lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-19 01:04:04 +03:00
Code
18,895 Commits 172 Branches 267 Tags
Commit Graph

18895 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
ae59c52322 Create configuration option to bypass the mbedtls_ssl_set_hostname check 
Update generated files.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-24 18:04:14 +01:00
Gilles Peskine
63f958df77 Create error code for mbedtls_ssl_set_hostname not called 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-21 19:33:55 +01:00
Gilles Peskine
f33c45f84d Keep track of whether mbedtls_ssl_set_hostname() has been called 
Use a special marker as ssl->hostname if mbedtls_ssl_set_hostname() has been
called with NULL. If mbedtls_ssl_set_hostname() has never been called, the
field is NULL, as before.

No behavior change apart from now emitting a different log message depending
on whether mbedtls_ssl_set_hostname() has been called with NULL or not at all.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-21 19:33:53 +01:00
Gilles Peskine
520ceb2726 Update the documentation of ssl->hostname 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-21 19:33:05 +01:00
Gilles Peskine
3a2f75d8d5 Access ssl->hostname through abstractions 
New abstractions to access ssl->hostname:
mbedtls_ssl_has_set_hostname_been_called() (only implemented approximatively
for now), mbedtls_ssl_get_hostname_pointer(), mbedtls_ssl_free_hostname().

Only access ssl->hostname directly in these functions and in
mbedtls_ssl_set_hostname().

Use these abstractions to access the hostname with the opportunity for
extra checks in mbedtls_ssl_verify_certificate().

No behavior change except for a new log message.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-21 19:32:59 +01:00
Gilles Peskine
ff25715cb4 Move mbedtls_ssl_set_hostname up 
Refactoring to prepare for "Access ssl->hostname through abstractions".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-20 13:57:51 +01:00
Gilles Peskine
724a7bbd92 mbedtls_ssl_set_hostname tests: baseline 
Test the current behavior.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-20 12:46:46 +01:00
Gilles Peskine
eac2e4daef Automate MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK dependency 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-20 12:38:22 +01:00
Janos Follath
0834c59d06
Merge pull request #9496 from minosgalanakis/doc/add_mbedtls_ecp_check_privkey_comment_bp28 
[Backport 2.28] Refactored a minor check in ecp check privkey
 2025-01-24 09:44:31 +00:00
Minos Galanakis
49d440372f tf-psa-crypto/drivers/builtin/src/ecp.c 
Update tf-psa-crypto/drivers/builtin/src/ecp.c

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-01-23 15:29:58 +00:00
Paul Elliott
32fe8f3cf1
Merge pull request #9849 from solardiz/mbedtls-2.28 
[Backport 2.28] Specify previously missed register clobbers in AES-NI asm blocks
 2024-12-13 15:25:50 +00:00
Solar Designer
1cd6fb57f9 Add change log entry on AES-NI asm block fixes 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Solar Designer <solar@openwall.com>
 2024-12-13 02:15:55 +01:00
Solar Designer
4ad27aa47e Specify previously missed XMM register clobbers in AES-NI asm blocks 
Noticed by Gilles Peskine

Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Solar Designer <solar@openwall.com>
 2024-12-13 02:14:13 +01:00
Solar Designer
4115440aa7 Specify register clobbers in mbedtls_aesni_crypt_ecb() 
Signed-off-by: Solar Designer <solar@openwall.com>
 2024-12-13 02:13:03 +01:00
Gilles Peskine
9b1ec06287
Merge pull request #9821 from gilles-peskine-arm/psa-storage-test-cases-never-supported-2.28-fix-copypasta 
Backport 2.28: Make some edge cases of not-supported or invalid mechanisms more uniform
 2024-12-11 19:06:42 +00:00
Janos Follath
7198389aab
Merge pull request #9811 from SuperIlu/mbedtls-2.28 
Mbedtls 2.28: Fix compilation on MS-DOS DJGPP
 2024-12-03 09:12:03 +00:00
Gilles Peskine
e681a4e7e5 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-12-02 21:40:21 +01:00
SuperIlu
97268b836e
reworked changelog according to suggestion 
Signed-off-by: SuperIlu <superilu@yahoo.com>
 2024-12-02 21:25:54 +01:00
SuperIlu
4b8fbf6eed Added changelog 
Signed-off-by: SuperIlu <superilu@yahoo.com>
 2024-12-01 10:32:50 +01:00
SuperIlu
6d327128b5 Make mbedTLS compile with MS-DOS DJGPP 
Signed-off-by: SuperIlu <superilu@yahoo.com>
 2024-12-01 10:32:46 +01:00
David Horstmann
763c116a66
Merge pull request #9774 from Harry-Ramsey/update-gcm-doc-2.28 
[Backport 2.28] Fix doc on GCM API
 2024-11-21 17:35:56 +00:00
Harry Ramsey
c22ead77a8 Fix documentation for GCM decryption functions 
This commit fixes documentation specifying buffer overlap on GCM
decryption functions.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2024-11-13 19:22:51 +00:00
Harry Ramsey
9d99e98503 Remove trailing whitespace 
This commit removes trailing whitespace in test_suite_gcm.function.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2024-11-13 15:57:29 +00:00
Harry Ramsey
a1abbdb2b3 Add new line to end of test case files 
This commit adds a new line to the end of test case files to pass
check_files.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2024-11-13 12:49:34 +00:00
Harry Ramsey
0cd29510f6 Add test cases for AES GCM input and output buffer overlap 
This commit adds test cases for input and output buffer overlap. The
data for the test cases is a duplicate of existing encrypt/decrypt test
cases.

