get_ca_istrue() accesor
 2024-03-05 18:04:06 +00:00
Dave Rodgman
3c4166aef3
Merge pull request #8863 from minosgalanakis/feature/add_ecdh_context_5016 
[MBEDTLS_PRIVATE] Add a getter for the ECDH context->grp.id member.
 2024-03-05 16:58:13 +00:00
Minos Galanakis
581e63637a test_suite_x509parse: Added test-case for legacy certificate 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-05 14:39:23 +00:00
Paul Elliott
053b7886e5 Ensure drivers have threading enabled if required 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-05 14:27:23 +00:00
Ryan
6caf84f717 Explicitely remove the deprecated driver interface from the TSan config 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-05 14:10:08 +00:00
Gilles Peskine
8462146d01
Merge pull request #8867 from gilles-peskine-arm/psa_key_attributes-remove_core 
Merge psa_core_key_attributes_t back into psa_key_attributes_t
 2024-03-05 09:59:24 +00:00
Gilles Peskine
de047b09fe Add docstrings to pacify pylint 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 17:12:59 +01:00
Gilles Peskine
2aa63ea48c Support Git submodules 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 17:12:59 +01:00
Gilles Peskine
1c13aa78c2 Framework submodule: fix the libtestdriver1 build 
`make -C tests libtestdriver1` copies `library/Makefile` to
`tests/libtestdriver1/library/Makefile`, where `../framework` does not point
to the framework submodule.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 17:12:59 +01:00
Gábor Mezei
716cf2d4e0
Merge branch 'development-restricted' into buffer_protection_for_cipher 
Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>
 2024-03-04 15:38:05 +00:00
Ronald Cron
987cf898db ssl_helpers: Restore rng_seed incrementation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-04 10:24:27 +01:00
Gilles Peskine
fad79fcdd9 Merge remote-tracking branch 'development' into ecp-write-ext-3.6 
Conflicts:
* library/pk.c: mbedtls_pk_wrap_as_opaque() changed in the feature branch
  and was removed in the target branch.
 2024-03-04 08:52:08 +01:00
Minos Galanakis
a83ada4eba tests: Added test for mbedtls_x509_crt_get_ca_istrue() 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 02:22:01 +00:00
Ronald Cron
e93cd1b580 tests: ssl: Free write/read test buffers 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 19:30:00 +01:00
Ronald Cron
7c07aab72e tests: write early data: Improve tls13_cli_max_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 19:07:40 +01:00
Ronald Cron
ae6f9a58a9 tests: write early data: Allocate buffer to write/read 
Allocate the buffer to write/read early data. That
way in ASan builds. buffer overwrite/overread can
be detected.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 19:07:34 +01:00