mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-22 00:40:41 +00:00

Author	SHA1	Message	Date
Ronald Cron	840de7ff2f	tls13: cli: Rename STATUS_NOT_SENT to STATUS_NOT_INDICATED Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	fd4c0c8b3d	tls13: cli: Fix comment Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	aa3593141b	tls13: cli: Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz from ssl.h(public) to ssl_misc.h(private) even if that means we cannot use the enum type for early_data_state in ssl.h. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	894df384f4	tls13: cli: Re-order early data states Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	3641df2980	tls13: cli: Rename STATE_SENT to STATE_IND_SENT Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	3c5a68339b	tls13: cli: Rename STATE_NOT_SENT to STATE_NO_IND_SENT Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	0c80dc1ed5	tls13: cli: Rename STATUS_NOT_SENT to STATUS_NO_IND_SENT Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	05d7cfbd9c	tls13: cli: Rename STATE_UNKNOWN to STATE_IDLE Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	d2884662c1	tls13: cli: Split early data user status and internal state Do not use the return values of mbedtls_ssl_get_early_data_status() (MBEDTLS_SSL_EARLY_DATA_STATUS_ macros) for the state of the negotiation and transfer of early data during the handshake. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:15 +01:00
David Horstmann	1d3276da65	Reword ChangeLog entry for shared memory work Specifically: * Clarify that passing shared buffers is now secure by default (not newly supported) * Remove spurious hyphen * Clarify that we do not guarantee copying, but rather guarantee protection, allowing us to implement this differently in future if required. * Mention both protection of inputs from modification and outputs from exposure of intermediate results. * Invert the config option, from an enable-option to a disable-option. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-12 16:47:46 +00:00
Dave Rodgman	4faa34dc86	Fix gcc -O3 warnings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-12 16:34:43 +00:00
Thomas Daubney	692fb3c11c	Fix missing semicolon Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-03-12 16:20:41 +00:00
Ronald Cron	10797e3da1	ssl-opt.sh: Add O->m server version selection tests Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:16:05 +01:00
David Horstmann	c2ac51e0c6	Fix removed space in merge resolution This space was mysteriously removed during the merge, restore it here. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-12 16:09:58 +00:00
David Horstmann	db90914232	Change goto exit into direct return Fix errors in merge conflict resolution - change psa_generate_random_internal() to return directly rather than jumping to an exit label and restore the variable psa_status_t status. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-12 16:07:08 +00:00
Ronald Cron	114c5f0321	ssl-opt.sh: Expand MbedTLS only version negotiation tests Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 16:46:37 +01:00
Ronald Cron	dcfd00c128	ssl-opt.sh: Change MbedTLS only version negotiation tests Change description and dependencies before to expand MbedTLS only version negotiation tests. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 16:46:37 +01:00
Ronald Cron	fe18d8db76	ssl-opt.sh: Group MbedTLS only version negotiation tests Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 16:46:37 +01:00
Ronald Cron	a1e7b6a66a	ssl-opt.sh: Group cli ver nego tests against GnuTLS and OpenSSL Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 16:46:37 +01:00
Ronald Cron	dfad493e8b	ssl-opt.sh: Expand G->m server version selection tests Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 16:46:35 +01:00
Ronald Cron	98bdcc4f29	ssl-opt.sh: Change G->m server version selection tests Change description and dependencies before to expand G->m server version selection tests. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 16:45:27 +01:00
Ronald Cron	cd1370e8d8	ssl-opt.sh: Group G->m server version selection checks Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 16:44:37 +01:00
Paul Elliott	358165246b	Protect PSA drivers_initialized with mutex Writes to this in psa_crypto_init() were again already covered. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-12 15:36:57 +00:00
Paul Elliott	8e15153637	Protect PSA global rng data with mutex. Reads and writes of rng_state in psa_crypto_init() and psa_crypto_free() were already covered by mutex. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-12 15:36:57 +00:00
