f68f43a42e
State explicitly USER config files can modify the default config
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-04-13 23:22:20 +02:00
3f49cc14e7
Clarify the "duplicate documentation" remark
...
This remark is intended for maintainers, not for users. It should not have
been in the Doxygen typeset part.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-04-13 23:21:16 +02:00
d5793ce273
Document the section "General configuration options"
...
Replace the copypasta that was there.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-04-13 23:05:10 +02:00
611179c3f5
Fix name mismatch in section end comment
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-04-13 23:04:48 +02:00
6457ef9b3c
Format literal # in a way that doesn't confuse older Doxygen
...
With Doxygen 1.8.11 (as on Ubuntu 16.04), `#include` doesn't protect the
hash character enough, and Doxygen tries to link to something called
include. (Doxygen 1.8.17 doesn't have this problem.)
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-04-11 17:11:33 +02:00
ba4162a526
Place MBEDTLS_CONFIG_FILE and such into a new section
...
Include this new section in the "full for documentation" (`realfull`)
configuration, so that these options are documented in the official
documentation build (`scripts/apidoc_full.sh`).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-04-11 17:04:38 +02:00
7d904e7127
Test MBEDTLS_PSA_CRYPTO_CONFIG_FILE and MBEDTLS_PSA_CRYPTO_USER_CONFIG_FILE
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-04-07 21:59:53 +02:00
e10df779b7
Test MBEDTLS_USER_CONFIG_FILE as such
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-04-07 21:59:53 +02:00
f4798279c0
Remove obsolete comment
...
mbedtls/mbedtls_config.h (formerly mbedtls/config.h) used to be included
directly in many places, so we wanted to test that all of these places
allowed the MBEDTLS_CONFIG_FILE override. Now mbedtls/mbedtls_config.h is
only included via build_info.h, so this is not relevant anymore.
It is no longer particularly useful to test MBEDTLS_CONFIG_FILE with the
full config, but it isn't harmful either, so keep it that way.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-04-07 21:59:53 +02:00
2003c2f455
Simplify build_mbedtls_config_file
...
$CONFIG_H no longer includes check_config.h since Mbed TLS 3.0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-04-07 21:40:25 +02:00
f4c6eb0a49
Support alternative MBEDTLS_PSA_CRYPTO_CONFIG_FILE
...
When MBEDTLS_PSA_CRYPTO_CONFIG is enabled, support an alternative file to
include instead of "psa/crypto_config.h", and an additional file to include
after it. This follows the model of the existing MBEDTLS_{,USER_}CONFIG_FILE.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-04-07 21:40:22 +02:00
750596e6d6
Improve documentation of MBEDTLS_PSA_CRYPTO_CONFIG
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-03-17 12:26:28 +01:00
a02c124006
Document MBEDTLS_CONFIG_FILE and MBEDTLS_USER_CONFIG_FILE
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-03-17 12:26:28 +01:00
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
...
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal
...
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
2022-03-14 12:57:37 +00:00
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc
...
PSA: implement key derivation for ECC keys
2022-03-14 09:17:13 +01:00
b38f797a24
Add change log entry for psa ECC key derivation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-11 14:12:34 +01:00
81d903f5aa
Merge pull request #5510 from SiliconLabs/feature/PSEC-3269-MD-X.509-hashing
...
feat: MD: X.509 hashing
2022-03-10 20:16:43 +01:00
afb482897b
Merge pull request #5292 from mprse/asym_encrypt
...
Driver dispatch for PSA asymmetric encryption + RSA tests
2022-03-10 20:07:38 +01:00
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
...
server certificate selection callback
2022-03-10 11:51:42 +01:00
9bff95f051
Adjust comment describing mbedtls_ssl_set_hs_own_cert()
...
mbedtls_ssl_set_hs_own_cert() is callable from the certificate selection
callback.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-03-10 04:45:27 -05:00
73e91e13a6
Merge pull request #2229 from RonEld/fix_test_md_api_violation
...
Fix test md api violation
2022-03-10 09:21:47 +00:00
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn
...
Port ALPN support for tls13 client from tls13-prototype
2022-03-08 17:53:38 +00:00
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c
...
