mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-03 20:54:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
18,775 Commits 170 Branches 263 Tags
Commit Graph

18775 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Andrzej Kurek
77b8e098f9 Add missing MBEDTLS_ASN1_WRITE_C dependency in test_suite_psa_crypto 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:34:23 -05:00
Andrzej Kurek
7a58d5283b Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED 
Fix dependencies across test ssl programs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:34:02 -05:00
Andrzej Kurek
ad2b8b5c3c Fix a dependence in chacha cipher test suite 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 07:35:27 -05:00
Andrzej Kurek
ee8b57ffa6 Add missing dependency on MBEDTLS_GCM_C in cipher tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 07:08:27 -05:00
Andrzej Kurek
57d2f13ebc Mark unused variable in tests for cases with reduced configs 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 07:08:27 -05:00
Sebastian Bøe
24e88018d2 Add missing config check for PKCS5. 
PKCS5 depends on MD, but is missing a config check resulting in
obscure errors on invalid configurations.

Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
 2022-01-19 12:04:35 +01:00
Manuel Pégourié-Gonnard
aab5258b7a Avoid using %zu, not supported everywhere yet. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-19 10:28:32 +01:00
Manuel Pégourié-Gonnard
24e82ded79 Fix type of temporary variable 
Both functions use int. Using size_t results is a warning from MSVC.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:29:41 +01:00
Manuel Pégourié-Gonnard
d2da19b8eb
Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes 
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
 2022-01-18 09:16:25 +01:00
Manuel Pégourié-Gonnard
ec3fd75cbc Update strategy with late 2021 discussion 
Unless I missed something, this should now reflect the current strategy.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:15 +01:00
Manuel Pégourié-Gonnard
5218774efb Add note about HKDF for TLS 1.3 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
ab1d3084b7 Goal 1 tasks are now all reflected on github 
Replace descriptions with links just to double-check nothing has been
forgotten.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
0950359220 Improve "abstraction layers" section 
- fix inaccuracy about PSA hash implementation
- add note about context-less operations
- provide summary

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
a6c601c079 Explain compile-time incompatibilities 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
7497991356 Expand discussion of goals 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
e459be2ed1 Complete discussion of RSASSA-PSS 
Update to latest draft of PSA Crypto 1.1.0: back to strict verification
by default, but ANY_SALT introduced.

Commands used to observe default values of saltlen:

    openssl genpkey -algorithm rsa-pss -out o.key
    openssl req -x509 -new -key o.key -subj "/CN=CA" -sha256 -out o.crt

    certtool --generate-privkey --key-type rsa-pss --outfile g.key
    certtool --generate-self-signed --load-privkey g.key --outfile g.crt

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
f5ee4b3da4 Add data about RSA-PSS test files 
Data gathered with:

    for c in server9*.crt; do echo $c; openssl x509 -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in crl-rsa-pss-*; do echo $c; openssl crl -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done
    for c in server9.req.*; do echo $c; openssl req -noout -text -in $c |
        grep '^    Signature Algorithm: rsassaPss' -A3 | sed '1d'; done

Unfortunately there is no record of how these files have been generated.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
b902164cf0 Add temporary list of tasks for G1 and G2 
Work in progress, some tasks have very explicit definitions and details
on how to execute, others much less so; some may need splitting.

These documents are temporary anyway, to give a rough idea of the work
remaining to reach those goals (both of which we started, but only for
some use case so far). Ultimately the result will be actionable and
estimated tasks on github.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
d9edd56bf8 Document PSA limitations that could be problems 
(WIP: the study of RSA-PSS is incomplete.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
b89fd95146 Document the general strategy for PSA migration 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
1b52d09494 Document test strategy for USE_PSA_CRYPTO 
Note: removed `mbedtls_x509write_crt_set_subject_key()` from the list of
things that should be tested, as it's taking public key rather than a
keypair.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:14 +01:00
Manuel Pégourié-Gonnard
0d0a104b2d Add study for TLS/X.509 dependencies on crypto 
This is an updated version of the study that was done a few years ago.