Paul Elliott	600472b443	Protect PSA global initialized flag with mutex. Unfortunately this requires holding the mutex for the entire psa_crypto_init() function, as calling psa_crypto_free() from another thread should block until init has ended, then run. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-12 15:36:57 +00:00
Paul Elliott	b8e38e0e27	Add new mutex for PSA global rng data Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-12 15:36:57 +00:00
Paul Elliott	077fd87748	Add new global mutex for PSA global_data Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-12 15:36:57 +00:00
David Horstmann	93fa4e1b87	Merge branch 'development' into buffer-sharing-merge	2024-03-12 15:05:06 +00:00
David Horstmann	3232842d63	Merge pull request #1188 from davidhorstmann-arm/interruptible-sign-hash-buffer-protection Add buffer protection for interruptible sign/verify	2024-03-12 14:47:00 +00:00
Gilles Peskine	d6a710a397	Fix copypasta Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 15:06:47 +01:00
Gilles Peskine	0dc79a754d	Fix and test pk_copy_from_psa with an unsupported algorithm Fix mbedtls_pk_copy_from_psa() and mbedtls_pk_copy_public_from_psa() to still work when the algorithm in the key policy is not an RSA algorithm (typically PSA_ALG_NONE). Add a dedicated test case and adjust the test code. Fixes the test case "Copy from PSA: non-exportable -> public, RSA" when MBEDTLS_PKCS1_V15 is disabled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 15:06:47 +01:00
Gilles Peskine	17d5b6bda2	Test mbedtls_pk_copy_public_from_psa on non-exportable keys Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 15:06:47 +01:00
Gilles Peskine	bf69f2e682	New function mbedtls_pk_copy_public_from_psa Document and implement mbedtls_pk_copy_public_from_psa() to export the public key of a PSA key into PK. Unit-test it alongside mbedtls_pk_copy_from_psa(). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 15:06:45 +01:00
Manuel Pégourié-Gonnard	d7e7f48323	Merge pull request #8774 from valeriosetti/issue8709 Implement mbedtls_pk_copy_from_psa	2024-03-12 13:45:27 +00:00
Dave Rodgman	235799bc23	Simplify locating original tool Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-12 13:33:09 +00:00
Dave Rodgman	294a3c2ccb	Remove unnecessary use of export Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-12 13:32:36 +00:00
Ronald Cron	ec4ed8eae4	Merge pull request #8857 from ronald-cron-arm/tls13-cli-max-early-data-size TLS 1.3: Enforce max_early_data_size on client	2024-03-12 13:31:20 +00:00
Dave Rodgman	e0ffb1d2e9	Merge pull request #8908 from daverodgman/cmac-perf CMAC size and perf	2024-03-12 13:17:00 +00:00
Dave Rodgman	a7f3c4e1d0	Merge pull request #8822 from daverodgman/sha3-perf SHA-3 performance & code size	2024-03-12 13:14:40 +00:00
Gilles Peskine	e4220fef2f	MBEDTLS_USE_PSA_CRYPTO: most pk bridge functions don't require it mbedtls_setup_pk_opaque does require it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 13:03:12 +01:00
Gilles Peskine	0cff1116f7	Remind the reader that PK doesn't support DH Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 13:02:58 +01:00
Gilles Peskine	7caf2dc964	Discuss mbedtls_pk_copy_public_from_psa Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 13:02:45 +01:00
Gilles Peskine	b5b185b482	Merge pull request #8850 from billatarm/fix-pc-files project: set version	2024-03-12 11:30:27 +00:00
Manuel Pégourié-Gonnard	fe164aecfc	Merge pull request #8887 from gilles-peskine-arm/pk_import_into_psa-fix_doxygen_code_blocks Fix intended code blocks that were not suitably indented	2024-03-12 11:27:45 +00:00
Valerio Setti	6fbde6e242	test_suite_pk: revert erroneous missing initialization of PSA key IDs Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-12 11:00:39 +01:00
Manuel Pégourié-Gonnard	1c191c1317	Merge pull request #8917 from gilles-peskine-arm/mbedtls_pk_decrypt-USE_PSA_CRYPTO-changelog-correction mbedtls_pk_decrypt/encrypt actually check the padding mode	2024-03-12 07:53:54 +00:00
Valerio Setti	8b3c6fffa7	test_suite_pk: add comment for pk_copy_from_psa_builtin_fail Explain why this kind of test is possible for RSA keys, while it is not possible for EC ones. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-12 06:05:03 +01:00
Valerio Setti	d286491ed7	changelog: fix text Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-12 05:11:09 +01:00
Gilles Peskine	88c2755a30	mbedtls_pk_decrypt/encrypt actually check the padding mode The sign/verify functions happily use the wrong algorithm, but the encrypt/decrypt functions error out if the padding mode specifies V21. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-11 18:49:54 +01:00
Dave Rodgman	66ebde46df	Merge pull request #8916 from daverodgman/iar-bignum-fix Fix IAR warning	2024-03-11 17:43:43 +00:00

... 3 4 5 6 7 ...

30609 Commits