mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-13 04:13:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
22,189 Commits 174 Branches 263 Tags
Commit Graph

22189 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Hanno Becker
ec440f2397 bignum_mod_raw: Ported mbedtls_mpi_get_montgomery_constant_unsafe from prototype 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:08:08 +01:00
Gilles Peskine
383b0bbea0
Merge pull request #6461 from tom-cosgrove-arm/fix-mbedtls_mpi_mod_modulus_init-calls-in-tests 
mbedtls_mpi_mod_modulus_init() must be called before any 'goto exit' in tests
 2022-10-25 13:40:17 +02:00
David Horstmann
3a334c2edc Minor improvements to ssl_tls12_server.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 10:53:44 +01:00
David Horstmann
7aee0ec0ba Minor improvements in ssl_client.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 10:38:25 +01:00
David Horstmann
6e11687ba5 Minor improvements to ecp.c changes 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 10:32:08 +01:00
David Horstmann
9b0eb90131 Rename ARIA_SELF_TEST_IF_FAIL 
Change to ARIA_SELF_TEST_ASSERT

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 10:23:34 +01:00
David Horstmann
059848ff23 Minor changes to asn1write.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-25 10:16:45 +01:00
Xiaokang Qian
65fc0de894 Improve the prerequisites for early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-25 09:08:57 +00:00
Gilles Peskine
e5a715e8c0
Merge pull request #6449 from gilles-peskine-arm/bignum-core-shift_r 
Bignum core: shift_r
 2022-10-25 10:40:39 +02:00
Gilles Peskine
af8ea3f738
Merge pull request #6468 from gilles-peskine-arm/bignum-test-suite-names 
Rename test_suite_bignum for consistency
 2022-10-25 10:40:29 +02:00
Xiaokang Qian
d69d06fffa Improve format issue 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-25 06:51:25 +00:00
Xiaokang Qian
95a0730f17 Change prerequisites of MBEDTLS_SSL_EARLY_DATA and add related check 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-25 05:34:48 +00:00
Xiaokang Qian
72de95dcf5 Move function mbedtls_ssl_tls13_conf_early_data to ssl_tls.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-25 05:34:25 +00:00
Xiaokang Qian
600804b0e7 Remove useless early data related macros for the time being 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-25 03:00:18 +00:00
Xiaokang Qian
54413b10c2 Add early data support preparatory work 
Add MBEDTLS_SSL_EARLY_DATA configuration option
Define early_data_enabled field in mbedtls_ssl_config
Add function mbedtls_ssl_conf_early_data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-25 03:00:18 +00:00
Andrzej Kurek
2c7993c456 depends.py: add a config option to unset MBEDTLS_USE_PSA 
This lets us perform any test without MBEDTLS_USE_PSA
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-24 15:56:10 -04:00
Andrzej Kurek
409248a73a mbedtls_ssl_get_handshake_transcript is unusable without hashes 
Mark unused variables when compiling without
SHA256 and SHA384. In future a proper dependency
will be added to TLS 1.2 to enforce either of these hashes
to be on.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-24 15:56:10 -04:00
Andrzej Kurek
57d1063db9 Fix tls_prf generic dependencies 
One version was already surrounded by the USE_PSA define,
so the VIA_XX_OR_XX macros were removed;
Second version is when USE_PSA is undefined, so MBEDTLS_
macros can be used. 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-24 15:56:10 -04:00
Andrzej Kurek
468c50656e Fix key exchange dependencies for ssl_parse_server_ecdh_params 
Resulting from particular configs in which this code is used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-24 15:55:18 -04:00
Ronald Cron
2012361ae6
Merge pull request #6448 from ronald-cron-arm/tls13-kex-build-options 
TLS 1.3 Introduce and use key exchange mode config options
 2022-10-24 15:21:37 +02:00
David Horstmann
3f44e5b11a Refactor macro-spanning if in ssl_server2.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-24 13:12:19 +01:00
David Horstmann
f160ef1dd1 Refactor macro-spanning if in ssl_client2.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-24 13:11:38 +01:00
Przemek Stekiel
ab0451bc2c Fix build command in test_psa_crypto_config_reference_hash_use_psa 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-24 11:29:35 +02:00
Manuel Pégourié-Gonnard
72ef7c0390
Merge pull request #6463 from AndrzejKurek/fix-crypo-typo 
Fix a typo and dependencies in test_suite_cipher.[aes|gcm|ccm]
 2022-10-24 11:06:22 +02:00
Manuel Pégourié-Gonnard
4c89542086
Merge pull request #6465 from mpg/pr-template-changelog 
Make ChangeLog more visible in PR template
 2022-10-24 10:46:31 +02:00
Przemek Stekiel
c86dedfdc1 Fix code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-24 09:16:04 +02:00
Przemek Stekiel
58bbc23ca3 Use coverage analyze as default task 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-24 08:10:10 +02:00
Yanray Wang
7f9ddb584a
Merge branch 'Mbed-TLS:development' into ssl_client2-add-build-version 2022-10-24 12:19:39 +08:00
Ronald Cron
454eb9172d ssl-opt.sh: Fix list of TLS 1.2 key exchanges with cert 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
10bf956334 tls13: Fix documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
083da8eb53 tls13: client: Improve coding style 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
70ed41754d ssl-opt.sh: Simplify TLS 1.3 dependencies 
Simplify TLS 1.3 dependencies taking into
account that
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
implies that MBEDTLS_SSL_PROTO_TLS1_3 is
defined.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
5de538c9dd ssl-opt.sh: Remove requires_key_exchange_with_cert_in_tls12_enabled 
Remove requires_key_exchange_with_cert_in_tls12_enabled
and use `requires_any_configs_enabled` directly instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
a2900bcd1e tls13: keys: Simplify code guard 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
9810b6d0b7 Fix kex config options documentation in tls13-support.md 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
c3f43b663e all.sh: Add components testing TLS 1.3 kex partial enablement 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
571f1ff6dc Make sure TLS 1.2 kex macros are undefined in builds without TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
8328113cad ssl-opt.sh: Fix some test checks for ephemeral only kex build 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
766c0cdb1f tls13: Add missing kex guards 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
82be0d4b4d tls13: Do not use MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
de08cf3543 tls13: Do not use MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED 
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
59625848e6 ssl-opt.sh: TLS 1.3 kex: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_*ENABLED 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED 
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED 
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
41a443a68d tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED 
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
928cbd34e7 tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.

Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
d8d2ea5674 Add TLS 1.3 key exchange mode config options 
Add TLS 1.3 specific configuration options
to enable/disable the support for TLS 1.3
key exchange modes.

These configurations are introduced to
move away from the aforementioned
enablement/disablement based on
MBEDTLS_KEY_EXCHANGE_xxx_ENABLED options
that relate to group of TLS 1.2
ciphersuites.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:41:57 +02:00
Andrzej Kurek
ba970be142 Fix test dependencies for cases that are PSA-based 
These should be using PSA-type macros, not MBEDTLS_XXX_C.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-21 13:39:00 -04:00
Gilles Peskine
fc4f11b5d0 Improve test component name 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-21 19:34:54 +02:00
Gilles Peskine
a020d535ad Avoid having both test_suite_XXX.data and test_suite_XXX.*.data 
Although our build scripts support that, it's annoying, because it makes
"test_suite_XXX" ambiguous between "all the data for
test_suite_XXX.function" and "just test_suite_XXX.data".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-10-21 19:00:38 +02:00