mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-19 00:40:14 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,654 Commits 172 Branches 263 Tags
Commit Graph

30654 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Dave Rodgman
7f86d356b1 Improve PBKDF2 with CMAC perf by ~16% 
10x perf in cmac_multiply_by_u; 2% uplift in AES-CMAC benchmarks

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-06 11:17:16 +00:00
Moritz Fischer
967f8cde84 library: psa_crypto: Explicitly initialize shared_secret 
When building with -Og (specifically Zephyr with
CONFIG_DEBUG_OPTIMIZATIONS=y) one observes the following warning:

'shared_secret' may be used uninitialized [-Werror=maybe-uninitialized]

Fix this by zero initializing 'shared_secret' similar to the issue
addressed in commit 2fab5c960 ("Work around for GCC bug").

Signed-off-by: Moritz Fischer <moritzf@google.com>
 2024-03-05 22:32:32 +00:00
David Horstmann
714418f2dc
Merge pull request #1167 from gabor-mezei-arm/buffer_protection_for_cipher 
Buffer protection for cipher functions
 2024-03-05 18:42:48 +00:00
Ryan Everett
32a6458880 Add a warning to the definition of MBEDTLS_PSA_CRYPTO_SE_C 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-05 18:16:18 +00:00
Gilles Peskine
31403a4ca8
Merge pull request #8678 from daverodgman/quietbuild 
Make builds less verbose
 2024-03-05 18:04:16 +00:00
Gilles Peskine
71cc260563
Merge pull request #8728 from minosgalanakis/features/add_mbedtls_x509_crt_get_ca_istrue_accesor_6151 
[MBEDTLS_PRIVATE] Add mbedtls_x509_crt_get_ca_istrue() accesor
 2024-03-05 18:04:06 +00:00
Dave Rodgman
3c4166aef3
Merge pull request #8863 from minosgalanakis/feature/add_ecdh_context_5016 
[MBEDTLS_PRIVATE] Add a getter for the ECDH context->grp.id member.
 2024-03-05 16:58:13 +00:00
Minos Galanakis
581e63637a test_suite_x509parse: Added test-case for legacy certificate 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-05 14:39:23 +00:00
Paul Elliott
053b7886e5 Ensure drivers have threading enabled if required 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-05 14:27:23 +00:00
Ryan
6caf84f717 Explicitely remove the deprecated driver interface from the TSan config 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-05 14:10:08 +00:00
Ryan
0b14d1407d Document deprecated transaction system as non thread safe 
Not all of the writes to this field are protected by a mutex.
There is no also no protection in place to stop another thread from overwriting
the current transaction

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-05 14:06:02 +00:00
Ronald Cron
2e7dfd5181 tls13: Remove unnecessary cast from size_t to uint32_t 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-05 13:48:11 +01:00
Minos Galanakis
87b4f6d86c x509: Reworded documentation bits. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-05 11:05:51 +00:00
Gilles Peskine
d06244b813
Merge pull request #8821 from davidhorstmann-arm/fix-config-bitflag 
Update `SSL_SERIALIZED_SESSION_CONFIG_BITFLAG` with new flags
 2024-03-05 09:59:42 +00:00
Gilles Peskine
8462146d01
Merge pull request #8867 from gilles-peskine-arm/psa_key_attributes-remove_core 
Merge psa_core_key_attributes_t back into psa_key_attributes_t
 2024-03-05 09:59:24 +00:00
Gilles Peskine
634d60ce0a List ECDSA signature conversion functions 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 19:29:13 +01:00
Gilles Peskine
0612adc0f7 Document mbedtls_pk_setup_opaque and mbedtls_pk_copy_from_psa 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 19:29:13 +01:00
Gilles Peskine
9d04f0872f Document mbedtls_pk_import_into_psa 
Explain how to use mbedtls_pk_get_psa_attributes() and
mbedtls_pk_import_into_psa() to make a PSA key from a PK key.

