mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-15 03:40:08 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
18,296 Commits 170 Branches 263 Tags
Commit Graph

18296 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
d9d5c7856f Travis: use the in-tree Python package requirements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-18 17:33:33 +01:00
Gilles Peskine
8cbb7b995f Docker: Python requirements are now managed in-tree 
Neither mbed-host-tests nor mock are currently used.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-18 17:33:28 +01:00
Manuel Pégourié-Gonnard
146247de71
Merge pull request #5172 from bensze01/invalid_nonce_error 
PSA: Indicate in the error returned when we know that an AEAD nonce length is invalid, not just unsupported
 2021-11-18 09:41:12 +01:00
Ronald Cron
ac00659480
Merge pull request #5121 from yuhaoth/pr/add-wrapup-and-hello-test 
TLS1.3 MVP: Add finialize states and simplest test
 2021-11-18 09:11:53 +01:00
Gilles Peskine
9172c9c073 Script to install minimum versions of the requirements 
Wherever we have a requirement on foo>=N, install foo==N. This is for
testing, to ensure that we don't accidentally depend on features that are
not present in the minimum version we declare support for.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-17 19:27:45 +01:00
Gilles Peskine
87485a3f28 Add requirement on Jinja to integrate drivers 
Driver implementers need to regenerate wrappers. This will use Jinja2 as
discussed in
https://github.com/ARMmbed/mbedtls/pull/5067#discussion_r738794607

On the development branch, driver integration is always needed to generate
the driver wrapper and thus to build the library, so this requirement
applies to everyone, not just driver implementers. In releases, we plan to
include a default driver wrapper with support for basic use cases only,
meaning that the line `-r driver.requirements.txt` should be removed from
`basic.requirements.txt` in releases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-17 19:27:45 +01:00
Gilles Peskine
9c82cd9f43 Declare which Python packages we use 
Add pip requirements files. We'll have separate requirements files for
different target audiences. Each file can use `-r` lines to include other
files.

This commit adds two requirement files: one with everything that's needed to
pass the CI, and one with additional tools that are suggested for Mbed TLS
maintainers to install locally.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-17 19:27:45 +01:00
Bence Szépkúti
6d48e20d4b Indicate nonce sizes invalid for ChaCha20-Poly1305 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-11-17 18:06:11 +01:00
Bence Szépkúti
357b78e42c Indicate if we know that a nonce length is invalid 
This restores the behaviour found in the previously released versions
and development_2.x.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-11-17 18:06:04 +01:00
Gilles Peskine
b78618e9a3
Merge pull request #5195 from bensze01/test_psa_compliance 
Remove superfluous expected failure from test_psa_compliance
 2021-11-17 17:14:26 +01:00
Bence Szépkúti
1e4423b535 Remove expected failure from test_psa_compliance 
Issue #5143 was fixed in PR #5180.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-11-17 14:42:51 +01:00
Manuel Pégourié-Gonnard
9b9fbda912
Merge pull request #5094 from bensze01/test_psa_compliance 
Run the PSA Compliance test suite in all.sh
 2021-11-17 14:09:57 +01:00
Manuel Pégourié-Gonnard
5a57a51ea5
Merge pull request #5180 from daverodgman/key_derivation_output_key_error_code 
Improve PSA error return code for psa_key_derivation_output_key
 2021-11-17 13:09:37 +01:00
paul-elliott-arm
61f797adfd
Merge pull request #5111 from mprse/aps_mem_leak 
ssl_client2, ssl_server2: add check for psa memory leaks
 2021-11-17 11:54:44 +00:00
Jerry Yu
a6e6c27bd3 Grouplize tls1_3 special functions 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-11-17 17:54:13 +08:00
Jerry Yu
6d38c19582 Add http connection pass check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-11-17 16:03:06 +08:00
Jerry Yu
cfe64f0b24 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-11-17 16:03:06 +08:00
Jerry Yu
e1b1e2de65 Add minimal feature sets test 
Replace original negative test with work test.
Now, we can work with the simple test.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-11-17 16:03:06 +08:00
Jerry Yu
378254d3e3 Implement handshake wrapup 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-11-17 16:03:06 +08:00
Ronald Cron
1726835f4d
Merge pull request #4965 from xkqian/add_client_finished 
Add client finished
 2021-11-17 08:46:53 +01:00
XiaokangQian
3ce4d51c11 Move set_outbound_transform to finalize server finished. 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-17 02:11:36 +00:00
Dave Rodgman
491d849ad1 Fix derive_input test ignoring parameter 
Fix derive_input test hardcoding key type instead of using test argument.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-11-16 16:05:06 +00:00
Dave Rodgman
3f86a90261 Update test to handle changed error code 
Update test to handle changed error code from psa_key_derivation_output_key

