mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-20 21:39:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,747 Commits 172 Branches 263 Tags
Commit Graph

30747 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Horstmann
71fa1a94e7 Fix code style 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 12:32:18 +00:00
David Horstmann
76ba26a542 Fixup: add peer_cert_digest_type to comment 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 12:03:35 +00:00
David Horstmann
7335082ef6 Add ChangeLog entry for ssl serialization bitflags 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 11:31:03 +00:00
David Horstmann
f686f1dc17 Fix naming inconsistencies in config bits 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 11:20:32 +00:00
Ronald Cron
fcbf776d06 tests: ssl: Restore write_early_data test function 
For negative testing of early data (tests
related to max_early_data_size in this PR), restore
the test function to write early data that was
first introduced to be able to test the reading
of early data with the writing part and was
removed (as not used anymore) by the PR 8760.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 10:00:47 +01:00
Ronald Cron
25ad10a920 tests: ssl: Improve tls13_srv_max_early_data_size() 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
19bfe0a631 tls13: Rename early_data_count to total_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
70eab45ba6 tls13: generic: Fix log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
dc81b7343f tests: srv max early data size: Add reach_max test arg 
Add the reach_max flag argument for the
test13_srv_max_early_data_size test
function. Non zero value only valid in case
of TEST_EARLY_DATA_ACCEPTED scenario.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
01d273d31f Enforce maximum size of early data in case of HRR 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
919e596c05 Enforce maximum size of early data when rejected 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
2160bfe4e2 tests: ssl: Test enforcement of maximum early data size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
8571804382 tls13: srv: Enforce maximum size of early data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:09 +01:00
Ronald Cron
c286519747 tls13: srv: Do not forget to include max_early_data_size in the ticket 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:03:51 +01:00
Ronald Cron
26a9811027 ssl: Add early_data_count field 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:03:51 +01:00
Ronald Cron
5d3036e6d5 tests: ssl: Add max_early_data_size option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:03:51 +01:00
Dave Rodgman
79aaaa46e9 Fix formatting 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 18:41:36 +00:00
David Horstmann
531aca2810 Fix missing fields in ssl session struct comment 
The endpoint and version were factorized out into the main session.
Update the session struct comment to reflect these new fields, as was
previously missed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 18:14:28 +00:00
David Horstmann
cb01b361e1 Move session descriptions into a single comment 
Describe the TLS 1.2, TLS 1.3 and full session structs in the same
place for ease of reference.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 18:10:13 +00:00
David Horstmann
80a9668762 Add config guards to session struct comments 
This shows which fields of the session are dependent on which config
options.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 18:00:32 +00:00
David Horstmann
e59f970f28 Move session functions to same part of file 
Ensure that session save and load functions are not scattered
throughout ssl_tls.c but are in the same part of the file.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 17:50:44 +00:00
David Horstmann
92b258bb50 Update ssl session serialization config bitflag 
Add config bits for server name indication, early data and record size
limit, which all cause the serialized session to be structured
differently.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 17:41:31 +00:00
David Horstmann
5c5a32f52a Add session config bit for KEEP_PEER_CERTIFICATE 
This config option decides whether the session stores the entire
certificate or just a digest of it, but was missing from the
serialization config bitflag.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 17:41:31 +00:00
Gilles Peskine
469f7811fa Require framework directory to exist when building 
The framework directory will be provided by a submodule.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-29 18:19:56 +01:00
Valerio Setti
d32dd08934 changelog: fix description 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-29 16:28:03 +01:00
Valerio Setti
1a58e9a232 psa_util: change guard for mbedtls_psa_get_random() to CRYPTO_CLIENT 
This commit also:
- updates changelog
- add a stub function to be used in component_test_psa_crypto_client()
  test

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-29 16:14:29 +01:00
Dave Rodgman
87218b364d blank line for readability 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 15:02:30 +00:00
Dave Rodgman
869e310456 Use export to set VERBOSE_LOGS 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 15:02:27 +00:00
Ronald Cron
9b4e964c2c
Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data 
TLS 1.3: Add mbedtls_ssl_write_early_data() API
 2024-02-29 14:31:55 +00:00
David Horstmann
c5688a2629
Merge branch 'development-restricted' into generate-random-buffer-protection 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 14:25:56 +00:00
Valerio Setti
a50190e2df add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-29 15:23:00 +01:00
Signed-off-by: Steven WdV
bcfed50917 Fix compilation on macOS without apple-clang 
Signed-off-by: Steven WdV <swdv@cs.ru.nl>
 2024-02-29 15:19:06 +01:00
David Horstmann
920a932bab
Merge pull request #1153 from tom-daubney-arm/asymmetric_encrypt_buffer_protection 
Implement safe buffer copying in asymmetric encryption
 2024-02-29 14:16:59 +00:00
Dave Rodgman
5f7862a567
Fix docs 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:14:37 +00:00
Dave Rodgman
a3e694c2ad simplify printf call 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:06:49 +00:00
Dave Rodgman
63c94a36f1 improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:06:36 +00:00
Dave Rodgman
2096478034 Add editor hint for emacs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:06:19 +00:00
Dave Rodgman
1f08a3248e Rename quiet to quiet.sh 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-29 14:04:59 +00:00
Valerio Setti
4ee6f81195 add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-29 15:01:21 +01:00
Minos Galanakis
b4ce628b64 tests: Added test for mbedtls_ecdh_context_grp 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-02-29 13:31:34 +00:00
Minos Galanakis
d753738fc0 echd: Added mbedtls_ecdh_get_grp_id getter. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-02-29 13:31:34 +00:00
David Horstmann
7581363122 Fix incorrect conflict resolution 
A return statement was missing in the wrapper generation script.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 11:26:45 +00:00
Gabor Mezei
0b04116cc8
Do not copy the content to the local output buffer with allocation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 10:08:16 +00:00
tom-daubney-arm
840dfe8b41
Merge branch 'development-restricted' into asymmetric_encrypt_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-02-28 15:42:38 +00:00
Gabor Mezei
f1dd0253ec
Remove write check in driver wrappers tests 
This check is intended to ensure that we do not write intermediate
results to the shared output buffer. This check will be made obselete
by generic memory-poisoning-based testing for all functions.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-28 15:18:21 +00:00
Gabor Mezei
358eb218ab
Fix buffer protection handling for cipher_generate_iv 
Use the `LOCAL_OUTPUT_` macros for buffer protection instead of the existing
local variable.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-28 15:17:19 +00:00
Gabor Mezei
b74ac66c8b
Update test wrapper functions for ciper buffer protection 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-28 15:17:18 +00:00
Gabor Mezei
7abf8ee51b
Add buffer protection for cipher_generate_iv and cipher_set_iv 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-28 15:17:18 +00:00
Gabor Mezei
8b8e485961
Move local buffer allocation just before usage 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-28 15:17:18 +00:00
Gabor Mezei
4892d75e9b
Add LOCAL_OUTPUT_ALLOC_WITH_COPY macro if buffer protection is disabled 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-28 15:17:17 +00:00