mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-25 00:39:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
22,479 Commits 172 Branches 263 Tags
Commit Graph

22479 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Manuel Pégourié-Gonnard
2b7ad6472b Document all effects of MBEDTLS_ECP_RESTARTABLE 
It might not be obvious that this option goes beyond adding new
functions, but also automagically modifies the behaviour of TLS
in some circumstances. Moreover, the exact modifications and
circumstances were not documented anywhere outside the ChangeLog.

Fix that.

While at it, adjust the test that checks no restartable behaviour with
other key exchanges, to use a key exchange that allows cert-based client
authentication so that we can check that this is not restartable either.

We don't have any automated test checking that the server is never
affected. That would require adding an ec_max_ops command-line option to
ssl_server2 that never has any effect, just to check that it indeed
doesn't. I'm not sure that's worth it. I tested manually and could
confirm that the server never has restartable behaviour, even for the
parts that are shared between client and server such as cert chain
verification.

Note (from re-reading the code): all restartable behaviour is controlled
by the flag ssl->handshake->ecrs_enabled which is only client-side with
the ECDHE-ECDSA key exchange (TLS 1.2).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-12-06 10:54:35 +01:00
Dave Rodgman
80f8c679c5
Merge pull request #6709 from daverodgman/pkcs7-docs 
Add warnings & disable PKCS #7 by default
 2022-12-05 16:24:29 +00:00
Dave Rodgman
e1cda441a0
Merge pull request #6722 from daverodgman/fix_pr_template_link 
Fix broken link
 2022-12-05 13:23:17 +00:00
Dave Rodgman
dbcbf44d65
Update include/mbedtls/mbedtls_config.h 
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-05 11:15:10 +00:00
Dave Rodgman
ca6d6614a6 Fix broken link 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-05 10:48:23 +00:00
Dave Rodgman
235d1d8519 Improve wording 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-01 18:45:02 +00:00
Dave Rodgman
6ebaf7a1f8 Whitespace fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-01 18:33:58 +00:00
Dave Rodgman
bc5f03dabc Disable PKCS7 by default; improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-12-01 18:32:23 +00:00
Dave Rodgman
c3902ac661
Merge pull request #6698 from wernerlewis/bignum_mod_py 
Bignum: Enable test generation from bignum_mod.py
 2022-12-01 11:48:14 +00:00
Paul Elliott
266f79c136
Merge pull request #6426 from aditya-deshpande-arm/driver-wrapper-key-agreement 
Add driver dispatch layer for raw key agreement, along with test call for transparent drivers.
 2022-12-01 11:40:52 +00:00
Werner Lewis
cff7578822 Add imports to bignum_mod 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-30 16:34:07 +00:00
Aditya Deshpande
5484e96117 Add changelog entry 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-30 15:56:42 +00:00
Gilles Peskine
a942b370fe
Merge pull request #6694 from tom-cosgrove-arm/fix-name-of-basic-build-test.sh 
Fix the name of basic-build-test.sh within the file
 2022-11-30 16:19:55 +01:00
Werner Lewis
c84b731941 Enable test generation from bignum_mod.py 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-11-30 14:43:31 +00:00
Tom Cosgrove
fc2ac75453 Fix the name of basic-build-test.sh within the file 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-11-30 11:13:00 +00:00
Ronald Cron
7df787c019
Merge pull request #6538 from yuhaoth/pr/tls13-add-early-data-transform-computation 2022-11-30 09:56:00 +01:00
Gilles Peskine
72bffe02b7
Merge pull request #6663 from davidhorstmann-arm/fix-typo-unsupported 
Fix typo 'unsupoported' -> 'unsupported'
 2022-11-29 21:44:27 +01:00
Gilles Peskine
edaa17b350
Merge pull request #6547 from yanesca/extract_mod_exp_from_prototype 
Bignum: Extract mod exp from prototype
 2022-11-29 21:40:07 +01:00
Aditya Deshpande
b6bc7524f9 Minor formatting fixes to address code review comments 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-29 16:53:29 +00:00
Gilles Peskine
bfec9d0df7
Merge pull request #6676 from davidhorstmann-arm/cmake-get-skip-test-from-env 
Tell cmake to get SKIP_TEST_SUITES from ENV
 2022-11-29 14:25:50 +01:00
Manuel Pégourié-Gonnard
7f5bc5c40f
Merge pull request #6681 from mpg/changelog-6264 
Add ChangeLog entry for DTLS Connection ID
 2022-11-29 11:34:11 +01:00
Manuel Pégourié-Gonnard
0b9b560770
Merge pull request #6601 from valeriosetti/issue6502 
Avoid assumptions about implementation in EC J-PAKE tests
 2022-11-29 11:21:23 +01:00
Manuel Pégourié-Gonnard
f9720cfa78
Merge pull request #6670 from gilles-peskine-arm/pkcs7-use-after-free-20221127 
PKCS7: Fix some memory management errors
 2022-11-29 11:17:27 +01:00
Manuel Pégourié-Gonnard
37d41c79b8 Add ChangeLog entry for DTLS Connection ID 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-29 10:20:15 +01:00
Manuel Pégourié-Gonnard
ffc330fafa
Merge pull request #6264 from hannestschofenig/rfc9146_2 
CID update to RFC 9146
 2022-11-29 09:25:14 +01:00
Jerry Yu
aec08b3f42 fix various format issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-29 15:19:27 +08:00
Gilles Peskine
a13f5eb7b8 Add missing dependency for the fuzzer-constructed test data 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-28 21:30:04 +01:00
Janos Follath
97915c8685
Merge pull request #6619 from minosgalanakis/bignum/add_high_lv_IO_methods 
Bignum: Adding High level I/O methods
 2022-11-28 17:27:48 +00:00
Janos Follath
1f8afa22a4 Bignum Mod: improve documentation and style 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-28 14:58:08 +00:00
Aditya Deshpande
1ac41dec09 Add test function for opaque driver (simply returns PSA_ERROR_NOT_SUPPORTED), and address other review comments. 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2022-11-28 14:46:30 +00:00
Manuel Pégourié-Gonnard
095c4756ee
Merge pull request #6674 from AndrzejKurek/ecjpake-changelog 
Add a changelog entry explaining usage of PSA in TLS 1.2 EC J-PAKE
 2022-11-28 12:44:38 +01:00
Valerio Setti
a34d0308cc test: psa_pake: fix dependency 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-28 11:46:36 +01:00
Janos Follath
84bee4c492 mbedtls_mpi_mod_write: improve readability 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-11-28 10:27:14 +00:00
David Horstmann
3861062f6b Tell cmake to get SKIP_TEST_SUITES from ENV 
If the variable SKIP_TEST_SUITES is not defined with -D, but is defined
in an environment variable, tell cmake to get it from there.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-28 10:18:05 +00:00
Jerry Yu
3d78e08ac0 erase early secrets and transcripts 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu
a5db6c0ce3 fix coding style issues. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu
e31688b7fa fix comments issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu
a8771839e8 Refactor make_traffic_keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu
3ce61ffca6 fix comments and function name issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu
b094e124f2 fix various issues 
- Alignments
- comment words in doxygen paragraph

