mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-17 02:43:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,292 Commits 172 Branches 267 Tags
Commit Graph

30292 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Rodgman
bdf0a6d431 remove shebang from quiet 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-26 17:29:10 +00:00
Dave Rodgman
d0e3827ea2 Improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-26 17:28:56 +00:00
Dave Rodgman
c7f05490bb Quote directory name from cmake wrapper 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-26 17:28:42 +00:00
Dave Rodgman
30483dccc0 Undo not-needed change 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-26 17:28:13 +00:00
Dave Rodgman
a9e8dbed14
Allow wrappers to be missing; quote directory name from make 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-26 17:27:18 +00:00
David Horstmann
075c5fb76f Generate test wrappers for psa_generate_random() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-26 17:12:34 +00:00
David Horstmann
6e99bb203f Add buffer copying to psa_generate_random() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-26 17:12:34 +00:00
Gilles Peskine
e22f6a9610 Finish cleaning up override that's no longer needed 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 16:57:31 +01:00
Gilles Peskine
97c0b2f393 Remove domain parameters from psa_key_attributes_t 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 16:57:30 +01:00
David Horstmann
ef950ccb1d Un-unrestore mbedtls_x509_string_to_names() 
Re-restore mbedtls_x509_string_to_names() to public as our example
programs use it, and it is the reverse of mbedtls_x509_dn_gets().

Add a docstring, so that it is a properly documented public function.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-26 13:59:43 +00:00
Thomas Daubney
4a46d73bb0 Suppress pylint 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-26 13:49:26 +00:00
Dave Rodgman
e03088b29e Avoid infinite loop 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-26 12:48:49 +00:00
Dave Rodgman
98a79cdb23 Extract common parts of quiet wrapper 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-26 12:38:45 +00:00
Valerio Setti
061d4e4655 psa: simplify management of mbedtls_psa_drbg_context_t 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-26 12:52:44 +01:00
Dave Rodgman
00bc790d79 Tidy up quiet wrappers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-26 11:43:11 +00:00
Dave Rodgman
219006329d Move quiet wrapper setup 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-26 11:41:19 +00:00
Tom Cosgrove
f4a200f106
Merge pull request #8838 from paul-elliott-arm/improve_test_data_accessors 
Improve test info data accessors
 2024-02-26 11:22:20 +00:00
Valerio Setti
a53e7a5cb5 psa: let mbedtls_psa_get_random() always use psa_generate_random() 
It means that mbedtls_psa_get_random() goes through the PSA interface
all the times. Fallbacks to CTR_DRBG or HMAC_DRBG are still possible,
but that depends on how the crypto provider is built.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-26 12:03:59 +01:00
Gilles Peskine
ae5eb64705 Remove domain parameters from the public API 
Only leave deprecated, minimal non-linkable functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 08:50:53 +01:00
Gilles Peskine
bb6f3ff394 Rename variables 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 08:50:53 +01:00
Gilles Peskine
4c32b69f37 Ignore domain parameters in RSA key generation 
Remove the ability to select a custom public exponent via domain parameters
in RSA key generation. The only way to select a custom public exponent is
now to pass custom production parameters to psa_generate_key_ext().

