lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-07 12:21:11 +03:00
Code Activity
16,575 Commits 173 Branches 272 Tags
6dd489cb15d29219c7793ad57c9de11193d30503
Commit Graph

16575 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Thomas Daubney
ac72f9c213 Initialise iv buffer before use 
Commit initialises the iv buffer before
it ias passed to mbedtls_cipher_set_iv().

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-03-02 16:44:51 +00:00
Gilles Peskine
757464c865 Merge pull request #5592 from Tachi107/2.28-msvc-utf-8 
2.28 backport - build(msvc): always assume source files are in UTF-8
 2022-03-02 16:42:35 +01:00
Gilles Peskine
9a0b482e98 Merge pull request #5589 from gilles-peskine-arm/mypy-on-jenkins-2.28 
Backport 2.28: Make mypy unconditional
 2022-03-01 20:48:46 +01:00
Andrea Pappacoda
24f20af0cd build(msvc): always assume source files are in UTF-8 
Fixes https://github.com/ARMmbed/mbedtls/issues/4205

Signed-off-by: Andrea Pappacoda <andrea@pappacoda.it>
(cherry picked from commit 9202909d07)
 2022-03-01 18:00:20 +01:00
Gilles Peskine
1eba24a6ce Merge pull request #5543 from AndrzejKurek/doxygen-fixes-compact-doxyfile-2-28 
Backport 2.28: Remove default values and comments from mbedtls.doxyfile
 2022-02-28 23:49:11 +01:00
Gilles Peskine
e2279e02ea Merge pull request #5503 from AndrzejKurek/doxygen-duplicate-parameter-docs-2-28 
Backport 2.28: doxygen: merge multiple descriptions of the same return codes
 2022-02-28 17:09:49 +01:00
Gilles Peskine
e69324458a Merge pull request #5540 from gilles-peskine-arm/check_config-chachapoly-2.28 
Backport 2.28: Add check_config checks for AEAD
 2022-02-28 17:07:53 +01:00
Gilles Peskine
df57835a76 Make mypy unconditional 
Running mypy was optional for a transition period when it wasn't installed
on the CI. Now that it is, make it mandatory, to avoid silently skipping an
expected check if mypy doesn't work for some reason.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-28 16:11:58 +01:00
Gilles Peskine
f70ccb0038 Merge pull request #5577 from AndrzejKurek/raw-key-agreement-destroy-missing-2-28 
Backport 2.28: Add missing key destruction calls in ssl_write_client_key_exchange
 2022-02-25 13:34:06 +01:00
Andrzej Kurek
4b1216b003 Add missing key destruction calls in ssl_write_client_key_exchange 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-25 04:42:03 -05:00
Manuel Pégourié-Gonnard
4e921870b1 Merge pull request #5546 from SiliconLabs/mbedtls-2.28/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0 
Backport 2.28: feat: Update test_suite_psa_its to NOT use UID=0
 2022-02-17 11:49:41 +01:00
PeterSpace
9be61680b1 Update library/psa_its_file.c 
Signed-off-by: pespacek <peter.spacek@silabs.com>
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
 2022-02-16 15:49:29 +01:00
pespacek
55dfd8bb0a BUGFIX: PSA test vectors use UID 1 instead of 0. 
Test vector to test rejection of uid = 0 was added.

Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-16 15:48:40 +01:00
pespacek
ecaca12612 TEST: added psa_its_set expected failure test 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-16 15:48:00 +01:00
pespacek
55f15c7e6c BUGFIX: psa_its_set now rejects UID = 0 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-16 15:47:21 +01:00
Ronald Cron
8e1ca4df2e Merge pull request #5459 from gilles-peskine-arm/check_test_cases-list-2.28 
Backport 2.28: check_test_cases.py --list
 2022-02-15 13:52:37 +01:00
Andrzej Kurek
ef3f27b4ba doxygen: enable the search engine 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-15 06:56:16 -05:00
Gilles Peskine
60d9947bc4 Change our code size reference job to use baremetal_size 
In build_arm_none_eabi_gcc_m0plus, use baremetal_size instead of baremetal
as the configuration, i.e. exclude debugging features. This job is the only
one switching to baremetal_size because it's our primary point of reference
for code size evolution, and which is the only job where we display the code
size built with -Os so it's presumably the only job for which we really care
about a meaningful code size report.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-15 12:55:18 +01:00
Gilles Peskine
98bb5d330d New configuration preset baremetal_size 
The baremetal configuration includes debugging features whose size is not
particularly interesting. Create a new preset for use when benchmarking code
size which excludes debugging features that increase the size of
non-debugging modules.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-15 12:55:18 +01:00
Andrzej Kurek
b3fca7bbce doxygen: remove irrelevant options 
None of these options had any impact on the generated output.
Checked after turning off the HTML_TIMESTAMP option
and running sha256sum <(find . -type f -exec sha256sum {} \; | sort) in
the apidoc directory.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-15 06:55:11 -05:00
Andrzej Kurek
4d6ed1142c Remove default values and comments from mbedtls.doxyfile 
Use the 1.8.17 generated version for comparison
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-15 06:44:05 -05:00
Gilles Peskine
fa21dda04a Fix indentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-15 10:59:53 +01:00
Gilles Peskine
9130b5b774 Add check_config checks for AEAD 
CCM requires one of the 128-bit-block block ciphers to be useful, just like GCM.

GCM and CCM need the cipher module.

