mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 03:40:04 +00:00

Author	SHA1	Message	Date
Moritz Fischer	967f8cde84	library: psa_crypto: Explicitly initialize shared_secret When building with -Og (specifically Zephyr with CONFIG_DEBUG_OPTIMIZATIONS=y) one observes the following warning: 'shared_secret' may be used uninitialized [-Werror=maybe-uninitialized] Fix this by zero initializing 'shared_secret' similar to the issue addressed in commit 2fab5c960 ("Work around for GCC bug"). Signed-off-by: Moritz Fischer <moritzf@google.com>	2024-03-05 22:32:32 +00:00
Gilles Peskine	71cc260563	Merge pull request #8728 from minosgalanakis/features/add_mbedtls_x509_crt_get_ca_istrue_accesor_6151 [MBEDTLS_PRIVATE] Add mbedtls_x509_crt_get_ca_istrue() accesor	2024-03-05 18:04:06 +00:00
Dave Rodgman	3c4166aef3	Merge pull request #8863 from minosgalanakis/feature/add_ecdh_context_5016 [MBEDTLS_PRIVATE] Add a getter for the ECDH context->grp.id member.	2024-03-05 16:58:13 +00:00
Ryan	0b14d1407d	Document deprecated transaction system as non thread safe Not all of the writes to this field are protected by a mutex. There is no also no protection in place to stop another thread from overwriting the current transaction Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-05 14:06:02 +00:00
Ronald Cron	2e7dfd5181	tls13: Remove unnecessary cast from size_t to uint32_t Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-05 13:48:11 +01:00
Gilles Peskine	d06244b813	Merge pull request #8821 from davidhorstmann-arm/fix-config-bitflag Update `SSL_SERIALIZED_SESSION_CONFIG_BITFLAG` with new flags	2024-03-05 09:59:42 +00:00
Gilles Peskine	8462146d01	Merge pull request #8867 from gilles-peskine-arm/psa_key_attributes-remove_core Merge psa_core_key_attributes_t back into psa_key_attributes_t	2024-03-05 09:59:24 +00:00
Dave Rodgman	a38fad9dad	Adjust defaults Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-04 18:27:32 +00:00
Gabor Mezei	1b5b58d4d9	Fix merge Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-03-04 17:15:08 +01:00
Gilles Peskine	48230e84cb	In library, with make, only require the framework for generated files This way, `make lib` will work in the absence of the framework, as long as generated files are present. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-04 17:12:59 +01:00
Gilles Peskine	f9bbe0de4c	Show guidance if the framework is not found Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-04 17:12:59 +01:00
Gilles Peskine	1c13aa78c2	Framework submodule: fix the libtestdriver1 build `make -C tests libtestdriver1` copies `library/Makefile` to `tests/libtestdriver1/library/Makefile`, where `../framework` does not point to the framework submodule. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-04 17:12:59 +01:00
Gábor Mezei	716cf2d4e0	Merge branch 'development-restricted' into buffer_protection_for_cipher Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>	2024-03-04 15:38:05 +00:00
Gilles Peskine	fad79fcdd9	Merge remote-tracking branch 'development' into ecp-write-ext-3.6 Conflicts: * library/pk.c: mbedtls_pk_wrap_as_opaque() changed in the feature branch and was removed in the target branch.	2024-03-04 08:52:08 +01:00
Minos Galanakis	2abbac74dc	x509: Added `mbedtls_x509_crt_get_ca_istrue()` API accessor. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-04 02:22:01 +00:00
Manuel Pégourié-Gonnard	e33b349c90	Merge pull request #8864 from valeriosetti/issue8848 Deprecate or remove mbedtls_pk_wrap_as_opaque	2024-03-01 15:54:32 +00:00
Dave Rodgman	8a4df2293a	Adjust default unroll settings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-01 15:12:59 +00:00
Ronald Cron	5dbfcceb81	tls13: cli: Fix error code not checked Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:15:30 +01:00
Ronald Cron	de9b03dcba	tls13: Rename early_data_count to total_early_data_size Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:14:17 +01:00
Ronald Cron	62f971aa60	tls13: cli: Enforce maximum size of early data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:10:22 +01:00
Ronald Cron	a4f0a71a01	ssl: Add early_data_count field Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:10:22 +01:00
David Horstmann	71fa1a94e7	Fix code style Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-01 12:32:18 +00:00
David Horstmann	76ba26a542	Fixup: add peer_cert_digest_type to comment Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-01 12:03:35 +00:00
David Horstmann	f686f1dc17	Fix naming inconsistencies in config bits Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-01 11:20:32 +00:00
