lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00
Code Activity
31,194 Commits 176 Branches 276 Tags
126cfedba49b51fc96763f67bb7ceee727d6ff51
Commit Graph

2738 Commits

Author SHA1 Message Date
Przemek Stekiel
6260ee9cab cert_app: init entropy unconditionally 
When mbedtls_entropy_free() is called without mbedtls_entropy_init() entropy is uninitialized and contains garbage which may lead to segmentation fault.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-16 22:42:01 +02:00
Przemek Stekiel
89c636e6cf Init PSA in ssl and x509 programs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-16 22:41:52 +02:00
Valerio Setti
d49cbc1493 test: fix remaining failures in test due to the ECP_LIGHT symbol 
Changes in test_suite_psa_crypto are to enforce the dependency
on ECP_C which is mandatory for some key's derivation.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Gilles Peskine
7c1c7ce90e Merge pull request #7401 from AndrzejKurek/md-guards-missing 
Add missing md.h includes
 2023-04-11 09:32:17 +02:00
Gilles Peskine
c9e8a65d06 Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api 
ssl_cache: misc improvements
 2023-04-11 09:30:40 +02:00
Andrzej Kurek
0af32483f3 Change the format of md.h include comments 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-07 03:10:28 -04:00
Andrzej Kurek
0e03f4c119 Remove unnecessary include 
This is a PSA-based program and psa/crypto.h
is already included.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-06 07:55:25 -04:00
Andrzej Kurek
316b7dd19c Add a justification for early md.h include in programs 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-05 14:44:38 -04:00
Andrzej Kurek
da86e2e5bd Revert to using MBEDTLS_SHA_1_C when mbedtls_sha1 is called directly 
This was mistakingly changed in #7327.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-05 14:39:22 -04:00
Andrzej Kurek
eaea30d30e Remove duplicated md.h includes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-05 14:36:51 -04:00
toth92g
27f9e7815c Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields 
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
Andrzej Kurek
1b75e5f784 Add missing md.h includes 
MBEDTLS_MD_CAN_SHAXXX are defined there.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-04 09:55:06 -04:00
Manuel Pégourié-Gonnard
33783b4646 Manually fix two remaining instances of old macros 
Unless I missed something, all remaining instance of all macros are in
files where it makes sense to use these. I went over the output of:

    git grep -c -E 'MBEDTLS_(MD5|RIPEMD160|SHA[0-9]*)_C'

and I think all the files listed fall into one of the following
acceptable categories:

- documentation and historical documents: Changelog, docs/**/*.md
- config files and related: mbedtls_config.h, configs/*.h,
  check_config.h, config_psa.h, etc.
- scripts that build/modify configs: all.sh, depends.py,
  set_psa_test_dependencies.py, etc.
- implementation of MD or PSA or related: md.h, psa_util.h, etc. and
  corresponding test suites
- implementation of hashes: md5.c, sha256.h, etc. and corresponding test
  suites
- two example programs using a low-level hash API: hash/hello.c,
  pkey/ecdsa.c
- test/benchmark.c, test/selftest.c: actually want our built-in
  implementations
- a function in test_suite_psa_crypto_storage_format that is
  specifically for checking if the hash is built in.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
93302422fd Fix instances of old feature macros being used 
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data

Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
7224086ebc Remove legacy_or_psa.h 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
23fc437037 SSL: fix test failures 
1. Change USE_PSA_CRYPTO_INIT/DONE to MD_OR_USE.

2. Add missing occurrences - some of these were already necessary in
principle (in one form or another) but where missing and this was not
detected so far as `psa_hash` doesn't complain in case of a missing
init, but now MD makes it visible.

3. Add missing include in ssl_test_lib.h.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
bef824d394 SSL: use MD_CAN macros 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:29:31 +01:00
Paul Elliott
9f02a4177b Merge pull request #7009 from mprse/csr_write_san 
Added ability to include the SubjectAltName extension to a CSR - v.2
 2023-03-17 10:07:27 +00:00
Pengyu Lv
b1895899f1 ssl_cache: Improve some comments 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-16 14:33:28 +08:00
Gilles Peskine
2a44ac245f Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api 
ssl_cache: Add cache entry removal api
 2023-03-15 15:38:06 +01:00
Pengyu Lv
f30488f5cd Move the usage string of cache_remove to USAGE_CACHE 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-15 09:53:45 +08:00
Przemek Stekiel
f86fe73d59 Fix error on Windows builds (conversion from 'unsigned long' to 'uint8_t') 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-14 09:55:29 +01:00
Pengyu Lv
753d02ffd4 ssl_server2: Add options to support cache removal 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-13 09:28:17 +08:00
Przemek Stekiel
55ceff6d2f Code optimization and style fixes 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-10 14:36:16 +01:00
Przemek Stekiel
68ca81c8fe Change separator for SAN names to ';' 
When ';' is used as a separator san names must be provided in quotation marks:
./cert_req filename=../../tests/data_files/server8.key subject_name=dannybackx.hopto.org san="URI:http://pki.example.com/;IP:127.1.1.0;DNS:example.com"

