mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 12:40:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,183 Commits 170 Branches 263 Tags
Commit Graph

30183 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ryan Everett
0a271fde76 Add key_destroyable parameter to mbedtls_test_psa_exercise_key 
This will allow us to use this smoke test to ensure that key slot content reads are
only performed when we are registered to read a full slot. We will destroy the key
on another thread while the key is being exercised, and fail the test if an unexpected
error code is hit. Future commits will incrementally implement this new parameter.

All current usages of this function have this parameter set to 0, in which case
the new behaviour must be the same as the old behaviour

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-12 17:01:09 +00:00
Ronald Cron
840de7ff2f tls13: cli: Rename STATUS_NOT_SENT to STATUS_NOT_INDICATED 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
fd4c0c8b3d tls13: cli: Fix comment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
aa3593141b tls13: cli: Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz 
Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
from ssl.h(public) to ssl_misc.h(private) even if
that means we cannot use the enum type for
early_data_state in ssl.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
894df384f4 tls13: cli: Re-order early data states 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
3641df2980 tls13: cli: Rename STATE_SENT to STATE_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
3c5a68339b tls13: cli: Rename STATE_NOT_SENT to STATE_NO_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
0c80dc1ed5 tls13: cli: Rename STATUS_NOT_SENT to STATUS_NO_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
05d7cfbd9c tls13: cli: Rename STATE_UNKNOWN to STATE_IDLE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
d2884662c1 tls13: cli: Split early data user status and internal state 
Do not use the return values of
mbedtls_ssl_get_early_data_status()
(MBEDTLS_SSL_EARLY_DATA_STATUS_ macros)
for the state of the negotiation and
transfer of early data during the
handshake.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:15 +01:00
Dave Rodgman
4faa34dc86 Fix gcc -O3 warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-12 16:34:43 +00:00
Ronald Cron
10797e3da1 ssl-opt.sh: Add O->m server version selection tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:16:05 +01:00
Ronald Cron
114c5f0321 ssl-opt.sh: Expand MbedTLS only version negotiation tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
dcfd00c128 ssl-opt.sh: Change MbedTLS only version negotiation tests 
Change description and dependencies before to
expand MbedTLS only version negotiation tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
fe18d8db76 ssl-opt.sh: Group MbedTLS only version negotiation tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
a1e7b6a66a ssl-opt.sh: Group cli ver nego tests against GnuTLS and OpenSSL 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:37 +01:00
Ronald Cron
dfad493e8b ssl-opt.sh: Expand G->m server version selection tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:46:35 +01:00
Ronald Cron
98bdcc4f29 ssl-opt.sh: Change G->m server version selection tests 
Change description and dependencies before
to expand G->m server version selection tests.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:45:27 +01:00
Ronald Cron
cd1370e8d8 ssl-opt.sh: Group G->m server version selection checks 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 16:44:37 +01:00
Paul Elliott
358165246b Protect PSA drivers_initialized with mutex 
Writes to this in psa_crypto_init() were again already covered.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-12 15:36:57 +00:00
Paul Elliott
8e15153637 Protect PSA global rng data with mutex. 
Reads and writes of rng_state in psa_crypto_init() and psa_crypto_free()
were already covered by mutex.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-12 15:36:57 +00:00
Paul Elliott
600472b443 Protect PSA global initialized flag with mutex. 
Unfortunately this requires holding the mutex for the entire
psa_crypto_init() function, as calling psa_crypto_free() from another
thread should block until init has ended, then run.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-12 15:36:57 +00:00
Paul Elliott
b8e38e0e27 Add new mutex for PSA global rng data 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-12 15:36:57 +00:00
Paul Elliott
077fd87748 Add new global mutex for PSA global_data 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-12 15:36:57 +00:00
Gilles Peskine
d6a710a397 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
0dc79a754d Fix and test pk_copy_from_psa with an unsupported algorithm 
Fix mbedtls_pk_copy_from_psa() and mbedtls_pk_copy_public_from_psa() to
still work when the algorithm in the key policy is not an RSA
algorithm (typically PSA_ALG_NONE). Add a dedicated test case and adjust the
test code. Fixes the test case "Copy from PSA: non-exportable -> public, RSA"
when MBEDTLS_PKCS1_V15 is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
17d5b6bda2 Test mbedtls_pk_copy_public_from_psa on non-exportable keys 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
bf69f2e682 New function mbedtls_pk_copy_public_from_psa 
Document and implement mbedtls_pk_copy_public_from_psa() to export the
public key of a PSA key into PK.

