ae59c52322
Create configuration option to bypass the mbedtls_ssl_set_hostname check
...
Update generated files.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-24 18:04:14 +01:00
63f958df77
Create error code for mbedtls_ssl_set_hostname not called
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-21 19:33:55 +01:00
f33c45f84d
Keep track of whether mbedtls_ssl_set_hostname() has been called
...
Use a special marker as ssl->hostname if mbedtls_ssl_set_hostname() has been
called with NULL. If mbedtls_ssl_set_hostname() has never been called, the
field is NULL, as before.
No behavior change apart from now emitting a different log message depending
on whether mbedtls_ssl_set_hostname() has been called with NULL or not at all.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-21 19:33:53 +01:00
520ceb2726
Update the documentation of ssl->hostname
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-21 19:33:05 +01:00
3a2f75d8d5
Access ssl->hostname through abstractions
...
New abstractions to access ssl->hostname:
mbedtls_ssl_has_set_hostname_been_called() (only implemented approximatively
for now), mbedtls_ssl_get_hostname_pointer(), mbedtls_ssl_free_hostname().
Only access ssl->hostname directly in these functions and in
mbedtls_ssl_set_hostname().
Use these abstractions to access the hostname with the opportunity for
extra checks in mbedtls_ssl_verify_certificate().
No behavior change except for a new log message.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-21 19:32:59 +01:00
ff25715cb4
Move mbedtls_ssl_set_hostname up
...
Refactoring to prepare for "Access ssl->hostname through abstractions".
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-20 13:57:51 +01:00
724a7bbd92
mbedtls_ssl_set_hostname tests: baseline
...
Test the current behavior.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-20 12:46:46 +01:00
eac2e4daef
Automate MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK dependency
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2025-02-20 12:38:22 +01:00
0834c59d06
Merge pull request #9496 from minosgalanakis/doc/add_mbedtls_ecp_check_privkey_comment_bp28
...
[Backport 2.28] Refactored a minor check in ecp check privkey
2025-01-24 09:44:31 +00:00
49d440372f
tf-psa-crypto/drivers/builtin/src/ecp.c
...
Update tf-psa-crypto/drivers/builtin/src/ecp.c
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com >
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-01-23 15:29:58 +00:00
32fe8f3cf1
Merge pull request #9849 from solardiz/mbedtls-2.28
...
[Backport 2.28] Specify previously missed register clobbers in AES-NI asm blocks
2024-12-13 15:25:50 +00:00
1cd6fb57f9
Add change log entry on AES-NI asm block fixes
...
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com >
Signed-off-by: Solar Designer <solar@openwall.com >
2024-12-13 02:15:55 +01:00
4ad27aa47e
Specify previously missed XMM register clobbers in AES-NI asm blocks
...
Noticed by Gilles Peskine
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com >
Signed-off-by: Solar Designer <solar@openwall.com >
2024-12-13 02:14:13 +01:00
4115440aa7
Specify register clobbers in mbedtls_aesni_crypt_ecb()
...
Signed-off-by: Solar Designer <solar@openwall.com >
2024-12-13 02:13:03 +01:00
9b1ec06287
Merge pull request #9821 from gilles-peskine-arm/psa-storage-test-cases-never-supported-2.28-fix-copypasta
...
Backport 2.28: Make some edge cases of not-supported or invalid mechanisms more uniform
2024-12-11 19:06:42 +00:00
7198389aab
Merge pull request #9811 from SuperIlu/mbedtls-2.28
...
Mbedtls 2.28: Fix compilation on MS-DOS DJGPP
2024-12-03 09:12:03 +00:00
e681a4e7e5
Fix copypasta
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-12-02 21:40:21 +01:00
97268b836e
reworked changelog according to suggestion
...
Signed-off-by: SuperIlu <superilu@yahoo.com >
2024-12-02 21:25:54 +01:00
4b8fbf6eed
Added changelog
...
Signed-off-by: SuperIlu <superilu@yahoo.com >
2024-12-01 10:32:50 +01:00
6d327128b5
Make mbedTLS compile with MS-DOS DJGPP
...
Signed-off-by: SuperIlu <superilu@yahoo.com >
2024-12-01 10:32:46 +01:00
763c116a66
Merge pull request #9774 from Harry-Ramsey/update-gcm-doc-2.28
...
[Backport 2.28] Fix doc on GCM API
2024-11-21 17:35:56 +00:00
c22ead77a8
Fix documentation for GCM decryption functions
...
This commit fixes documentation specifying buffer overlap on GCM
decryption functions.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com >
2024-11-13 19:22:51 +00:00
9d99e98503
Remove trailing whitespace
...