The two test functions gcm_<encrypt/decrypt>_input_output_buffer_overlap
are modified to use a single malloc buffer rounded to the nearest
128-bits/16-bytes for input and output.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2024-11-13 11:23:57 +00:00
Harry Ramsey
7220652204 Update GCM buffer overlap documentation 
This commit updates GCM buffer overlap documentation to explicitly
support overlapping encryption/decryption buffers for GCM.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2024-11-13 10:38:41 +00:00
Paul Elliott
89c68e206b
Merge pull request #9736 from mpg/drop-armcc5-2.28 
[2.28] Drop armcc5 support in all.sh
 2024-10-30 12:29:32 +00:00
Gilles Peskine
89a87b5353
Merge pull request #9729 from paul-elliott-arm/fix_new_coverity_issues_2.28 
[Backport 2.28] Fix new coverity issues
 2024-10-29 14:58:39 +00:00
Bence Szépkúti
0f2c45a78a
Merge pull request #9734 from bensze01/graviton-testing-2.28 
[Backport 2.28] Add default config tests for the A64, A32, Thumb 1 and Thumb 2 instruction sets
 2024-10-29 12:24:56 +00:00
Manuel Pégourié-Gonnard
a674e988c9 Drop building with armcc5 in all.sh 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-10-29 11:52:49 +01:00
Bence Szépkúti
61da0ddb07 Add override arguments for new gcc targets 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-10-28 13:33:48 +01:00
Bence Szépkúti
b14dd763c3 Clarify GCC version requirement 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-10-28 13:33:09 +01:00
Bence Szépkúti
478730eed2 Split up the Thumb-1 test component 
The Thumb-1 tests are by far the slowest, so split the -O0 and -Os tests
into their own components.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-10-28 13:32:41 +01:00
Bence Szépkúti
73d8640bd3 Remove superfluous invocations of make clean 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-10-28 13:31:55 +01:00
Bence Szépkúti
f92112d7be Update component speed estimates 
The estimates are based on the most recent CI run.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-10-28 13:30:20 +01:00
Bence Szépkúti
a56b61c6ee Initialize result caching variables 
This prevents interference from identically named environment variables.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-10-28 13:29:49 +01:00
Bence Szépkúti
63a10d0726 Use true/false in place of integers 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-10-28 13:29:20 +01:00
Bence Szépkúti
08c14d1412 Ignore missing temporary files during cleanup 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-10-28 13:29:06 +01:00
Bence Szépkúti
26822ab1b6 Fix copypasta in gcc_version 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-10-28 13:28:50 +01:00
Bence Szépkúti
915fa3e6c7 Add AArch64 default config test 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-10-28 13:28:18 +01:00
Bence Szépkúti
86aa780e5a Add Arm eabi default config tests 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-10-28 13:27:39 +01:00
Gilles Peskine
987092107a
Merge pull request #9609 from gilles-peskine-arm/outcome-check-repeated-configurations-all.sh-preliminaries-2.28 
Backport 2.28: Fix some all.sh components with sub-components
 2024-10-25 14:59:09 +00:00
Paul Elliott
417b8d92a1 Pair inits with declarations 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-10-25 12:47:23 +01:00
Paul Elliott
9488b8c513 Fix double free in case of test failure 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-10-25 12:00:05 +01:00
Paul Elliott
1348b6a861 Add missing check of return 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-10-25 11:59:59 +01:00
Paul Elliott
181564bb89 Fix tests where tests were done prior to init 
Variables that are in any way destructed on exit should be initialised
prior to any tests that might jump to exit, to save potential
uninitialised memory accesses.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-10-25 11:59:11 +01:00
David Horstmann
f87e85508b
Merge pull request #9715 from ThePassionate/mbedtls-1022-2.8 
[Backport 2.28] net/mbedtls_net_connect: Preventing double close problem
 2024-10-22 16:49:14 +00:00
makejian
aa6ae3f649 net/mbedtls_net_connect: Preventing double close problem 
In the test examples and real usage scenarios, 'mbedtls_net_free' is called after 'mbedtls_net_connect' fails, which will cause the problem of double close the same fd. It is possible to close this closed fd which has been applied by other link.

Signed-off-by: makejian <makejian@xiaomi.com>
 2024-10-22 20:06:10 +08:00
Gilles Peskine
bfe4fc6749 Use -O2 for build+test with earliest compilers 
The compilation is slower but we get more potential warnings and running the
tests is faster.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-20 15:09:58 +02:00
Gilles Peskine
8214340bb0 Fix spurious * in regex 
`grep mbedtls_des*` would pick up e.g. mbedtls_derive_xxx.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-20 15:09:48 +02:00