Unit-test it alongside mbedtls_pk_copy_from_psa().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:45 +01:00
Manuel Pégourié-Gonnard
d7e7f48323
Merge pull request #8774 from valeriosetti/issue8709 
Implement mbedtls_pk_copy_from_psa
 2024-03-12 13:45:27 +00:00
Dave Rodgman
235799bc23 Simplify locating original tool 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-12 13:33:09 +00:00
Dave Rodgman
294a3c2ccb Remove unnecessary use of export 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-12 13:32:36 +00:00
Ronald Cron
ec4ed8eae4
Merge pull request #8857 from ronald-cron-arm/tls13-cli-max-early-data-size 
TLS 1.3: Enforce max_early_data_size on client
 2024-03-12 13:31:20 +00:00
Dave Rodgman
e0ffb1d2e9
Merge pull request #8908 from daverodgman/cmac-perf 
CMAC size and perf
 2024-03-12 13:17:00 +00:00
Dave Rodgman
a7f3c4e1d0
Merge pull request #8822 from daverodgman/sha3-perf 
SHA-3 performance & code size
 2024-03-12 13:14:40 +00:00
Gilles Peskine
e4220fef2f MBEDTLS_USE_PSA_CRYPTO: most pk bridge functions don't require it 
mbedtls_setup_pk_opaque does require it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 13:03:12 +01:00
Gilles Peskine
0cff1116f7 Remind the reader that PK doesn't support DH 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 13:02:58 +01:00
Gilles Peskine
7caf2dc964 Discuss mbedtls_pk_copy_public_from_psa 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 13:02:45 +01:00
Gilles Peskine
b5b185b482
Merge pull request #8850 from billatarm/fix-pc-files 
project: set version
 2024-03-12 11:30:27 +00:00
Manuel Pégourié-Gonnard
fe164aecfc
Merge pull request #8887 from gilles-peskine-arm/pk_import_into_psa-fix_doxygen_code_blocks 
Fix intended code blocks that were not suitably indented
 2024-03-12 11:27:45 +00:00
Valerio Setti
6fbde6e242 test_suite_pk: revert erroneous missing initialization of PSA key IDs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-12 11:00:39 +01:00
Manuel Pégourié-Gonnard
1c191c1317
Merge pull request #8917 from gilles-peskine-arm/mbedtls_pk_decrypt-USE_PSA_CRYPTO-changelog-correction 
mbedtls_pk_decrypt/encrypt actually check the padding mode
 2024-03-12 07:53:54 +00:00
Valerio Setti
8b3c6fffa7 test_suite_pk: add comment for pk_copy_from_psa_builtin_fail 
Explain why this kind of test is possible for RSA keys, while
it is not possible for EC ones.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-12 06:05:03 +01:00
Valerio Setti
d286491ed7 changelog: fix text 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-12 05:11:09 +01:00
Gilles Peskine
88c2755a30 mbedtls_pk_decrypt/encrypt actually check the padding mode 
The sign/verify functions happily use the wrong algorithm, but the
encrypt/decrypt functions error out if the padding mode specifies V21.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-11 18:49:54 +01:00
Dave Rodgman
66ebde46df
Merge pull request #8916 from daverodgman/iar-bignum-fix 
Fix IAR warning
 2024-03-11 17:43:43 +00:00
Dave Rodgman
d282e264cd Fix IAR warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-11 15:28:48 +00:00
Janos Follath
43edc75e31
Merge pull request #8882 from Ryan-Everett-arm/threading-key-tests 
Test multi-threaded key generation
 2024-03-11 15:07:48 +00:00
Dave Rodgman
9cc01ccbf8
Merge pull request #8831 from yanesca/switch_to_new_exp 
Use mpi_core_exp_mod in bignum
 2024-03-11 13:40:46 +00:00
Paul Elliott
a09b01b5a8
Merge pull request #8912 from Ryan-Everett-arm/double-destroy-key-bugfix 
Fix threading bug when multiple destroy_key calls run on the same key
 2024-03-11 12:04:04 +00:00
Janos Follath
23dc8b5fd8
Fix code style 
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-03-11 10:39:57 +00:00