A subsequent commit will remove domain parameters altogether from the API,
thus this commit does not bother to update the documentation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 08:50:38 +01:00
Valerio Setti
bb91bcda0e psa: move mbedtls_psa_get_random() to psa_util.c 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-26 08:41:33 +01:00
Gilles Peskine
6a2c400b8c typo 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 08:34:06 +01:00
Gilles Peskine
0f63028809
Merge pull request #8815 from gilles-peskine-arm/psa_generate_key_ext-prototype 
Introduce psa_generate_key_ext
 2024-02-26 07:16:49 +00:00
Paul Elliott
9011dae0c1 Improve documentation / comments 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-02-24 10:57:22 +00:00
Paul Elliott
665cf928d9
Merge pull request #8856 from Ryan-Everett-arm/threadsafe-openkey 
Make psa_open_key threadsafe
 2024-02-24 10:29:57 +00:00
Paul Elliott
5a4a6e44ef
Merge pull request #8833 from Ryan-Everett-arm/threadsafe-multiparts 
Make multi-part operations thread-safe
 2024-02-24 10:29:20 +00:00
Tom Cosgrove
817772a6ca
Merge pull request #8716 from mschulz-at-hilscher/feature/gcm_largetable 
Use large GCM tables
 2024-02-23 16:25:38 +00:00
Manuel Pégourié-Gonnard
81c322329e
Merge pull request #8855 from gilles-peskine-arm/benchmark-ecdh-no-legacy 
Remove most uses of MBEDTLS_ALLOW_PRIVATE_ACCESS in test programs
 2024-02-23 09:16:46 +00:00
Gilles Peskine
7f72a06e02 Remove cruft 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 18:41:25 +01:00
Gilles Peskine
f6eb0b8ab0 Changelog entry for benchmark improvement 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 18:40:10 +01:00
Janos Follath
bd0a683e78 Improve changelog 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-02-22 15:48:01 +00:00
tom-daubney-arm
5cd611d144
Merge branch 'development-restricted' into mac_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-02-22 15:26:06 +00:00
Gilles Peskine
673461c389 Improve validation in mpi_exp_mod_min_RR 
Check that the test case is hitting what it's supposed to hit, and that the
library takes the expected defensive measure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 15:22:10 +00:00
Janos Follath
fdab786852 Use TEST_EQUAL instead of TEST_ASSERT in new code 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-02-22 15:19:13 +00:00
Manuel Pégourié-Gonnard
dd9cbf99c2 Benchmark only one side of ECDH, both static and ephemeral 
Static ECDH is of interest to us as developers because it's a generic
scalar multiplication (as opposed to using the standard base point) and
it's useful to have that handy.

For reference the other operations of interest to developers are:
- multiplication of the conventional base point: ECDSA signing is almost
exactly that (just a few field ops on top, notably 1 inversion);
- linear combination: ECDSA verification is almost exactly that too.

Including ephemeral as well, because it's hopefully what's of interest
to most users.

Compared to the previous version, include only one side of the
operations. I don't think including both sides is of interest to anyone.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-02-22 12:29:06 +01:00
Ronald Cron
dcb09ca6df tests: write early data: Improve get_early_data_status testing 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-22 12:22:59 +01:00
Ronald Cron
f19989da31 tls13: Improve sanity check in get_early_data_status 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-22 12:22:53 +01:00
Gilles Peskine
74589ba31c ssl_context_info: explicitly note accesses to private fields 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:12:01 +01:00
Gilles Peskine
72da8b3521 Don't authorize private access to fields where not actually needed 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:07:29 +01:00
Gilles Peskine
abf0be392a fuzz_dtlsserver: explicitly note the one access to a private field 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:07:09 +01:00
Thomas Daubney
5390acada9 Decouple if statements in psa_raw_key_agreement exit. 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-22 11:06:04 +00:00
Gilles Peskine
d5f68976e8 fuzz_pubkey, fuzz_privkey: no real need to access private fields 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:05:35 +01:00
Ronald Cron
8f1de7e029 tls13: Improve documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-22 12:02:39 +01:00
Ronald Cron
7d158f41ca tests: read early data: Use write API to send early data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-22 11:46:08 +01:00
Ronald Cron
110303fbe5 tests: read early data: Add no early data indication sent scenario 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-22 11:46:02 +01:00
Ryan Everett
e110a4c900 Make psa_open_key threadsafe 
This is a simple case of register then unregister

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-22 10:43:24 +00:00
Ronald Cron
86d288c0d4 tests: ssl: Rename tls13_early_data to tls13_read_early_data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-22 11:28:29 +01:00
Ryan Everett
9af70e51c1 Make multi-part AEAD operations thread-safe 
The setup calls are the only calls to use a key ID.
The key is then copied into the operation object,
all future API calls use the copy instead of the key in the slot.

Simultaneous API calls on the same operation object are not thread-safe.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-22 10:27:52 +00:00
Ryan Everett
bbedfcec2e Make multi-part PAKE operations thread-safe 
The only interaction with key IDs here is in the changed function.

Simultaneous API calls on the same operation object are not thread-safe.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-22 10:27:52 +00:00