lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity
18,296 Commits 174 Branches 272 Tags
4e62cbc3227f57f804f44fbed89e88eecb51a0cf
Commit Graph

18296 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
d5b2a59826 Merge pull request #5047 from paul-elliott-arm/psa-m-aead-ccm 
PSA Multipart AEAD CCM Internal implementation and tests.
 2021-12-09 14:49:42 +01:00
Minos Galanakis
c42cadb54a Updated readme 
This patch adds explicit implementation requirements for
platforms architecture dependencies

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2021-12-09 13:21:20 +00:00
Paul Elliott
3820c150d1 Prevent resource leak 
If -f was used as an argument twice to the program, then it would leak
the file resource, due to overwriting it on the second pass

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 12:48:51 +00:00
Ronald Cron
d4c64027a5 tls13: Move state transition after sending CCS to ssl_tls13_client.c 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron
a55c5a1152 ssl-opt.sh: TLS 1.3: Add middlebox compatibility tests with GnuTLS 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron
7c0185fa5f ssl-opt.sh: TLS 1.3: Add some missing test dependencies 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron
49ad6197ca Add injection of dummy's ChangeCipherSpec for middlebox compatibility 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron
fdb0e3f381 ssl-opt.sh: TLS 1.3: Run tests with middlebox compatibility enabled 
Run tests with middlebox compatibility enabled but tests
dedicated to middlebox compatibility disabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron
7e38cba993 Add incoming ChangeCipherSpec filtering in TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Ronald Cron
ab65c52944 Add MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE config option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-09 13:40:22 +01:00
Manuel Pégourié-Gonnard
c38c1f2411 Merge pull request #5268 from gilles-peskine-arm/struct_reordering_3.0 
Reorder structure fields to maximize usage of immediate offset access
 2021-12-09 12:54:09 +01:00
Manuel Pégourié-Gonnard
d7d740eb6e Merge pull request #5236 from gabor-mezei-arm/4926_base64_move_constant-time_functions 
Move base64 constant-time functions to the new module
 2021-12-09 12:40:18 +01:00
Minos Galanakis
e87790baba Update changelog 
This patch adds explicit wording to state
that Two's complement is the official
supported signed integer representation.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2021-12-09 09:58:43 +00:00
Paul Elliott
37ec16b579 Add explanation for workaround in test code 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 09:44:11 +00:00
Manuel Pégourié-Gonnard
b873577fc3 Merge pull request #5240 from duckpowermb/development 
[session] fix a session copy bug
 2021-12-09 09:23:23 +01:00
Manuel Pégourié-Gonnard
49c20954e4 Merge pull request #865 from davidhorstmann-arm/3.0-fix-session-copy-bug-chglog 
Add changelog entry for session copy bugfix
 2021-12-09 09:21:28 +01:00
Paul Elliott
3938fef25c Indicate set nonce negative test failure reasons 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-08 20:09:09 +00:00
Gilles Peskine
cfe74a37b9 mbedtls_ssl_handshake_params: move ecrs_ctx back further 
"mbedtls_ssl_handshake_params: reorder fields to save code size" moved this
filed earlier along with byte-sized fields that should be in the 128-element
access window on Arm Thumb. This took away precious room in the 128-byte
window. Move it back further out.

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2860 -> 2816 (diff: 44)
library/ssl_msg.o: 3080 -> 3076 (diff: 4)
library/ssl_srv.o: 3340 -> 3300 (diff: 40)
library/ssl_tls.o: 6546 -> 6478 (diff: 68)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-08 18:38:51 +01:00
Gilles Peskine
b3ec69dba5 mbedtls_ssl_config: better document former bit-fields 
Ensure that the documentation of fields affected by
"mbedtls_ssl_config: Replace bit-fields by separate bytes"
conveys information that may have been lost by removing the exact size of
the type. Extend the preexisting pattern "do this?" for formerly 1-bit
boolean fields. Indicate the possible values for non-boolean fields.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-08 18:32:12 +01:00
Gilles Peskine
41139a2541 mbedtls_ssl_handshake_params: move group_list earlier to save code size 
Placing group_list earlier seems to help significantly, not just as a matter
of placing it in the 128-element (512-byte) access window.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/ssl_cli.o: 19559 -> 19551 (diff: 8)
library/ssl_msg.o: 24690 -> 24674 (diff: 16)
library/ssl_srv.o: 20418 -> 20406 (diff: 12)
library/ssl_tls.o: 20555 -> 20519 (diff: 36)
library/ssl_tls13_client.o: 7244 -> 7240 (diff: 4)
library/ssl_tls13_generic.o: 4693 -> 4697 (diff: -4)

