mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-29 13:20:21 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,408 Commits 172 Branches 267 Tags
Commit Graph

31408 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gabor Mezei
8b54f0e7e8
Apply the parameter change 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:59 +02:00
Gabor Mezei
d72c9f9401
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:59 +02:00
Gabor Mezei
2285ed8282
Update member variable names 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:59 +02:00
Gabor Mezei
3ae480ba7d
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:58 +02:00
Gabor Mezei
634103c9f9
Update config.py to use config_common.py from the framework 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:58 +02:00
Gilles Peskine
83af88306d Document the C compiler requirement 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-18 14:17:14 +02:00
Gilles Peskine
605bc16e67 Make the file a bit more readable 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-18 14:17:13 +02:00
Elena Uziunaite
6a229f926e Remove some dependencies 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-17 16:06:18 +01:00
Elena Uziunaite
db0ed75c0f Add PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-17 15:45:19 +01:00
Elena Uziunaite
47a9b3d5a5 Replace MBEDTLS_PK_CAN_ECDSA_SOME with MBEDTLS_PK_CAN_ECDSA_SIGN 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-16 14:25:38 +01:00
Elena Uziunaite
fbab4f88dc Add missing ALG_SHA_1 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-16 12:34:11 +01:00
Gilles Peskine
ab84fe8052 opt-testcases/*.sh are not executable 
The *.sh files in opt-testcases cannot be executed directly: they can only
be sourced by ssl-opt.sh. So don't make them executable and don't give them
a shebang line.

Also make sure that the first paragraph of each file is a short description.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 16:30:57 +02:00
Gilles Peskine
26fc0390c9
Merge pull request #9498 from minosgalanakis/bugfix/return_early_in_ccm_star_bp36 
[Backport 3.6] ccm.c: Return early when ccm* is used without tag.
 2024-09-13 09:35:12 +00:00
Gilles Peskine
78b1362b42
Merge pull request #9546 from gilles-peskine-arm/ssl-opt-psk-detection-3.6 
[3.6] ssl-opt: improve PSK mode detection
 2024-09-13 09:35:07 +00:00
Gilles Peskine
cfbaffdfcc requires_certificate_authentication: prioritize TLS 1.3 
When checking whether the build supports certificate authentication, check
the key exchange modes enabled in the default protocol version. This is TLS
1.3 when it's enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
d57212ee9e Documentation improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
19c60d262b Fix detection of TLS 1.2 PSK-ephemeral key exchange modes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
5838a64bff Improve some comments 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
4c1347c1e8 Remove unused auth_mode parameter on a PSK test case 
It was causing the test case to be incorrectly skipped as needing
certificate authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
07e24e9ac3 Fix weirdly quoted invocations of requires_any_configs_enabled 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
d98b363bec Also activate PSK-only mode when PSK-ephemeral key exchanges are available 
The point of PSK-only mode is to transform certificate-based command lines
into PSK-based command lines, when the certificates are not relevant to what
is being tested. So it makes sense to do that in with PSK-ephemeral key
exchanges too.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
0a9f9d6f4f Unify the two requires-key-exchange-with-certificate function 
requires_certificate_authentication was called in more places, but did not
do fine-grained analysis of key exchanges and so gave the wrong results in
some builds.

requires_key_exchange_with_cert_in_tls12_or_tls13_enabled gave the correct
result but was only used in some test cases, not in the automatic detection
code.

Remove all uses of requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
because they are in fact covered by automated detection that calls
requires_certificate_authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
bbdc1a3575 Detect PSK-only mode in TLS 1.3 as well 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
5c766dcb01 Fix PSK-only mode doing less than it should 
Don't add a certificate requirement when PSK is enabled.

Do command line requirement detection after the injection of PSK into the
command line in PSK-only mode. Otherwise certificate requirements would be
added even in PSK-only mode.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
6eff90f2ba Detect more cases where certificates are required 
When requiring a cryptographic mechanism for the sake of certificate
authentication, also require that certificate authentication is enabled.