Remove the discussion of how to do the same manually.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 19:29:11 +01:00
Gilles Peskine
492d4a8ef9 Mention psa_generate_key_ext() 
Replaces the recommendation to use mbedtls_rsa_gen_key() for RSA key
generation with a custom public exponent.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 19:28:19 +01:00
Dave Rodgman
a38fad9dad Adjust defaults 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-04 18:27:32 +00:00
Gilles Peskine
ddbe4ae901 Fix intended code blocks that were not suitably indented 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 18:30:09 +01:00
Gabor Mezei
1b5b58d4d9
Fix merge 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-03-04 17:15:08 +01:00
Gilles Peskine
4ba34c0d88 Update submodule after PR merge 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 17:13:48 +01:00
Gilles Peskine
48230e84cb In library, with make, only require the framework for generated files 
This way, `make lib` will work in the absence of the framework, as long as
generated files are present.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 17:12:59 +01:00
Gilles Peskine
f9bbe0de4c Show guidance if the framework is not found 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 17:12:59 +01:00
Gilles Peskine
0c3f0e998d Note the need to tell git to set up the submodule 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 17:12:59 +01:00
Gilles Peskine
de047b09fe Add docstrings to pacify pylint 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 17:12:59 +01:00
David Horstmann
8cbbc5f4e6 Tell ReadTheDocs to include framework submodule 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-04 17:12:59 +01:00
Gilles Peskine
2aa63ea48c Support Git submodules 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 17:12:59 +01:00
Gilles Peskine
1c13aa78c2 Framework submodule: fix the libtestdriver1 build 
`make -C tests libtestdriver1` copies `library/Makefile` to
`tests/libtestdriver1/library/Makefile`, where `../framework` does not point
to the framework submodule.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 17:12:59 +01:00
Gilles Peskine
456a54da8e Add framework submodule with makefiles 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 17:12:31 +01:00
Minos Galanakis
40d4708f17 ssl: Added session getter for ciphersuite_id. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 15:57:41 +00:00
Minos Galanakis
358b448d72 ssl_ciphersuite: Added getter methods for ciphersuite id. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 15:57:41 +00:00
Gábor Mezei
716cf2d4e0
Merge branch 'development-restricted' into buffer_protection_for_cipher 
Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>
 2024-03-04 15:38:05 +00:00
Minos Galanakis
2c8c364ac2 ssl: Added getter methods for session id and len. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 15:20:28 +00:00
Paul Elliott
634f4d6d7d
Merge pull request #8846 from gilles-peskine-arm/ecp-write-ext-3.6 
Introduce mbedtls_ecp_write_key_ext
 2024-03-04 14:56:55 +00:00
David Horstmann
2bb537ec61
Merge pull request #1172 from davidhorstmann-arm/generate-random-buffer-protection 
Add secure buffer copying to `psa_generate_random()`
 2024-03-04 13:23:46 +00:00
Ronald Cron
987cf898db ssl_helpers: Restore rng_seed incrementation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-04 10:24:27 +01:00
Gilles Peskine
fad79fcdd9 Merge remote-tracking branch 'development' into ecp-write-ext-3.6 
Conflicts:
* library/pk.c: mbedtls_pk_wrap_as_opaque() changed in the feature branch
  and was removed in the target branch.
 2024-03-04 08:52:08 +01:00
Minos Galanakis
79ee110446 Added changelog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 02:22:01 +00:00
Minos Galanakis
a83ada4eba tests: Added test for mbedtls_x509_crt_get_ca_istrue() 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 02:22:01 +00:00
Minos Galanakis
2abbac74dc x509: Added mbedtls_x509_crt_get_ca_istrue() API accessor. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 02:22:01 +00:00
Minos Galanakis
3cfdd73dfa Changelog: Added changelog for mbedtls_ecdh_get_grp_id. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-02 09:14:13 +00:00
Ronald Cron
e93cd1b580 tests: ssl: Free write/read test buffers 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 19:30:00 +01:00
Ronald Cron
7c07aab72e tests: write early data: Improve tls13_cli_max_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 19:07:40 +01:00
Ronald Cron
ae6f9a58a9 tests: write early data: Allocate buffer to write/read 
Allocate the buffer to write/read early data. That
way in ASan builds. buffer overwrite/overread can
be detected.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 19:07:34 +01:00
Valerio Setti
ada2ec3482 psa_crypto_stubs/changelog: fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-01 18:04:14 +01:00
Ronald Cron
aab4a546bf tests: Set the default conf then customize 
Set the default conf then customize, not the
other way around.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 17:09:22 +01:00
Ronald Cron
10b040fa6f tests: ssl_helpers: Rename rng_get to mbedtls_test_random 
mbedtls_test_ as the prefix for test APIs
_random like in mbedtls_ctr/hmac_drbg_random

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 17:00:38 +01:00
Manuel Pégourié-Gonnard
e33b349c90
Merge pull request #8864 from valeriosetti/issue8848 
Deprecate or remove mbedtls_pk_wrap_as_opaque
 2024-03-01 15:54:32 +00:00