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu
91b560f38d Add compute early transform 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu
3d9b590f02 guards transform_earlydata 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu
84a6edac10 change signature of get_cipher_key_info 
- it is a static function. The name is not follow nameing ruler
- move the position.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Andrzej Kurek
a6ab9d8b12 Add a changelog entry explaining usage of PSA in TLS 1.2 EC J-PAKE 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-11-28 03:55:27 -05:00
Ronald Cron
13256ba65c
Merge pull request #6667 from gilles-peskine-arm/lib-crypto-modules-202211 
Move SSL modules out of libmbedcrypto
 2022-11-28 08:51:49 +01:00
Gilles Peskine
4f01121f6e Fix memory leak on error in pkcs7_get_signers_info_set 
mbedtls_x509_name allocates memory, which must be freed if there is a
subsequent error.

Credit to OSS-Fuzz (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53811).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-27 22:02:10 +01:00
Gilles Peskine
e7f8c616d0 Fix dangling freed pointer in pkcs7_free_signer_info 
This may have been a use-after-free, but I haven't worked out whether it was
a problem or not. Even if it turns out to have been ok, keeping invalid
pointers around is fragile.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-27 21:55:29 +01:00
Gilles Peskine
47a732635b Simplify control flow in PKCS7 functions 
Remove useless goto in several functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-27 21:55:29 +01:00
Gilles Peskine
391005cb3b Fix structures initialized too late in tests 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-27 21:55:29 +01:00
Gilles Peskine
2336555444 Improve test failure reporting 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-27 21:55:29 +01:00