Setting auth_mode explicitly means that we're testing something related to
how certificate-based authentication is handled, so require a key exchange
with certificate-based authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
9cd5848757 ssl-opt: Fix GnuTLS PSK injection 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:03 +02:00
Gilles Peskine
0bc572961f Use CONFIGS_ENABLED instead of repeatedly calling query_compile_time_config 
It's faster and more readable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:48:52 +02:00
Gilles Peskine
ed8cc46d42 Fix "Renegotiation: openssl server, client-initiated" with OpenSSL 3 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:48:52 +02:00
Ronald Cron
4012b5d4a3
Merge pull request #9553 from ronald-cron-arm/project-and-branches-detection-3.6 
3.6: Projects and 3.6 branch detections
 2024-09-12 11:06:08 +00:00
Paul Elliott
d3d586bf5f
Merge pull request #9174 from billatarm/3.6-add-pc-test 
[BACKPORT 3.6] tests: add a test for pkg-config files
 2024-09-11 21:14:29 +00:00
Bill Roberts
3cc48e4de7
tests: add a test for pkg-config files 
Add a test that does some basic validation of the pkg-config files.

Example run:
./tests/scripts/all.sh test_cmake_as_package
<snip>
******************************************************************
* test_cmake_as_package: build: cmake 'as-package' build
* Wed Sep 11 16:22:09 UTC 2024
******************************************************************
cmake .
make
Built against Mbed TLS 3.6.1
testing package config file: mbedtls ... passed
testing package config file: mbedx509 ... passed
testing package config file: mbedcrypto ... passed
make clean

Signed-off-by: Bill Roberts <bill.roberts@arm.com>
 2024-09-11 09:24:20 -07:00
Ronald Cron
ceaee10539 Update framework to the merge of #45 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-09-11 14:53:34 +02:00
Ronald Cron
30916874c5 Update framework 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-09-11 09:42:12 +02:00
Manuel Pégourié-Gonnard
a0465779c9 Clarify summary of PSA limitations 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-10 11:01:57 +02:00
Manuel Pégourié-Gonnard
4975232436 Misc minor clarifications in transition-guards.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-10 10:58:51 +02:00
Manuel Pégourié-Gonnard
b50b6387d5 Clarify a comment in all.sh 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-10 10:58:50 +02:00
Manuel Pégourié-Gonnard
3342e80010 Fix some typos & markdown 
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <mpg@elzevir.fr>
 2024-09-10 10:58:49 +02:00
Manuel Pégourié-Gonnard
4837f726d1 Add links and missing ) 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-10 10:58:48 +02:00
Manuel Pégourié-Gonnard
32bdf19a01 Minor updates in doc/comments/debug 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-10 10:58:47 +02:00
Manuel Pégourié-Gonnard
06adca465b Add transition-guards.md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-10 10:58:46 +02:00
Manuel Pégourié-Gonnard
7237563d4b Update psa-migration/strategy.md 
Just reflecting recent/on-going work.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-10 10:58:45 +02:00
Manuel Pégourié-Gonnard
42a1453d14 Update psa-limitations.md and add summary 
Just reflecting recent/on-going work.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-10 10:58:44 +02:00
Manuel Pégourié-Gonnard
8cd0dfaa32
Merge pull request #9537 from mpg/tickets13-followup 
[3.6] Follow-up to 9507 Disable new session tickets at runtime
 2024-09-10 07:05:29 +00:00
Manuel Pégourié-Gonnard
f59d7b9292
Merge pull request #9493 from yanesca/rsapub_additional_tests 
[3.6] Rsapub additional tests
 2024-09-09 09:36:33 +00:00
Manuel Pégourié-Gonnard
aa80f5380c Use libary default in ssl_client2 for new_session_tickets 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-06 10:06:38 +02:00
Gilles Peskine
d210bf73b2
Merge pull request #9338 from sezrab/analyze_driver_vs_reference_header_correction-3.6 
Backport 3.6:  Fix inconsistent ordering of driver vs reference in analyze_outcomes
 2024-09-05 16:36:02 +00:00
Manuel Pégourié-Gonnard
1116de3ca1 Add guard on internal 1.2-only function 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-04 10:56:08 +02:00
Manuel Pégourié-Gonnard
15fa9ceedd Misc improvements to comments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-03 10:10:18 +02:00
Manuel Pégourié-Gonnard
33a2918a48
Merge pull request #9390 from eleuzi01/backport-9327 
[Backport 3.6] Remove hacks about asm vs constant-flow testing
 2024-09-03 07:37:07 +00:00
Elena Uziunaite
6496d56329 Make error line consistent with the header 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-02 15:34:02 +01:00