Ronald Cron	19bfe0a631	tls13: Rename early_data_count to total_early_data_size Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	70eab45ba6	tls13: generic: Fix log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	01d273d31f	Enforce maximum size of early data in case of HRR Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	919e596c05	Enforce maximum size of early data when rejected Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	8571804382	tls13: srv: Enforce maximum size of early data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:09 +01:00
Ronald Cron	c286519747	tls13: srv: Do not forget to include max_early_data_size in the ticket Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:03:51 +01:00
Ronald Cron	26a9811027	ssl: Add early_data_count field Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:03:51 +01:00
David Horstmann	531aca2810	Fix missing fields in ssl session struct comment The endpoint and version were factorized out into the main session. Update the session struct comment to reflect these new fields, as was previously missed. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 18:14:28 +00:00
David Horstmann	cb01b361e1	Move session descriptions into a single comment Describe the TLS 1.2, TLS 1.3 and full session structs in the same place for ease of reference. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 18:10:13 +00:00
David Horstmann	80a9668762	Add config guards to session struct comments This shows which fields of the session are dependent on which config options. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 18:00:32 +00:00
David Horstmann	e59f970f28	Move session functions to same part of file Ensure that session save and load functions are not scattered throughout ssl_tls.c but are in the same part of the file. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 17:50:44 +00:00
David Horstmann	92b258bb50	Update ssl session serialization config bitflag Add config bits for server name indication, early data and record size limit, which all cause the serialized session to be structured differently. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 17:41:31 +00:00
David Horstmann	5c5a32f52a	Add session config bit for KEEP_PEER_CERTIFICATE This config option decides whether the session stores the entire certificate or just a digest of it, but was missing from the serialization config bitflag. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 17:41:31 +00:00
Gilles Peskine	469f7811fa	Require framework directory to exist when building The framework directory will be provided by a submodule. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-29 18:19:56 +01:00
Valerio Setti	1a58e9a232	psa_util: change guard for mbedtls_psa_get_random() to CRYPTO_CLIENT This commit also: - updates changelog - add a stub function to be used in component_test_psa_crypto_client() test Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-29 16:14:29 +01:00
Ronald Cron	9b4e964c2c	Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data TLS 1.3: Add mbedtls_ssl_write_early_data() API	2024-02-29 14:31:55 +00:00
David Horstmann	c5688a2629	Merge branch 'development-restricted' into generate-random-buffer-protection Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 14:25:56 +00:00
Signed-off-by: Steven WdV	bcfed50917	Fix compilation on macOS without apple-clang Signed-off-by: Steven WdV <swdv@cs.ru.nl>	2024-02-29 15:19:06 +01:00
Minos Galanakis	d753738fc0	echd: Added `mbedtls_ecdh_get_grp_id` getter. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-02-29 13:31:34 +00:00
Gabor Mezei	0b04116cc8	Do not copy the content to the local output buffer with allocation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-29 10:08:16 +00:00
tom-daubney-arm	840dfe8b41	Merge branch 'development-restricted' into asymmetric_encrypt_buffer_protection Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>	2024-02-28 15:42:38 +00:00
Gabor Mezei	358eb218ab	Fix buffer protection handling for `cipher_generate_iv` Use the `LOCAL_OUTPUT_` macros for buffer protection instead of the existing local variable. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:19 +00:00
Gabor Mezei	7abf8ee51b	Add buffer protection for `cipher_generate_iv` and `cipher_set_iv` Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:18 +00:00
Gabor Mezei	8b8e485961	Move local buffer allocation just before usage Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:18 +00:00
Gabor Mezei	4892d75e9b	Add `LOCAL_OUTPUT_ALLOC_WITH_COPY` macro if buffer protection is disabled Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:17 +00:00
Gabor Mezei	c25fbd2cc1	Fix ASAN error for `psa_cipher_update` The ASAN gives an error for `psa_cipher_update` when the `input_length` is 0 and the `input` buffer is `NULL`. The root cause of this issue is `mbedtls_cipher_update` always need a valid pointer for the input buffer even if the length is 0. This fix avoids the `mbedtls_cipher_update` to be called if the input buffer length is 0. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:17 +00:00

... 3 4 5 6 7 ...

13363 Commits