lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-09-02 16:01:16 +03:00
Code Activity
30,281 Commits 174 Branches 272 Tags
db9091423267d805c165c99e80bbb1eff4dfb4cc
Commit Graph

30281 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ronald Cron
cf284565c5 tls13: srv: Determine best key exchange mode for a PSK 
Determine best key exchange for for ticket based and
external PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
89089cc69b tls13: srv: Factorize ciphersuite selection code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
f7e9916b3d tls13: srv: Fix MBEDTLS_SSL_SESSION_TICKETS guard position 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
12e72f1664 tls13: srv: Always parse the pre-shared key extension 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
7a30cf5954 tls13: srv: Stop earlier identity check 
If an identity has been determined as a
ticket identity but the ticket is not
usable, do not try to check if the
identity is that of an external
provided PSK.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
fbae94a52f tls13: srv: Improve ticket identity check return values 
Improve the values returned by
ssl_tls13_offered_psks_check_identity_match_ticket().
Distinguish between the two following cases:
1) the PSK identity is not a valid ticket identity
2) the PSK identity is a valid ticket identity but
   the ticket cannot be used for session resumption.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
3cdcac5647 tls13: srv: Fix return value 
Fix the value returned by
ssl_tls13_offered_psks_check_identity_match_ticket()
when there is no ticket parser function defined
or no time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
6e31127f08 tls13: srv: Define specific return macros for binder check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
139a4185b1 Merge pull request #8587 from yanrayw/issue/4911/ssl_setup-check-RNG-configuration 
TLS: check RNG when calling mbedtls_ssl_setup()
 2024-03-08 07:38:39 +00:00
Ronald Cron
53dff7b0af Do not forget about TLS 1.2 disabled at runtime aspect 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-07 16:01:51 +01:00
Ronald Cron
93795f2639 tls13: Improve comment about cast to uint32_t 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-07 09:57:07 +01:00
Ronald Cron
e301813da4 Improve change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-07 09:10:22 +01:00
Ronald Cron
130bfe7799 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-07 06:59:01 +01:00
tom-daubney-arm
d4c57c0ad2 Merge branch 'development-restricted' into key_agreement_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-03-06 16:47:13 +00:00
Ryan Everett
63c1cf7eaa Remove MBEDTLS_THREADING_C check in check_test_dependencies 
At the moment our tests only check for MBEDTLS_THREADIN_PTHREAD

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-06 16:46:15 +00:00
Paul Elliott
16d5160504 Allow the use of threading dependancies in PSA tests. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-06 16:46:15 +00:00
Ryan
b0b3c0d80a Disable MBEDTLS_SELF_TEST in the TSan config 
Enabling this causes TSan warnings, as some self-tests use unprotected globals
(see X_count variables in ecp.c). This isn't an issue, as these globals are only
read in self tests, which do not use threads.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-06 16:46:08 +00:00
Ryan
2066d0451f Add test cases for concurrently_generate_keys 
For every generate_key test there is now a concurrently_generate_keys test.
8 threads per test, and 5 repetitions.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-06 16:46:00 +00:00
Ryan
3a1b786d5d Add a concurrent key generation test function 
Split into n threads, each thread will repeatedly generate,
exercise and destroy a key.
Then join the threads, and ensure using PSA_DONE that no keys still exist.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-06 16:45:36 +00:00
Thomas Daubney
a4866945b8 Fix issue with large allocation in tests 
In test_suite_psa_crypto_op_fail.generated.function
the function key_agreement_fail was setting the
public_key_length variable to SIZE_MAX which meant that
a huge allocation was being attempted.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-03-06 16:32:25 +00:00
Paul Elliott
8a2062c538 Merge pull request #8892 from paul-elliott-arm/add_threading_to_drivers 
Ensure drivers have threading enabled if required
 2024-03-06 14:35:49 +00:00
David Horstmann
a5175634b0 Merge branch 'development-restricted' into copying-pake 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-06 11:18:28 +00:00
Moritz Fischer
967f8cde84 library: psa_crypto: Explicitly initialize shared_secret 
When building with -Og (specifically Zephyr with
CONFIG_DEBUG_OPTIMIZATIONS=y) one observes the following warning:

'shared_secret' may be used uninitialized [-Werror=maybe-uninitialized]

Fix this by zero initializing 'shared_secret' similar to the issue
addressed in commit 2fab5c960 ("Work around for GCC bug").

