mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-23 21:39:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
28,526 Commits 172 Branches 263 Tags
Commit Graph

28526 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Jerry Yu
28e7c554f4 Change the bottom of tolerance window 
The unit of ticket time has been changed to milliseconds.
And age difference might be negative

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
3ff0b1fda3 Cleanup ticket negative tests. 
- improve comments
- case 3/4 is for server age check.
- case 5/6 is for client age check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
31b601aa15 improve comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
8cf44953b2 guards ticket creation field 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
28547c49ed update tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
ec6d07870d Replace start with ticket_creation 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
702fc590ed Add ticket_creation field 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
f16efbc78d fix various issues 
- Add comments for ticket test hooks
- improve code style.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
03511b00aa Replace c99 fmt macro 
For c99 compatible compilers, we use PRI64d
and others use official fix.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
fe38e948b8 Add changelog entry for anti_replay_fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
cebffc3446 change time unit of ticket to milliseconds 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Gilles Peskine
8b1a124126
Merge pull request #8438 from yuhaoth/pr/disable-stdout-for-config-query-call 
Disable stdout in require_*_configs_* functions
 2023-11-20 18:27:03 +00:00
David Horstmann
89875a4f20 Rename "output_copy" -> "local_output" 
This helps to prevent confusion as it avoids overloading the word
"copy" as both an action and an object.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-20 17:55:13 +00:00
David Horstmann
f1734054fa Rename "input_copy" -> "local_input" 
This helps to prevent confusion as it avoids overloading the word
"copy" as both an action and an object.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-20 17:54:57 +00:00
Gilles Peskine
b86873e6eb Merge remote-tracking branch 'development' into development-restricted 2023-11-20 18:43:21 +01:00
Valerio Setti
d0eebc1f94 ccm/gcm: improve code maintainability 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-20 15:17:53 +01:00
Gilles Peskine
885bcfc9d0
Merge pull request #7649 from yuhaoth/pr/add-command-for-server9-bad-saltlen 
Add command for server9-bad-saltlen
 2023-11-20 14:07:19 +00:00
Gilles Peskine
473ff34d59
Merge pull request #8489 from valeriosetti/issue8482 
Make CCM* and CCM independent
 2023-11-20 14:07:14 +00:00
Gilles Peskine
6267dd59c8
Merge pull request #8463 from gilles-peskine-arm/metatest-create 
Create a metatest program
 2023-11-20 14:07:08 +00:00
David Horstmann
2f307b4216 De-abbreviate "len" -> "length" 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-20 13:04:06 +00:00
David Horstmann
671f5f539e Change psa_crypto_copy_output error code 
When we are copying output, it makes sense to return
PSA_ERROR_BUFFER_TOO_SMALL since the buffer we are copying to is a user
output buffer.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-20 13:03:43 +00:00
David Horstmann
9abf535078 Add initializers for input / output copies 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-20 12:29:54 +00:00
Manuel Pégourié-Gonnard
a4e7953f59
Merge pull request #8527 from lpy4105/issue/6324/driver-only-cipher+aead-tls-compat 
[G3] Driver-only cipher+aead: TLS: compat.sh
 2023-11-20 09:37:06 +00:00
Ronald Cron
97137f91b6
Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field 
TLS 1.3 EarlyData: add `max_early_data_size` field for ticket
 2023-11-20 08:04:57 +00:00
BrianX7c
5c7ab6fe86
[cipher.h] Arithmetic overflow in binary left shift operation (MBEDTLS_KEY_BITLEN_SHIFT) 
Fixing arithmetic overflow warning (C6297), if compiled in Visual Studio

Signed-off-by: BrianX7c <151365853+BrianX7c@users.noreply.github.com>
 2023-11-18 11:07:37 +01:00
Valerio Setti
dd426da7b8 added changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-17 08:33:31 +01:00
David Horstmann
365df3f16c Remove unnecessary checks for NULL-ness of copies 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-16 20:30:36 +00:00
David Horstmann
58909704e3 Check for len == 0 rather than buffer == NULL 
This makes the intention clearer

