lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-11 21:41:47 +03:00
Code Activity
31,364 Commits 173 Branches 272 Tags
bdd16d4cb10c047c98b51cc7e6ad673324588ed9
Commit Graph

2732 Commits

Author SHA1 Message Date
Ronald Cron
6f55ddc304 programs: fuzz: Fix comment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-07-19 10:07:27 +02:00
Ronald Cron
901a675238 Adapt make build system 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-07-19 10:07:27 +02:00
Ronald Cron
088a1ab081 make: Fix object clean-up 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-07-19 09:58:35 +02:00
Wenxing Hou
b4d03cc179 Fix some typo for include folder 
Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>
 2024-07-12 15:16:33 +08:00
Elena Uziunaite
0916cd702f Replace MBEDTLS_MD_CAN_SHA256 with PSA_WANT_ALG_SHA_256 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-11 11:13:35 +03:00
Ronald Cron
c29afb684e Adjust build systems 
Adjust build systems such as we can built
Mbed TLS in the default and full configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-07-10 08:07:38 +02:00
David Horstmann
dcf18dd876 Update paths pointing to tests/data_files 
These now point to framework/data_files instead.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-07-05 15:49:03 +01:00
Ronald Cron
2cf41a273e Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384 
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
 2024-07-04 08:56:52 +00:00
Elena Uziunaite
b476d4bf21 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-03 10:20:41 +01:00
Elena Uziunaite
fcc9afaf9d Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-02 11:08:04 +01:00
Ronald Cron
f4606d489e Adjust more paths to Mbed TLS crypto headers 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-07-01 14:59:35 +02:00
Ronald Cron
3d817add46 Adjust build systems 
Adjust build systems such as we can built
Mbed TLS in the default and full configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-07-01 14:59:35 +02:00
Ronald Cron
7e5d61c41a Adjust more paths to PSA headers 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-06-13 09:51:20 +02:00
Ronald Cron
c7e9e367bb Adjust build systems 
Adjust build systems such as we can build
Mbed TLS in the default and full configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-06-13 09:02:24 +02:00
Ronald Cron
28ce2380b0 Add and update some .gitignore files 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-06-12 15:22:26 +02:00
Gilles Peskine
aa82464dec Merge pull request #8897 from IVOES/cpp/unbounded-write 
ssl_mail_client: Fix unbounded write of sprintf()
 2024-05-02 16:06:23 +00:00
Minos Galanakis
9860056006 Revert "Autogenerated files for 3.6.0" 
This reverts commit e8a6833b28.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-27 17:36:15 +00:00
Minos Galanakis
e8a6833b28 Autogenerated files for 3.6.0 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 16:00:55 +00:00
Minos Galanakis
b70f0fd9a9 Merge branch 'development' into 'development-restricted' 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-19 22:24:40 +00:00
Mingjie Shen
d97b96f2ec ssl_mail_client: Fix code style issue 
Signed-off-by: Mingjie Shen <shen497@purdue.edu>
 2024-03-18 14:30:06 -04:00
Ronald Cron
74191a56e8 ssl_server2: Split early data enablement from max_early_data_size setting 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:00:42 +01:00
Gilles Peskine
7b333f1e88 Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime 
TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime
 2024-03-14 15:59:25 +00:00
Paul Elliott
50da462fc8 Merge pull request #8829 from paul-elliott-arm/add_framework_meta_tests 
Add metatests for failing TEST_EQUAL and TEST_LE_*
 2024-03-14 15:55:14 +00:00
Mingjie Shen
8e35d96057 ssl_mail_client: Check return value of mbedtls_snprintf 
The return value of snprintf() is the number of characters (excluding
the null terminator) which would have been written to the buffer if
enough space had been available. Thus, a return value of size or more
means the output was truncated.

Signed-off-by: Mingjie Shen <shen497@purdue.edu>
 2024-03-12 16:23:41 -04:00
Mingjie Shen
0fc20cd447 ssl_mail_client: Replace snprintf with mbedtls_snprintf 
Signed-off-by: Mingjie Shen <shen497@purdue.edu>
 2024-03-12 16:00:28 -04:00
David Horstmann
93fa4e1b87 Merge branch 'development' into buffer-sharing-merge 2024-03-12 15:05:06 +00:00
Ronald Cron
7201bc6b05 ssl_client2: Fix early data log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 16:03:09 +01:00
Mingjie Shen
7d08983cb2 ssl_mail_client: Fix unbounded write of sprintf() 
These calls to sprintf may overflow buf because opt.mail_from and opt.mail_to
are controlled by users. Fix by replacing sprintf with snprintf.