The script `syms` was used to list symbols form libmbedtls.a /
libmbedx509.a that are defined externally. It was run with config.py
full minus MBEDTLS_USE_PSA_CRYPTO minus
MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:13:00 +01:00
Gabor Mezei
29ec0c42f1
Remove unneeded changelog entry 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-01-17 15:21:02 +01:00
Manuel Pégourié-Gonnard
a15503fcdd
Merge pull request #5344 from AndrzejKurek/psa-aead-more-generate-nonce-combinations 
PSA AEAD: test more combinations of generate_nonce and set_lengths
 2022-01-17 13:12:04 +01:00
Manuel Pégourié-Gonnard
763641a3f5 Rm use of non-standard __func__ in example programs 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-17 11:58:54 +01:00
Manuel Pégourié-Gonnard
9efbf53f0e Declare incompatibility in new programs 
Existing example programs in this directory are already incompatible
with that option, so this is probably acceptable here too.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-17 11:57:44 +01:00
Ronald Cron
188ed19456
Merge pull request #5351 from yuhaoth/pr/remove-duplicate-supported_group_ext 
Remove duplicate function for writing supported_groups extension
 2022-01-17 09:13:14 +01:00
Andrzej Kurek
b9fbc11e2c Dynamically allocate iv in dec_empty_buf tests 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Andrzej Kurek
f2d4e275a8 Add a changelog entry for the ChaCha20 default behavior change 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Andrzej Kurek
8be8e4a524 Add a missing test case to ChaCha20 tests - decrypt empty buffer 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Andrzej Kurek
63439eda62 Return an error for IV lengths other than 12 with ChaCha20+Poly1305 
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Andrzej Kurek
33ca6af8a3 Return an error for IV lengths other than 12 with ChaCha20 
The implementation was silently overwriting the IV length to 12
even though the caller passed a different value.
Change the behavior to signal that a different length is not supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-14 16:31:54 +01:00
Manuel Pégourié-Gonnard
ecffd96910 Silence compiler warning in example program 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-14 13:23:54 +01:00
Manuel Pégourié-Gonnard
398d45985b Add example program psa/aead_cipher_psa 
This is meant to highlight similarities and differences in the APIs.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-14 12:48:13 +01:00
Manuel Pégourié-Gonnard
73839e02a7
Merge pull request #5353 from gstrauss/mbedtls_ssl_config_defaults-repeat 
Reset dhm_P and dhm_G if config call repeated; avoid memory leak
 2022-01-14 10:41:06 +01:00
Gilles Peskine
6bfe4e263b
Merge pull request #5272 from bensze01/psa_aead_setup_error 
PSA: Return the same error in multipart and single shot AEAD operations
 2022-01-13 21:16:20 +01:00
Bence Szépkúti
aa3a6e4ea7 Fix brace placement 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-01-13 16:26:03 +01:00
Bence Szépkúti
39fb9d170b Rename helper function to psa_aead_check_algorithm 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2022-01-13 14:33:45 +01:00
Jerry Yu
d491ea4f18 fix comment issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-13 16:15:25 +08:00
Glenn Strauss
8f52690956 Add accessors for ciphersuite info 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-01-13 00:05:48 -05:00
Gilles Peskine
dfc5c7117e
Merge pull request #5420 from yanesca/update_mailing_list_links 
Update mailing list links
 2022-01-12 16:46:52 +01:00
Gabor Mezei
bc5b6b9602
Add changelog entry 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-01-12 16:46:28 +01:00
Gabor Mezei
6e5aae63f8
Add tests for ticket_aead option 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-01-12 16:29:58 +01:00
Gabor Mezei
d4bea1efd5
Add ticket_aead option for ssl_server2 
The ticket_aead option allows to specify the session ticket protection.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-01-12 16:21:15 +01:00
Janos Follath
88addc4883 Update mailing list links 
The mailing list software has been updated and the links have changed.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-01-12 13:09:17 +00:00
Jerry Yu
b925f21806 fix comment issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-12 11:17:02 +08:00
Jerry Yu
f0fede56a6 minor performance improvement 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-12 10:57:47 +08:00
Jerry Yu
1510cea0f3 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-12 10:56:49 +08:00
Jerry Yu
3ad14ac9e9 Add named group IANA value check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 17:13:16 +08:00
Jerry Yu
f46b016058 skip some extensions if ephemeral not enabled 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 16:28:00 +08:00