mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-03 20:54:00 +00:00

Author	SHA1	Message	Date
Dave Rodgman	0fddf829d5	Add more detailed comment Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-02 15:32:12 +00:00
Gilles Peskine	57897b8d6a	Merge pull request #6493 from AndrzejKurek/pymod Use `config.py` as a module in `depends.py`	2023-03-02 15:38:47 +01:00
Gilles Peskine	6def41b146	Merge pull request #6932 from yuhaoth/pr/fix-arm64-host-build-and-illegal_instrucion-fail Replace CPU modifier check with file scope target cpu modifiers	2023-03-02 15:36:41 +01:00
Dave Rodgman	528bfa640c	Whitespace fix Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-02 13:54:43 +00:00
Dave Rodgman	1c232a8311	Enable -Werror for armclang Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-02 13:39:04 +00:00
Dave Rodgman	2f386c55ff	Disable MBEDTLS_SHA256_USE_A64_CRYPTO_IF_PRESENT for armclang Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-02 13:38:33 +00:00
Gilles Peskine	5b7e1644a7	Document the need to call psa_crypto_init() with USE_PSA_CRYPTO When MBEDTLS_USE_PSA_CRYPTO is enabled, the application must call psa_crypto_init() before directly or indirectly calling cipher or PK code that will use PSA under the hood. Document this explicitly for some functions. To avoid clutter, this commit only documents the need to call psa_crypto_init() in common, non-obvious cases: parsing a public key directly or via X.509, or setting up an SSL context. Functions that are normally only called after such a function (for example, using an already constructed PK object), or where the need for PSA is obvious because they take a key ID as argument, do not need more explicit documentaion. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 20:10:29 +01:00
Gilles Peskine	a8d7e438e6	Move non-boolean config options to the proper section Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 20:10:20 +01:00
Gilles Peskine	8c2830a06a	Document what "TLS 1.3 depends on PSA" entails Explicitly document that when using TLS 1.3, you must initialize PSA crypto before starting a handshake. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 20:06:35 +01:00
Gilles Peskine	cc29bfd92a	Bug fixes from the split of ssl_handle_hs_message_post_handshake The split of ssl_handle_hs_message_post_handshake() into ssl_tls12_handle_hs_message_post_handshake() and ssl_tls13_handle_hs_message_post_handshake() fixed some user-visible bugs. Add a changelog entry for those bugs. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 19:49:58 +01:00
Gilles Peskine	136d25c416	Explicitly disable all DTLS options in tls13-only.h This makes no difference when starting from the default configuration. It allows tls13-only.h to be used with other base configurations such as `full`. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 19:49:58 +01:00
Gilles Peskine	7d3186d18a	Disable MBEDTLS_SSL_RENEGOTIATION in tls13-only configuration There's no renegotiation in TLS 1.3, so this option should have no effect. Insist on having it disabled, to avoid the risk of accidentally having different behavior in TLS 1.3 if the option is enabled (as happened in https://github.com/Mbed-TLS/mbedtls/issues/6200). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 19:47:23 +01:00
Dave Rodgman	f4385faa6f	Merge pull request #7188 from paul-elliott-arm/interruptible_sign_hash_complete_after_start_fail Interruptible {sign\|verify} hash - Call complete() after start() failure.	2023-03-01 17:18:08 +00:00
Gabor Mezei	aeadc2d731	Apply naming convention Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-03-01 16:53:03 +01:00
Gabor Mezei	931fd646ff	Use lower case hex number Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-03-01 16:50:00 +01:00
Dave Rodgman	6d6a720603	Protect against possible macro redefinition warning Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-01 15:09:40 +00:00
Paul Elliott	42585f678b	Merge pull request #7176 from paul-elliott-arm/interruptible_sign_hash_verify_test_improvements Interruptible {sign\|verify} hash verification test improvements	2023-03-01 15:00:45 +00:00
Paul Elliott	ebf2e38662	Merge pull request #7177 from paul-elliott-arm/interruptible_sign_hash_improve_num_ops_testing Interruptible sign hash improve num ops testing	2023-03-01 14:59:44 +00:00
Paul Elliott	de7c31e082	Improve comment wording Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-01 14:43:52 +00:00
Paul Elliott	d1cddff71a	Merge pull request #7189 from daverodgman/armcc-fix Fix macro redefinition warning from armclang	2023-03-01 11:59:26 +00:00
Przemek Stekiel	f5dcb8886a	Rework pake input getters tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-03-01 12:28:21 +01:00
Gilles Peskine	1eae11565d	Merge pull request #6949 from bensze01/replace_pkcs7_fuzzer_tests Replace fuzzer-generated PKCS #7 memory management tests	2023-03-01 10:46:22 +01:00