ChaChaPoly needs ChaCha20 and Poly1305.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-15 10:59:44 +01:00
Manuel Pégourié-Gonnard
05b6125f69 Merge pull request #5449 from gilles-peskine-arm/pip-requirements-no-maintainer-2.28 
2.28 only: Any package used in a script must be listed in ci.requirements.txt
 2022-02-15 10:18:08 +01:00
Manuel Pégourié-Gonnard
617fb004fd Merge pull request #5536 from mpg/fix-ecdh-psa-2.28 
[Backport 2.28] Fix PSA-based ECDH in TLS 1.2
 2022-02-15 09:09:13 +01:00
Manuel Pégourié-Gonnard
0178487fb2 Fix missing check on server-chosen curve 
We had this check in the non-PSA case, but it was missing in the PSA
case.

Backport of 141be6cc7f with just the
error code change to adapt to 2.28.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-14 13:00:42 +01:00
Manuel Pégourié-Gonnard
298d6cc397 Add mbedtls_ssl_check_curve_tls_id() (internal) 
This can be used to validate the server's choice of group in the PSA
case (this will be done in the next commit).

Backport of 0d63b84fa4 with a very
different implementation, as 2.28 still stores the list of allowed
groups with their mbedtls_ecp group IDs, not the IANA/TLS group IDs
(changed by https://github.com/ARMmbed/mbedtls/pull/4859/ in 3.x).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-14 13:00:32 +01:00
Ronald Cron
97f188289d Merge pull request #5502 from AndrzejKurek/backport-2-18-import-opaque-driver-wrappers 
Backport 2.28 - Add tests for an opaque import in the driver wrappers
 2022-02-07 11:14:02 +01:00
Manuel Pégourié-Gonnard
8b8760885e Merge pull request #5465 from gilles-peskine-arm/cmake-test-suite-enumeration-2.28 
Backport 2.28: CMake: generate the list of test suites automatically
 2022-02-07 09:48:24 +01:00
Andrzej Kurek
d0c6a84dca Test driver: keep variable declarations first 
Followed by hook calls, and sanity checks last.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-04 09:14:39 -05:00
Andrzej Kurek
28a7c06281 Test drivers: rename import call source to driver location 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-04 09:14:39 -05:00
Andrzej Kurek
981a0ceeee Formatting and documentation fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-04 09:14:39 -05:00
Andrzej Kurek
96c8f9e89d Add tests for import hooks in the driver wrappers 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-04 09:14:39 -05:00
Andrzej Kurek
fcaef2ee4d doxygen: merge multiple descriptions of the same return codes 
Organize some of the errors in a better way.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-04 07:54:59 -05:00
Gilles Peskine
d4c5c3d231 Remove obsolete calls to if_build_succeeded 
This is now a no-op.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-04 00:37:49 +01:00
Gilles Peskine
fdddb9de8f Remove obsolete variable restoration or unset at the end of a component 
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-04 00:36:23 +01:00
Gilles Peskine
717d55edbe Remove obsolete cd at the end of a component 
This is no longer useful now that components run in a subshell.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-04 00:36:14 +01:00
Gilles Peskine
ca9cfcaed9 Stop CMake out of source tests running on 16.04 (continued) 
The race condition mentioned in the previous commit
"Stop CMake out of source tests running on 16.04"
has also been observed with test_cmake_as_subdirectory on 3.1 and can
presumably happen on 2.28 as well. So skip it on Ubuntu 16.04 as well.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-04 00:35:14 +01:00
Manuel Pégourié-Gonnard
349a059f5f Merge pull request #5461 from gilles-peskine-arm/ssl-opt-self-signed-positive-2.28 
Backport 2.28: Add positive test case with self-signed certificates
 2022-02-03 11:33:59 +01:00
Manuel Pégourié-Gonnard
ca664c74a6 Merge pull request #5255 from AndrzejKurek/chacha-iv-len-16-fixes-2.x 
Backport 2.28: Return an error from `mbedtls_cipher_set_iv` for an invalid IV length with ChaCha20 and ChaCha20+Poly
 2022-02-03 11:31:34 +01:00
Manuel Pégourié-Gonnard
92d54fb41d Merge pull request #5444 from AndrzejKurek/use-psa-crypto-reduced-configs-2.28 
Backport 2.28: Resolve problems with reduced configs using USE_PSA_CRYPTO
 2022-02-02 10:20:35 +01:00
Manuel Pégourié-Gonnard
b72ecfd5a0 Merge pull request #5468 from Unity-Technologies/mbedtls-2.28-windows-arm64-workaround 
Backport 2.28: Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug
 2022-02-01 09:21:37 +01:00
Tautvydas Žilys
61156f8a6a Cap the workaround for mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to MSVC versions prior to 17.1. 
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
 2022-01-31 13:37:47 -08:00
Andrzej Kurek
a16ffaf811 Add a check in check_config.h for PK_WRITE_C when RSA is enabled 
This is required for importing RSA keys, as 
mbedtls_psa_rsa_export_key is used internally.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-31 09:52:33 -05:00
Andrzej Kurek
699290de04 Fix config-mini-tls1_1 PK_WRITE requirement when USA_PSA_CRYPTO is used 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-31 09:51:44 -05:00
Andrzej Kurek
d08ed95419 Formatting: remove tabs from check_config.h 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-27 11:03:09 -05:00
Andrzej Kurek
38adac32e7 Add a changelog entry regarding bugfixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-27 11:01:33 -05:00
Andrzej Kurek
19d6ab0fb8 Enable testing with PSA for config-mini-tls1_1 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-27 11:01:24 -05:00
Andrzej Kurek
1faa2a3c6e Add a check for MBEDTLS_PK_WRITE_C with USE_PSA_CRYPTO to check-config.h 
Also force MBEDTLS_PK_WRITE_C in reduced configs using
MBEDTLS_USE_PSA_CRYPTO, MBEDTLS_PK_C and 
MBEDTLS_ECDSA_C.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-27 11:00:24 -05:00
Tautvydas Žilys
ea4af4d345 Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug. 
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
 2022-01-26 15:44:47 -08:00