lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00
Code Activity
30,666 Commits 176 Branches 276 Tags
b66f9dba119e6860e95020e3fd8ada4bd496286d
Commit Graph

2712 Commits

Author SHA1 Message Date
Minos Galanakis
9860056006 Revert "Autogenerated files for 3.6.0" 
This reverts commit e8a6833b28.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-27 17:36:15 +00:00
Minos Galanakis
e8a6833b28 Autogenerated files for 3.6.0 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 16:00:55 +00:00
Minos Galanakis
b70f0fd9a9 Merge branch 'development' into 'development-restricted' 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-19 22:24:40 +00:00
Ronald Cron
74191a56e8 ssl_server2: Split early data enablement from max_early_data_size setting 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:00:42 +01:00
Gilles Peskine
7b333f1e88 Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime 
TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime
 2024-03-14 15:59:25 +00:00
Paul Elliott
50da462fc8 Merge pull request #8829 from paul-elliott-arm/add_framework_meta_tests 
Add metatests for failing TEST_EQUAL and TEST_LE_*
 2024-03-14 15:55:14 +00:00
David Horstmann
93fa4e1b87 Merge branch 'development' into buffer-sharing-merge 2024-03-12 15:05:06 +00:00
Ronald Cron
7201bc6b05 ssl_client2: Fix early data log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 16:03:09 +01:00
Manuel Pégourié-Gonnard
e33b349c90 Merge pull request #8864 from valeriosetti/issue8848 
Deprecate or remove mbedtls_pk_wrap_as_opaque
 2024-03-01 15:54:32 +00:00
Ronald Cron
9b4e964c2c Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data 
TLS 1.3: Add mbedtls_ssl_write_early_data() API
 2024-02-29 14:31:55 +00:00
Valerio Setti
90eca2adb0 ssl_test_lib: add guards for pk_wrap_as_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-28 10:45:43 +01:00
Valerio Setti
7541ebea52 programs: remove usage of mbedtls_pk_wrap_as_opaque() from tests 
This is replaced with: mbedtls_pk_get_psa_attributes() +
mbedtls_pk_import_into_psa() + mbedtls_pk_setup_opaque().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-27 10:44:33 +01:00
Gilles Peskine
7f72a06e02 Remove cruft 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 18:41:25 +01:00
Manuel Pégourié-Gonnard
dd9cbf99c2 Benchmark only one side of ECDH, both static and ephemeral 
Static ECDH is of interest to us as developers because it's a generic
scalar multiplication (as opposed to using the standard base point) and
it's useful to have that handy.

For reference the other operations of interest to developers are:
- multiplication of the conventional base point: ECDSA signing is almost
exactly that (just a few field ops on top, notably 1 inversion);
- linear combination: ECDSA verification is almost exactly that too.

Including ephemeral as well, because it's hopefully what's of interest
to most users.

Compared to the previous version, include only one side of the
operations. I don't think including both sides is of interest to anyone.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-02-22 12:29:06 +01:00
Gilles Peskine
74589ba31c ssl_context_info: explicitly note accesses to private fields 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:12:01 +01:00
Gilles Peskine
72da8b3521 Don't authorize private access to fields where not actually needed 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:07:29 +01:00
Gilles Peskine
abf0be392a fuzz_dtlsserver: explicitly note the one access to a private field 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:07:09 +01:00
Gilles Peskine
d5f68976e8 fuzz_pubkey, fuzz_privkey: no real need to access private fields 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:05:35 +01:00
Gilles Peskine
7a3059ac92 Benchmark: not using private fields anymore 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 10:53:31 +01:00
Gilles Peskine
984352d6f1 Benchmark: remove the legacy-context ECDH block 
We have two blocks of code to benchmark ECDH. One uses the legacy context
structure, which is only enabled when MBEDTLS_ECP_RESTARTABLE is enabled.
That block doesn't convey any information that's specific to restartable
ECC, it exists only for historical reasons (it came first). The other block
uses only the implementation-agnostic API.