Signed-off-by: Moritz Fischer <moritzf@google.com>
 2024-03-05 22:32:32 +00:00
David Horstmann
714418f2dc Merge pull request #1167 from gabor-mezei-arm/buffer_protection_for_cipher 
Buffer protection for cipher functions
 2024-03-05 18:42:48 +00:00
Gilles Peskine
31403a4ca8 Merge pull request #8678 from daverodgman/quietbuild 
Make builds less verbose
 2024-03-05 18:04:16 +00:00
Gilles Peskine
71cc260563 Merge pull request #8728 from minosgalanakis/features/add_mbedtls_x509_crt_get_ca_istrue_accesor_6151 
[MBEDTLS_PRIVATE] Add mbedtls_x509_crt_get_ca_istrue() accesor
 2024-03-05 18:04:06 +00:00
Dave Rodgman
3c4166aef3 Merge pull request #8863 from minosgalanakis/feature/add_ecdh_context_5016 
[MBEDTLS_PRIVATE] Add a getter for the ECDH context->grp.id member.
 2024-03-05 16:58:13 +00:00
Minos Galanakis
581e63637a test_suite_x509parse: Added test-case for legacy certificate 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-05 14:39:23 +00:00
Paul Elliott
053b7886e5 Ensure drivers have threading enabled if required 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-05 14:27:23 +00:00
Ronald Cron
2e7dfd5181 tls13: Remove unnecessary cast from size_t to uint32_t 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-05 13:48:11 +01:00
Minos Galanakis
87b4f6d86c x509: Reworded documentation bits. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-05 11:05:51 +00:00
Gilles Peskine
d06244b813 Merge pull request #8821 from davidhorstmann-arm/fix-config-bitflag 
Update `SSL_SERIALIZED_SESSION_CONFIG_BITFLAG` with new flags
 2024-03-05 09:59:42 +00:00
Gilles Peskine
8462146d01 Merge pull request #8867 from gilles-peskine-arm/psa_key_attributes-remove_core 
Merge psa_core_key_attributes_t back into psa_key_attributes_t
 2024-03-05 09:59:24 +00:00
Dave Rodgman
a38fad9dad Adjust defaults 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-04 18:27:32 +00:00
Gilles Peskine
ddbe4ae901 Fix intended code blocks that were not suitably indented 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 18:30:09 +01:00
Gabor Mezei
1b5b58d4d9 Fix merge 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-03-04 17:15:08 +01:00
Gábor Mezei
716cf2d4e0 Merge branch 'development-restricted' into buffer_protection_for_cipher 
Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>
 2024-03-04 15:38:05 +00:00
Paul Elliott
634f4d6d7d Merge pull request #8846 from gilles-peskine-arm/ecp-write-ext-3.6 
Introduce mbedtls_ecp_write_key_ext
 2024-03-04 14:56:55 +00:00
David Horstmann
2bb537ec61 Merge pull request #1172 from davidhorstmann-arm/generate-random-buffer-protection 
Add secure buffer copying to `psa_generate_random()`
 2024-03-04 13:23:46 +00:00
Ronald Cron
987cf898db ssl_helpers: Restore rng_seed incrementation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-04 10:24:27 +01:00
Gilles Peskine
fad79fcdd9 Merge remote-tracking branch 'development' into ecp-write-ext-3.6 
Conflicts:
* library/pk.c: mbedtls_pk_wrap_as_opaque() changed in the feature branch
  and was removed in the target branch.
 2024-03-04 08:52:08 +01:00
Minos Galanakis
79ee110446 Added changelog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 02:22:01 +00:00
Minos Galanakis
a83ada4eba tests: Added test for mbedtls_x509_crt_get_ca_istrue() 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 02:22:01 +00:00
Minos Galanakis
2abbac74dc x509: Added mbedtls_x509_crt_get_ca_istrue() API accessor. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 02:22:01 +00:00
Minos Galanakis
3cfdd73dfa Changelog: Added changelog for mbedtls_ecdh_get_grp_id. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-02 09:14:13 +00:00
Ronald Cron
e93cd1b580 tests: ssl: Free write/read test buffers 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 19:30:00 +01:00
Valerio Setti
ada2ec3482 psa_crypto_stubs/changelog: fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-01 18:04:14 +01:00
Ronald Cron
aab4a546bf tests: Set the default conf then customize 
Set the default conf then customize, not the
other way around.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 17:09:22 +01:00
Ronald Cron
10b040fa6f tests: ssl_helpers: Rename rng_get to mbedtls_test_random 
mbedtls_test_ as the prefix for test APIs
_random like in mbedtls_ctr/hmac_drbg_random

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 17:00:38 +01:00
Manuel Pégourié-Gonnard
e33b349c90 Merge pull request #8864 from valeriosetti/issue8848 
Deprecate or remove mbedtls_pk_wrap_as_opaque
 2024-03-01 15:54:32 +00:00