Results (same architecture, config-suite-b.h + MBEDTLS_ECDH_LEGACY_CONTEXT +
MBEDTLS_ECP_RESTARTABLE):
library/ssl_cli.o: 2864 -> 2860 (diff: 4)
library/ssl_tls.o: 6566 -> 6546 (diff: 20)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-08 18:26:55 +01:00
Ronald Cron
1865585eab Merge pull request #5212 from yuhaoth/pr/add-tls13-compat-testcases 
TLS1.3 MVP:Add tls13 compat, not supported version , certificaterequest and HRR tests
 2021-12-08 14:56:39 +01:00
David Horstmann
e217edf49c Add changelog entry for session copy bugfix 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-12-08 13:32:59 +00:00
Manuel Pégourié-Gonnard
5d9f42200f Merge pull request #861 from ronald-cron-arm/fix-aead-nonce 
psa: aead: Fix invalid output buffer usage in generate_nonce()
 2021-12-08 13:30:21 +01:00
Manuel Pégourié-Gonnard
39c2aba920 Merge pull request #849 from ronald-cron-arm/fix-cipher-iv 
Avoid using encryption output buffer to pass generated IV to PSA driver
 2021-12-08 13:30:06 +01:00
Gilles Peskine
392113434a Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x 
Forward port to 3.x: Introduce PSA test driver library to test PSA configuration
 2021-12-07 12:52:20 +01:00
Gilles Peskine
45b91c93f1 Merge pull request #5269 from daverodgman/fix-builds-with-only-mbedtls_bignum_c-defined-development 
Fix builds when config.h only defines MBEDTLS_BIGNUM_C
 2021-12-07 12:38:06 +01:00
Dave Rodgman
d7c091060f Merge pull request #5242 from paul-elliott-arm/explain_TLS13_decision 
TLS1.3: Edit docs to explain not changing curve order.
 2021-12-07 11:01:04 +00:00
Ronald Cron
0b4d12313a Remove assertion on local nonce buffer size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 10:45:00 +01:00
Ronald Cron
27d47713c9 tests: psa: Remove MD2, MD4 and ARC4 related code 
MD2, MD4 and ARC4 are not supported anymore in
3.x.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 09:54:36 +01:00
Ronald Cron
0118627013 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 09:28:36 +01:00
Ronald Cron
a393619dc2 Change test on local nonce buffer size to an assertion 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 09:25:20 +01:00
Ronald Cron
6fd156aa6b Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-07 09:21:38 +01:00
Gilles Peskine
aa1e9857a5 Add changelog entry for build error fixes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-06 20:58:47 +01:00
David Horstmann
3d5dfa598b Reword documentation of CMAC operations 
Change the wording of the documentation for some CMAC functions,
as the existing wording, while technically correct, can be
easy to misunderstand. The reworded docs explain the flow of
a CMAC computation a little more fully.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-12-06 18:58:02 +00:00
Dave Rodgman
351c71b7f2 Fix builds when config.h only defines MBEDTLS_BIGNUM_C 
Fixes #4929

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-06 17:50:53 +00:00
Jerry Yu
52a6e7ea00 Replace tls1_3 with tls13 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:42:47 +08:00
Jerry Yu
2c315a8591 remove unused function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:22:51 +08:00
Jerry Yu
c502dff71c fix TLS1.3 name issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:22:51 +08:00
Jerry Yu
7918efe99a Refactor to avoid duplicate add_* 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
882c30da17 Merge CAFILE and Certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
b4ac8f3c04 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
dda036d8e0 rename ecdsa_secp*sha* to ecdsa_secp* 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
7f5e5adfa3 fix pylint fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
55ee769b51 Fix out-of-source build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
f17a60f147 Add opt-testcases into check list 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
cdcb683568 Update generate scripts and tls13 test cases 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
31018adb81 Add tls13 compat tests with bash scripts 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
c4aa1520a2 tls13_compat_tests:Add generate all option 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
d64e20de7f fix wrong typo 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00
Jerry Yu
26fa7dcc4a Remove rsa_pss_rsae_sha256 test from ssl-opt.sh 
It has been covered by tls13 compat tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-06 18:20:43 +08:00