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
2022-03-08 11:43:45 +01:00
c85f0912c4
psa_crypto.c, test_suite_psa_crypto.function: fix style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-08 11:37:54 +01:00
f8614a0ec2
asymmetric_encryption.h: trim trailing spaces
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-08 10:48:35 +01:00
b6bdebde5e
asymmetric_encrypt: handle forced output
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-08 10:32:18 +01:00
d5e5c8b58d
asymmetric_encrypt: add remining test driver cases
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-08 10:31:07 +01:00
c9c967c812
Fix RSA sanity checks for asymmetric_encrypt
...
* Remove expected_output_data: since asymmetric encryption is randomized,
it can't be useful.
* The decryption check needs the private exponent, not the public exponent.
* Use PSA macro for the expected ciphertext buffer size.
* Move RSA sanity checks to their own function for clarity.
* For RSAES-PKCS1-v1_5, check that the result of the private key operation
has the form 0x00 0x02 ... 0x00 M where M is the plaintext.
* For OAEP, check that the result of the private key operation starts with
0x00. The rest is the result of masking which it would be possible to
check here, but not worth the trouble of implementing.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-03-07 21:18:37 +01:00
44311f5c98
Merge pull request #5571 from superna9999/5162-pk-rsa-signing
...
PK: RSA signing
2022-03-07 17:09:14 +01:00
6bf5c8cb1d
Merge pull request #5506 from superna9999/4964-extend-psa-one-shot-multipart
...
Extend PSA operation setup tests to always cover both one-shot and multipart
2022-03-07 17:04:37 +01:00
15364ffb03
Merge pull request #5579 from SiliconLabs/erase_secret_before_free
...
Erase secrets in allocated memory before freeing said memory
2022-03-07 17:04:04 +01:00
fdfc10b250
Merge pull request #4408 from gilles-peskine-arm/storage-format-check-mononicity
...
Check storage format tests for regressions
2022-03-07 17:02:34 +01:00
72373f3819
WIP: Add asymmetric_encrypt test case
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-07 16:48:18 +01:00
b9ca22dead
Improving readability of x509_crt and x509write_crt for PR
...
Signed-off-by: pespacek <peter.spacek@silabs.com >
2022-03-07 13:59:44 +01:00
d924e55944
Improving readability of x509_crt and x509write_crt
...
Signed-off-by: pespacek <peter.spacek@silabs.com >
2022-03-07 13:31:54 +01:00
7a58208809
Change names rsa->asymmetric_encryption
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-07 10:49:04 +01:00
fd4c259a7b
Use PSA_INIT() in mac_multipart_internal_func()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-03-07 10:11:11 +01:00
7fc0751f78
Restore build options for mbedtls_ecc_group_of_psa() and related functions
...
Additional issue created to simplifiy usage of BUILTIN_KEY_TYPE_xxx && BUILTIN_ALG_yy macros https://github.com/ARMmbed/mbedtls/issues/5596
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-06 20:43:46 +01:00
dcf2ff53c8
Ensure files get closed when they go out of scope
...
This is automatic in CPython but not guaranteed by the language. Be friendly
to other Python implementations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-03-04 20:02:00 +01:00
4a9630a651
Fix typo and align on US spelling
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-03-04 20:00:29 +01:00
70245bee01
Add ChangeLog entry for fix to mbedtls_md_process() test
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-03-04 16:48:49 +00:00
0df1ecd5fd
Fix test_suite_md API violation
...
Add a call to `mbedtls_md_starts()` in the `mbedtls_md_process()`
test, as it violates the API usage. Fixes #2227 .
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-03-04 16:48:17 +00:00
f25b16cadd
test_psa_compliance: update tag to fix-pr-5139-3
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-04 14:25:09 +01:00
541318ad70
Refactor ssl_context_info time printing
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
554b820747
Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
469fa95cbc
Add the timing test dependency on MBEDTLS_HAVE_TIME
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
6056e7af4f
Fix benchmark and udp_proxy dependency on MBEDTLS_HAVE_TIME
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
09e803ce0d
Provide a dummy implementation of timing.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
06a00afeec
Fix requirement mismatch in fuzz/common.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