This commit removes trailing whitespace in test_suite_gcm.function.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com >
2024-11-13 15:57:29 +00:00
a1abbdb2b3
Add new line to end of test case files
...
This commit adds a new line to the end of test case files to pass
check_files.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com >
2024-11-13 12:49:34 +00:00
0cd29510f6
Add test cases for AES GCM input and output buffer overlap
...
This commit adds test cases for input and output buffer overlap. The
data for the test cases is a duplicate of existing encrypt/decrypt test
cases.
The two test functions gcm_<encrypt/decrypt>_input_output_buffer_overlap
are modified to use a single malloc buffer rounded to the nearest
128-bits/16-bytes for input and output.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com >
2024-11-13 11:23:57 +00:00
7220652204
Update GCM buffer overlap documentation
...
This commit updates GCM buffer overlap documentation to explicitly
support overlapping encryption/decryption buffers for GCM.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com >
2024-11-13 10:38:41 +00:00
89c68e206b
Merge pull request #9736 from mpg/drop-armcc5-2.28
...
[2.28] Drop armcc5 support in all.sh
2024-10-30 12:29:32 +00:00
89a87b5353
Merge pull request #9729 from paul-elliott-arm/fix_new_coverity_issues_2.28
...
[Backport 2.28] Fix new coverity issues
2024-10-29 14:58:39 +00:00
0f2c45a78a
Merge pull request #9734 from bensze01/graviton-testing-2.28
...
[Backport 2.28] Add default config tests for the A64, A32, Thumb 1 and Thumb 2 instruction sets
2024-10-29 12:24:56 +00:00
a674e988c9
Drop building with armcc5 in all.sh
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-10-29 11:52:49 +01:00
61da0ddb07
Add override arguments for new gcc targets
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2024-10-28 13:33:48 +01:00
b14dd763c3
Clarify GCC version requirement
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2024-10-28 13:33:09 +01:00
478730eed2
Split up the Thumb-1 test component
...
The Thumb-1 tests are by far the slowest, so split the -O0 and -Os tests
into their own components.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2024-10-28 13:32:41 +01:00
73d8640bd3
Remove superfluous invocations of make clean
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2024-10-28 13:31:55 +01:00
f92112d7be
Update component speed estimates
...
The estimates are based on the most recent CI run.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2024-10-28 13:30:20 +01:00
a56b61c6ee
Initialize result caching variables
...
This prevents interference from identically named environment variables.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2024-10-28 13:29:49 +01:00
63a10d0726
Use true/false in place of integers
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2024-10-28 13:29:20 +01:00
08c14d1412
Ignore missing temporary files during cleanup
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2024-10-28 13:29:06 +01:00
26822ab1b6
Fix copypasta in gcc_version
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2024-10-28 13:28:50 +01:00
915fa3e6c7
Add AArch64 default config test
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2024-10-28 13:28:18 +01:00
86aa780e5a
Add Arm eabi default config tests
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com >
2024-10-28 13:27:39 +01:00
987092107a
Merge pull request #9609 from gilles-peskine-arm/outcome-check-repeated-configurations-all.sh-preliminaries-2.28
...
Backport 2.28: Fix some all.sh components with sub-components
2024-10-25 14:59:09 +00:00
417b8d92a1
Pair inits with declarations
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2024-10-25 12:47:23 +01:00
9488b8c513
Fix double free in case of test failure
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2024-10-25 12:00:05 +01:00
1348b6a861
Add missing check of return
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2024-10-25 11:59:59 +01:00
181564bb89
Fix tests where tests were done prior to init
...
Variables that are in any way destructed on exit should be initialised
prior to any tests that might jump to exit, to save potential
uninitialised memory accesses.
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2024-10-25 11:59:11 +01:00
f87e85508b
Merge pull request #9715 from ThePassionate/mbedtls-1022-2.8
...
[Backport 2.28] net/mbedtls_net_connect: Preventing double close problem
2024-10-22 16:49:14 +00:00
aa6ae3f649
net/mbedtls_net_connect: Preventing double close problem
...
In the test examples and real usage scenarios, 'mbedtls_net_free' is called after 'mbedtls_net_connect' fails, which will cause the problem of double close the same fd. It is possible to close this closed fd which has been applied by other link.
Signed-off-by: makejian <makejian@xiaomi.com >
2024-10-22 20:06:10 +08:00
bfe4fc6749
Use -O2 for build+test with earliest compilers
...
The compilation is slower but we get more potential warnings and running the
tests is faster.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-09-20 15:09:58 +02:00
8214340bb0
Fix spurious * in regex
...
`grep mbedtls_des*` would pick up e.g. mbedtls_derive_xxx.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2024-09-20 15:09:48 +02:00