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-16 20:26:16 +00:00
David Horstmann
bab3e76da5 Fix code style in psa_crypto_core.h 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-16 20:21:19 +00:00
David Horstmann
0fca150b81 Compare buffers even for zero-length cases 
This enables us to test that lengths are correctly zero when the buffer
pointer is NULL.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-16 20:12:17 +00:00
David Horstmann
23f1122838 Use TEST_CALLOC_NONNULL 
Check that input/output copying works for zero-length NULL input
buffers.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-16 20:01:32 +00:00
David Horstmann
b4e3f36918 Change data pattern to simpler one 
Just use the index modulo 256, as this has a greater stride and is
simpler to use.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-16 19:57:25 +00:00
Thomas Daubney
dd2a09a22b Introduce demo script for PSA hash program 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-11-16 18:45:55 +00:00
Paul Elliott
9e25936241 Rename mutex->is_valid to mutex->state 
Rename struct member to make it more representative of its current use.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-11-16 15:14:16 +00:00
Paul Elliott
3774637518 Make threading helpers tests thread safe 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-11-16 15:13:49 +00:00
Paul Elliott
5fa986c8cb Move handling of mutex->is_valid into threading_helpers.c 
This is now a field only used for testing.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-11-16 15:13:05 +00:00
Gilles Peskine
2f40cc05f0 Improve explanations of what bad thing a metatest does 
Especially clarify the situation with respect to mutex usage.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-16 15:13:38 +01:00
Gilles Peskine
ad2a17eb60 Uniformly use MBEDTLS_THREADING_C guards 
Since the code compiles with MBEDTLS_THREADING_C, not just with
MBEDTLS_THREADING_PTHREAD, use MBEDTLS_THREADING_C as the guard. The runtime
behavior is only as desired under certain conditions that imply
MBEDTLS_THREADING_PTHREAD, but that's fine: no metatest is expected to pass
in all scenarios, only under specific build- and run-time conditions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-11-16 15:09:48 +01:00
Ryan Everett
975d411d92 Only set slot to OCCUPIED on successful key loading 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-11-16 13:37:51 +00:00
Valerio Setti
9b7a8b2a0c ccm/gcm: reaplace CIPHER_C functions with BLOCK_CIPHER_C ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-16 11:48:00 +01:00
Yanray Wang
19e4dc8df7 tls: fix unused parameter in mbedtls_ssl_cipher_to_psa 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-16 18:05:51 +08:00
Valerio Setti
8db46e4ee1 check_config: remove dependency check of CCM_C/GCM_C on CIPHER_C 
CCM_C/GCM_C can now work with either (in order of preference) CIPHER_C
or BLOCK_CIPHER_C and the latter is auto-enabled in case the former
is not enabled. As a consequence there is no need to enforce the
dependency on CIPHER_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-16 10:58:27 +01:00
Valerio Setti
dbfd6a9f62 adjust_legacy_crypto: auto-enable BLOCK_CIPHER_C when CIPHER_C is not defined 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-16 10:56:00 +01:00
Pengyu Lv
7afd9a4663 Change the test messages 
We are now testing driver-only cipher+aead with full config.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-16 17:55:25 +08:00
Yanray Wang
4ed8691f6d ssl: move MBEDTLS_SSL_HAVE_XXX to config_adjust_legacy_crypto.h 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-16 15:20:57 +08:00
Valerio Setti
59de2ae6de all.sh: re-enable CCM/GCM in test_full_no_cipher() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-16 08:20:27 +01:00
Yanray Wang
1a369d68aa ssl_tls: add missing guard for mbedtls_ssl_cipher_to_psa 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-16 15:17:33 +08:00
Pengyu Lv
c5d4c46983 Add missing PSA init 
EC might be supported through PSA, so use `MD_OR_USE_PSA_INIT`
in pk_parse_{public_}keyfile_ec.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-16 09:07:28 +08:00
David Horstmann
c5cc1c3a92 Remove redundant NULL check 
A NULL buffer with a non-zero length is an internal error, so just
check the length.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-15 18:11:26 +00:00
David Horstmann
777e74130f Skip call to memcpy if buffer length is zero 
This allows the copy functions to work when passed a (NULL, 0) buffer.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-11-15 17:38:46 +00:00