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 14:04:11 +01:00
Dave Rodgman
5e5aa4a4e6 Merge pull request #7218 from tom-cosgrove-arm/fix-typos-230307 
Fix typos in development prior to release
 2023-03-08 17:19:59 +00:00
Manuel Pégourié-Gonnard
289e5baa83 Merge pull request #7082 from valeriosetti/issue6861 
driver-only ECDSA: add ssl-opt.sh testing with testing parity
 2023-03-08 16:45:38 +01:00
Tom Cosgrove
5c8505f061 Fix typos 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-07 11:39:52 +00:00
Przemek Stekiel
6cb59c55c3 ip_string_to_bytes: remove status, add info about supported ip version 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-06 10:13:20 +01:00
Pol Henarejos
f61d6c0a2b Merge branch 'development' into sha3 2023-03-04 00:03:06 +01:00
Przemek Stekiel
5a49d3cce3 Replace mbedtls_x509_san_node with mbedtls_x509_subject_alternative_name 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-03 12:58:11 +01:00
Przemek Stekiel
3a92593d1e Adapt cert_req app to support SAN IP 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-03 12:58:11 +01:00
Gilles Peskine
df6e84a447 Test the PSA alternative header configuration macros 
Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and
MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes
after the standard directory in the include file search path.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-23 17:18:33 +01:00
Valerio Setti
5ba1d5eb2c programs: use proper macro for ECDSA capabilities in ssl_sever2 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-23 08:15:17 +01:00
Hannes Tschofenig
6b108606fa Added ability to include the SubjectAltName extension to a CSR 
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
 2023-02-21 13:42:39 +01:00
Dave Rodgman
54647737f6 Add checks to selftest 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-10 16:16:17 +00:00
Pol Henarejos
b3b220cbf8 Correct style. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-02-08 12:52:18 +01:00
Pol Henarejos
a6779287e8 Style. 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-02-08 00:50:04 +01:00
Pol Henarejos
4e747337ee Merge branch 'development' into sha3 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-02-07 19:55:31 +01:00
Dave Rodgman
f31c9e441b Merge pull request #7019 from tom-cosgrove-arm/dont-use-cast-assignment-in-ssl_server2.c 
Don't use cast-assignment in ssl_server.c
 2023-02-06 12:13:08 +00:00
Dave Rodgman
94c9c96c94 Merge pull request #6998 from aditya-deshpande-arm/fix-example-programs-usage 
Fix incorrect dispatch to USAGE in example programs, which causes uninitialized memory to be used
 2023-02-06 09:53:50 +00:00
Tom Cosgrove
de85725507 Don't use cast-assignment in ssl_server.c 
Would have used mbedtls_put_unaligned_uint32(), but alignment.h is in library/.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-02-03 16:38:05 +00:00
Aditya Deshpande
9b45f6bb68 Fix more argc checks 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-02-03 16:15:30 +00:00
Dave Rodgman
6dd757a8ba Fix use of sizeof without brackets 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-02 12:40:50 +00:00
Aditya Deshpande
644a5c0b2b Fix bugs in example programs: change argc == 0 to argc < 2 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-01-30 16:48:13 +00:00
Manuel Pégourié-Gonnard
aae61257d1 Merge pull request #6883 from valeriosetti/issue6843 
Improve X.509 cert writing serial number management
 2023-01-30 13:08:57 +01:00
Valerio Setti
af4815c6a4 x509: replace/fix name of new function for setting serial 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-26 17:43:09 +01:00
Pengyu Lv
e2f1dbf5ae update docs of ssl_client2 and improve code format 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-16 12:38:12 +08:00
Pengyu Lv
302feb3955 add cases to test session resumption with different ticket_flags 
This commit add test cases to test if the check of kex change mode
in SessionTicket works well.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:56 +08:00
Valerio Setti
48fdbb3940 programs: cert_write: fixed bug in parsing dec serial 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-12 17:01:45 +01:00