Remove the block that uses the legacy context. It doesn't provide much
extra information and most users won't even see it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 10:50:12 +01:00
Ronald Cron
0aead12706 ssl_client2: Improve loop writing early data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-21 17:37:33 +01:00
Ronald Cron
b4fd47e897 ssl_client2: Default to library default for early data enablement 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-21 17:37:33 +01:00
Manuel Pégourié-Gonnard
0ecb5fd6f5 Merge pull request #8574 from ronald-cron-arm/ssl-tickets 
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
 2024-02-21 09:38:46 +00:00
Janos Follath
028a38b7cb Merge pull request #8661 from BensonLiou/use_init_api 
use mbedtls_ssl_session_init() to init session variable
 2024-02-19 15:49:34 +00:00
Paul Elliott
60bbfe63a1 Add metatests for failing TEST_EQUAL and TEST_LE_* 
After getting caught with deadlock issues when these tests fail, add a
metatest to test them failing.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-02-14 14:55:04 +00:00
Gilles Peskine
3ea9450463 Merge pull request #8734 from valeriosetti/issue8564 
Add test for driver-only HMAC
 2024-02-14 13:43:40 +00:00
PiotrBzdrega
f6a9cfa5d2 adjust indentation 
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
 2024-02-11 09:41:56 +01:00
PiotrBzdrega
2b20ff62fc move entropy init prior arguments number recognition 
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
 2024-02-11 02:15:03 +01:00
Manuel Pégourié-Gonnard
c3d17cde46 Merge pull request #8702 from minosgalanakis/update/dhm_context_in_programs_5015 
[MBEDTLS_PRIVATE] Update dhm context in programs
 2024-02-10 08:47:51 +00:00
Paul Elliott
54ad01efed Merge remote-tracking branch 'upstream/development' into make_tests_thread_safe 2024-02-09 14:33:58 +00:00
Janos Follath
7a28738205 Merge pull request #8636 from paul-elliott-arm/new_test_thread_interface 
New test thread interface
 2024-02-08 12:35:40 +00:00
Manuel Pégourié-Gonnard
1d7bc1ecdf Merge pull request #8717 from valeriosetti/issue8030 
PSA FFDH: feature macros for parameters
 2024-02-07 10:06:03 +00:00
Ronald Cron
a5561893e7 ssl_client2: Add support for early data writing 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
2fe0ec8c31 ssl_client2: Add buffer overflow check 
Add buffer overflow check to build_http_request().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
ccfaefa361 ssl_client2: Switch from int to size_t 
Switch from int to size_t for some
data lengths and counter local
variables.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
4e1bd470fb ssl_client2: Move code to build http request 
Move code to build http request into a
dedicated function.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
54a3829453 ssl_client2: Simplify early_data option 
No need to define specific early data,
the idea is rather to just send the
usual request data as early data
instead of standard application data.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Jerry Yu
192e0f9b1d ssl_server2: Add read early data support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 16:40:47 +01:00
Minos Galanakis
8ee1b5f46e programs_benchmark: Updated to use mbedtls_dhm_read_public(). 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-01-26 15:00:13 +00:00
Minos Galanakis
97489dc7e5 programs_benchmark: Updated to use mbedtls_dhm_set_group() & mbedtls_dhm_get_len() 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-01-26 15:00:13 +00:00
Minos Galanakis
e29c868ca4 programs_dh_server: Updated to use mbedtls_dhm_set_group() & mbedtls_dhm_get_len(). 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-01-26 15:00:13 +00:00
Dave Rodgman
047c724c22 Merge remote-tracking branch 'restricted/development-restricted' into update-development-r 
Conflicts:
	programs/Makefile
	tests/scripts/check-generated-files.sh
 2024-01-26 12:42:51 +00:00
Paul Elliott
0c847bcbe7 Fix Make issues with Everest enabled 
Apply Gilles suggestion to fix the problem with make on the CI when everest is enabled, i.e. use $(THIRDPARTY_DIR) instead of a fuzz specific hack involving $(THIRDPARTY_INCLUDES)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-01-24 19:08:31 +00:00
Paul Elliott
7fd162ec26 Refactor common PThreads CMake code 
Move the flags and find of Threads to root CMakeLists.txt, rather
than duplicate these everywhere. Make explicit linking of library with
PThreads use the same mechanism.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-01-24 18:05:53 +00:00
David Horstmann
9c5c9c351d Merge pull request #1141 from davidhorstmann-arm/memory-poisoning-runtime-enable 
Enable and disable memory poisoning at runtime
 2024-01-24 14:46:43 +00:00
Valerio Setti
e35117640d cert_[req/write]: add MD_C dependency 
Both programs use mbedtls_md_info_from_string() which is only
available as long as MBEDTLS_MD_C is enabled.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-22 16:28:23 +01:00
Paul Elliott
a8f6192f9a Remove unneeded lines from fuzz/Makefile 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-01-19 16:41:05 +00:00
Paul Elliott
85ea3e623b Set preferences before finding Threads in CMake 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-01-19 15:57:22 +00:00
Minos Galanakis
42151380af programs_dh_client/server: Updated config guards. 
Adjusted to use `MBEDTLS_SHA256_C` instead of `MBEDTLS_MD_CAN_SHA256`
since the former is being used in accelerated driver configurations.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-01-19 14:39:41 +00:00
Minos Galanakis
db8915287e programs_dh_client/server: Changed mdlen type to unsigned integer. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-01-19 14:38:51 +00:00