Signed-off-by: Mingjie Shen <shen497@purdue.edu>
 2024-03-05 18:13:28 -05:00
Manuel Pégourié-Gonnard
e33b349c90 Merge pull request #8864 from valeriosetti/issue8848 
Deprecate or remove mbedtls_pk_wrap_as_opaque
 2024-03-01 15:54:32 +00:00
Ronald Cron
9b4e964c2c Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data 
TLS 1.3: Add mbedtls_ssl_write_early_data() API
 2024-02-29 14:31:55 +00:00
Valerio Setti
90eca2adb0 ssl_test_lib: add guards for pk_wrap_as_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-28 10:45:43 +01:00
Valerio Setti
7541ebea52 programs: remove usage of mbedtls_pk_wrap_as_opaque() from tests 
This is replaced with: mbedtls_pk_get_psa_attributes() +
mbedtls_pk_import_into_psa() + mbedtls_pk_setup_opaque().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-27 10:44:33 +01:00
Gilles Peskine
7f72a06e02 Remove cruft 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 18:41:25 +01:00
Manuel Pégourié-Gonnard
dd9cbf99c2 Benchmark only one side of ECDH, both static and ephemeral 
Static ECDH is of interest to us as developers because it's a generic
scalar multiplication (as opposed to using the standard base point) and
it's useful to have that handy.

For reference the other operations of interest to developers are:
- multiplication of the conventional base point: ECDSA signing is almost
exactly that (just a few field ops on top, notably 1 inversion);
- linear combination: ECDSA verification is almost exactly that too.

Including ephemeral as well, because it's hopefully what's of interest
to most users.

Compared to the previous version, include only one side of the
operations. I don't think including both sides is of interest to anyone.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-02-22 12:29:06 +01:00
Gilles Peskine
74589ba31c ssl_context_info: explicitly note accesses to private fields 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:12:01 +01:00
Gilles Peskine
72da8b3521 Don't authorize private access to fields where not actually needed 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:07:29 +01:00
Gilles Peskine
abf0be392a fuzz_dtlsserver: explicitly note the one access to a private field 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:07:09 +01:00
Gilles Peskine
d5f68976e8 fuzz_pubkey, fuzz_privkey: no real need to access private fields 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:05:35 +01:00
Gilles Peskine
7a3059ac92 Benchmark: not using private fields anymore 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 10:53:31 +01:00
Gilles Peskine
984352d6f1 Benchmark: remove the legacy-context ECDH block 
We have two blocks of code to benchmark ECDH. One uses the legacy context
structure, which is only enabled when MBEDTLS_ECP_RESTARTABLE is enabled.
That block doesn't convey any information that's specific to restartable
ECC, it exists only for historical reasons (it came first). The other block
uses only the implementation-agnostic API.

Remove the block that uses the legacy context. It doesn't provide much
extra information and most users won't even see it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 10:50:12 +01:00
Ronald Cron
0aead12706 ssl_client2: Improve loop writing early data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-21 17:37:33 +01:00
Ronald Cron
b4fd47e897 ssl_client2: Default to library default for early data enablement 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-21 17:37:33 +01:00
Manuel Pégourié-Gonnard
0ecb5fd6f5 Merge pull request #8574 from ronald-cron-arm/ssl-tickets 
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
 2024-02-21 09:38:46 +00:00
Janos Follath
028a38b7cb Merge pull request #8661 from BensonLiou/use_init_api 
use mbedtls_ssl_session_init() to init session variable
 2024-02-19 15:49:34 +00:00
Paul Elliott
60bbfe63a1 Add metatests for failing TEST_EQUAL and TEST_LE_* 
After getting caught with deadlock issues when these tests fail, add a
metatest to test them failing.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-02-14 14:55:04 +00:00
Gilles Peskine
3ea9450463 Merge pull request #8734 from valeriosetti/issue8564 
Add test for driver-only HMAC
 2024-02-14 13:43:40 +00:00
PiotrBzdrega
f6a9cfa5d2 adjust indentation 
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
 2024-02-11 09:41:56 +01:00
PiotrBzdrega
2b20ff62fc move entropy init prior arguments number recognition 
Signed-off-by: PiotrBzdrega <piotrbzdrega@yandex.com>
 2024-02-11 02:15:03 +01:00
Manuel Pégourié-Gonnard
c3d17cde46 Merge pull request #8702 from minosgalanakis/update/dhm_context_in_programs_5015 
[MBEDTLS_PRIVATE] Update dhm context in programs
 2024-02-10 08:47:51 +00:00
Paul Elliott
54ad01efed Merge remote-tracking branch 'upstream/development' into make_tests_thread_safe 2024-02-09 14:33:58 +00:00