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-11-16 16:05:06 +00:00
Dave Rodgman
d69da6c3c3 Improve PSA error return code 
psa_key_derivation_output_key: prioritize BAD_STATE over NOT_PERMITTED

If psa_key_derivation_output_key() is called on an operation which hasn't been
set up or which has been aborted, return PSA_ERROR_BAD_STATE. Only return
PSA_ERROR_NOT_PERMITTED if the operation state is ok for
psa_key_derivation_input_bytes() or psa_key_derivation_output_bytes() but not
ok to output a key.

Ideally psa_key_derivation_output_key() would return PSA_ERROR_NOT_PERMITTED
only when psa_key_derivation_output_bytes() is possible, but this is clumsier
to implement.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-11-16 16:03:31 +00:00
XiaokangQian
a3087e881e Fix finished message decryption fail issue 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-16 02:38:45 +00:00
Tom Cosgrove
fff613aa10 Fix list of LTS braches in CONTRIBUTING.md, and back link from BRANCHES.md 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2021-11-15 13:54:59 +00:00
XiaokangQian
9ec8fcfddd Improve failure messag for calculating verify data 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 08:24:08 +00:00
XiaokangQian
dce82245ac Fix the compile issue about prepare message 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 06:01:26 +00:00
XiaokangQian
0fa6643eb5 Align coding stles and remove useless code 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
35dc625e37 Move the location of functions 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
8773aa0da9 Align coding styles in generic for client finish 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
cc90c94413 Rebase and change code 
Solve conflicts.
Rename functions
Align coding style

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
e1655e4db8 Change naming styles and fix ci failure 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
c00ba81310 Remove MBEDTLS_SSL_NEW_SESSION_TICKET in TLS1.3 MVP 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
eab1023dbf Fix some compiling errors for name mismatch 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
74af2a827e TLS1.3: Add client finish processing in client side 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
Gilles Peskine
834d229117 Fix dynamic library extension on macOS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-12 14:30:22 +01:00
Ronald Cron
bb41a88f2e
Merge pull request #5120 from yuhaoth/pr/fix-memory-leak-and-version-header 
TLS1.3 :fix memory leak and version header
 2021-11-12 13:49:26 +01:00
Ronald Cron
28777db226
Merge pull request #4952 from xkqian/add_server_finished 
Add server finished
 2021-11-12 12:30:10 +01:00
Paul Elliott
853c0da8de Fix for pkcs12 with NULL or zero length password 
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-11 19:26:37 +00:00
XiaokangQian
a4c99f2c2d Remove useless blank line 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-11 06:46:35 +00:00
XiaokangQian
c13f935c05 Align code styles of indent and so on 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-11 06:13:22 +00:00
XiaokangQian
3306284776 Change code base on comments 
Remove client certificate verify in tests.
Change the layout of structure to fix abi_api check issues.
Add comments of Finished.
Align with the coding styles.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-11 03:37:45 +00:00
XiaokangQian
d6d234f698 Solve the ABI_API check issue for mbedtls_ssl_session 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-11 02:22:12 +00:00
Gilles Peskine
7fb54c5674 More explicit output for the test program 
Without that, the logs were a bit hard to understand if you didn't know what
to expect.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 21:08:28 +01:00
Gilles Peskine
f1a7ea88d1
Merge pull request #5092 from mprse/generate_key2 
Generate test cases for PSA key generation
 2021-11-10 20:55:35 +01:00
Gilles Peskine
b6a0299708 Avoid undefined variable warning without MBEDTLS_MD_C 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:11:32 +01:00
Gilles Peskine
88e3e70df5 Use CMake's knowledge of what system library has dlopen() 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:10:27 +01:00
Gilles Peskine
f80a029f28 Don't build dlopen when building for Windows 
Windows doesn't have dlopen, not even Linux emulation environments such as
MinGW.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:05:20 +01:00
Gilles Peskine
5dbee582a3 Only link with libdl on Linux 
Requiring an extra library for dlopen is a Linux non-POSIX-compliance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:05:20 +01:00