Gilles Peskine	802ff1b116	Merge pull request #7147 from paul-elliott-arm/interruptible_sign_hash_codestyle_drivers Remove driver entry points for psa_{get\|set}_max_ops()	2023-03-01 10:46:09 +01:00
Dave Rodgman	914c632646	Whitespace Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-03-01 09:30:14 +00:00
Pengyu Lv	c6298ad46a	Use parentheses to avoid executing the output Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-03-01 10:31:29 +08:00
Pengyu Lv	c2b1864ceb	Revert "Check if the license server is available for armcc" This reverts commit 55c4fa4f41b0e063d214e60475372696f0fc8173. After discussion, We decided not to check the availability of the license server for the impacts on CI and user usages. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-03-01 10:25:08 +08:00
Gabor Mezei	620f0dc850	Fix for 32-bit Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-28 18:42:33 +01:00
Gabor Mezei	08a94953e1	Apply naming convention for p224 Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-28 18:40:57 +01:00
Dave Rodgman	e47899df20	Fix macro redefinition warning from armcc Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-28 17:39:03 +00:00
Paul Elliott	7c17308253	Add num_ops tests to sign and verify interruptible hash This is the only test usable for non-deterministic ECDSA, thus needs this code path testing as well. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:23:29 +00:00
Paul Elliott	8359c14c14	Add hash corruption test to interruptible verify test Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:23:29 +00:00
Paul Elliott	c1e0400bac	Add test to check not calling get_num_ops() Make sure that not calling get_num_ops() inbetweeen calls to complete() does not mean that ops get lost (Regression test for previous fix). Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:20:14 +00:00
Paul Elliott	9e8819f356	Move 'change max_ops' test into ops tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:20:14 +00:00
Paul Elliott	5770224ef3	Rename max ops tests to ops tests Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:20:14 +00:00
Gilles Peskine	7e677fa2c5	Merge pull request #6389 from gilles-peskine-arm/ecdsa-use-psa-without-pkwrite Remove pkwrite dependency in pk using PSA for ECDSA	2023-02-28 18:17:16 +01:00
Gilles Peskine	b52b788e55	Merge pull request #6895 from yuhaoth/pr/add-aes-with-armv8-crypto-extension Add AES with armv8 crypto extension	2023-02-28 18:16:37 +01:00
Paul Elliott	587e780812	Test calling complete() after {sign\|verify}_hash_start fails Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-28 17:13:39 +00:00
Gilles Peskine	e4616830b3	Merge pull request #7137 from lpy4105/issue/1785/ssl-test-script-fail compat.sh: Skip static ECDH cases if unsupported in openssl	2023-02-28 18:11:39 +01:00
Dave Rodgman	17152df58d	Merge pull request #7175 from paul-elliott-arm/interruptible_sign_hash_test_comments Interruptible sign hash test comments	2023-02-28 17:09:43 +00:00
Gilles Peskine	ebb63420cc	Merge pull request #7124 from oberon-microsystems/fix-test-output-length-on-success-only Fix test to check output length on PSA_SUCCESS only	2023-02-28 18:09:33 +01:00
Bence Szépkúti	35d674a6ee	Replace usage of echo -e in pkcs7 data Makefile This use of the shell builtin is not portable. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-28 17:01:21 +01:00
Dave Rodgman	ffb4dc38c8	Merge pull request #7183 from paul-elliott-arm/interruptible_sign_hash_test_max_ops_0 Interruptible {sign\|verify} hash : Change max_ops=min tests to use a value of zero.	2023-02-28 15:56:01 +00:00
Bence Szépkúti	4a2fff6369	Fix expected error code This was overlooked during the rebase. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2023-02-28 16:40:27 +01:00
Paul Elliott	6a459f5de5	Merge pull request #7143 from paul-elliott-arm/interruptible_sign_hash_codestyle_wipeout Update psa_wipe_output_buffer() and change name to psa_wipe_tag_output_buffer()	2023-02-28 15:34:06 +00:00
Paul Elliott	148903ca7d	Merge pull request #7185 from paul-elliott-arm/interruptible_sign_hash_pacify_clang Interruptible {sign\|verify} hash - Pacify Clang 15	2023-02-28 15:31:15 +00:00
Jerry Yu	608e1093de	Improve comment about conflicts between aesce and sha512-crypto Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-28 12:50:00 +08:00
Paul Elliott	15d7d43904	Pacify Clang 15 Changes for interruptible {sign\|verify} hash were not merged at the time of the previous clang 15 /retval fixes, thus this fixes code added at that time. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-27 17:25:57 +00:00
Dave Rodgman	dd4427cc5b	Merge pull request #7169 from AndrzejKurek/mpi-window-size Reduce the default MBEDTLS_ECP_WINDOW_SIZE value from 6 to 2	2023-02-27 17:12:38 +00:00
Gabor Mezei	5afb80e00a	Fix coding style issues Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-27 17:00:34 +01:00
Gabor Mezei	804cfd32ea	Follow the naming convention Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2023-02-27 16:50:09 +01:00

... 3 4 5 6 7 ...

24014 Commits