mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 03:40:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,069 Commits 170 Branches 263 Tags
Commit Graph

30069 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Manuel Pégourié-Gonnard
93071cfeec
Merge pull request #8920 from valeriosetti/issue8919 
Generalize some PK functions from MBEDTLS_PSA_CRYPTO_C to MBEDTLS_PSA_CRYPTO_CLIENT
 2024-03-14 11:32:23 +00:00
Gilles Peskine
5c77ad0f4f
Merge pull request #8926 from gilles-peskine-arm/lcov-cannot-write-investigation 
Work around a bug in ancient lcov
 2024-03-13 17:52:15 +00:00
Gilles Peskine
539d7d54af Work around a bug in ancient lcov 
lcov had a bug whereby it tries to create the output file relative to /
if it has emitted a warning. We do CI runs on Ubuntu 16.04 which is too
old to have the fix. As a quick fix for the CI, work around the bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-13 17:19:17 +01:00
Dave Rodgman
775c7768ee
Merge pull request #8877 from gilles-peskine-arm/split-minimal-3.6 
Create a minimal framework submodule
 2024-03-13 14:30:09 +00:00
Gilles Peskine
93b282232f missing word 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-13 13:08:57 +01:00
Ronald Cron
40043d03a5
Merge pull request #8884 from ronald-cron-arm/improve-early-data-status 
TLS 1.3: CLI: Split early data user status and internal state
 2024-03-13 11:59:49 +00:00
Dave Rodgman
e95bf79754
Merge pull request #8922 from daverodgman/gcc-o3 
Fix gcc -O3 warnings
 2024-03-13 11:47:14 +00:00
Manuel Pégourié-Gonnard
fb84c7681c
Merge pull request #8889 from gilles-peskine-arm/pk-psa-bridge-3.6-doc 
Document PK-PSA bridge functions
 2024-03-13 10:55:36 +00:00
Dave Rodgman
60c2f47f98
Merge pull request #8888 from minosgalanakis/features/add_ssl_session_accessor_8529 
[MBEDTLS_PRIVATE] Add accessor for session and ciphersuite_id
 2024-03-13 10:02:15 +00:00
Dave Rodgman
386c39f2d5 Check gcc version 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-13 09:55:33 +00:00
Paul Elliott
4de4cc4a29
Merge pull request #8891 from Ryan-Everett-arm/document-SE_C-not-threadsafe 
Officially document non thread-safety of MBEDTLS_PSA_CRYPTO_SE_C
 2024-03-13 09:42:49 +00:00
Valerio Setti
864a50b7c8 pk: uniformly guard set/get enrollment algorithm calls with CRYPTO_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-13 09:52:36 +01:00
Valerio Setti
13beaa2e60 psa_crypto_stubs: extend stub functions for the CRYPTO_CLIENT tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-13 09:52:36 +01:00
Valerio Setti
63097759f8 all.sh: modify/add test components for CRYPTO_CLIENT 
The already existing component_test_psa_crypto_client() is renamed
as component_test_default_psa_crypto_client_without_crypto_provider()
while component_build_full_psa_crypto_client_without_crypto_provider()
was added.

- Both of them check that the missing symbols at link time (if any)
  belong to the psa_xxx() family.
- The former builds with default config + CRYPTO_CLIENT - CRYPTO_C and
  then runs test suites.
- The latter only perform the builds using the full config and then
  it checks that PK-PSA bridge functions are present.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-13 09:52:36 +01:00
Valerio Setti
c4c1d3af34 pk: use CRYPTO_CLIENT as guard for PK-PSA bridge functions instead of CRYPTO_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-13 09:52:36 +01:00
Gilles Peskine
e29b4b42b7 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-13 09:33:03 +01:00
Manuel Pégourié-Gonnard
3b20bda352
Merge pull request #8899 from gilles-peskine-arm/pk_copy_public_from_psa 
New function mbedtls_pk_copy_public_from_psa
 2024-03-13 06:56:17 +00:00
Gilles Peskine
68f46414cb
Merge pull request #8894 from daverodgman/quietbuild2 
Follow-up non-verbose logs
 2024-03-13 00:50:42 +00:00
Ronald Cron
840de7ff2f tls13: cli: Rename STATUS_NOT_SENT to STATUS_NOT_INDICATED 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
fd4c0c8b3d tls13: cli: Fix comment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
aa3593141b tls13: cli: Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz 
Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
from ssl.h(public) to ssl_misc.h(private) even if
that means we cannot use the enum type for
early_data_state in ssl.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
894df384f4 tls13: cli: Re-order early data states 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
3641df2980 tls13: cli: Rename STATE_SENT to STATE_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
3c5a68339b tls13: cli: Rename STATE_NOT_SENT to STATE_NO_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
0c80dc1ed5 tls13: cli: Rename STATUS_NOT_SENT to STATUS_NO_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
05d7cfbd9c tls13: cli: Rename STATE_UNKNOWN to STATE_IDLE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
d2884662c1 tls13: cli: Split early data user status and internal state 
Do not use the return values of
mbedtls_ssl_get_early_data_status()
(MBEDTLS_SSL_EARLY_DATA_STATUS_ macros)
for the state of the negotiation and
transfer of early data during the
handshake.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:15 +01:00
Dave Rodgman
4faa34dc86 Fix gcc -O3 warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-12 16:34:43 +00:00
Gilles Peskine
d6a710a397 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
0dc79a754d Fix and test pk_copy_from_psa with an unsupported algorithm 
Fix mbedtls_pk_copy_from_psa() and mbedtls_pk_copy_public_from_psa() to
still work when the algorithm in the key policy is not an RSA
algorithm (typically PSA_ALG_NONE). Add a dedicated test case and adjust the
test code. Fixes the test case "Copy from PSA: non-exportable -> public, RSA"
when MBEDTLS_PKCS1_V15 is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
17d5b6bda2 Test mbedtls_pk_copy_public_from_psa on non-exportable keys 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
bf69f2e682 New function mbedtls_pk_copy_public_from_psa 
Document and implement mbedtls_pk_copy_public_from_psa() to export the
public key of a PSA key into PK.

Unit-test it alongside mbedtls_pk_copy_from_psa().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:45 +01:00
Manuel Pégourié-Gonnard
d7e7f48323
Merge pull request #8774 from valeriosetti/issue8709 
Implement mbedtls_pk_copy_from_psa
 2024-03-12 13:45:27 +00:00
Dave Rodgman
235799bc23 Simplify locating original tool 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-12 13:33:09 +00:00
Dave Rodgman
294a3c2ccb Remove unnecessary use of export 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-12 13:32:36 +00:00
Ronald Cron
ec4ed8eae4
Merge pull request #8857 from ronald-cron-arm/tls13-cli-max-early-data-size 
TLS 1.3: Enforce max_early_data_size on client
 2024-03-12 13:31:20 +00:00
Dave Rodgman
e0ffb1d2e9
Merge pull request #8908 from daverodgman/cmac-perf 
CMAC size and perf
 2024-03-12 13:17:00 +00:00
Dave Rodgman
a7f3c4e1d0
Merge pull request #8822 from daverodgman/sha3-perf 
SHA-3 performance & code size
 2024-03-12 13:14:40 +00:00
Gilles Peskine
e4220fef2f MBEDTLS_USE_PSA_CRYPTO: most pk bridge functions don't require it 
mbedtls_setup_pk_opaque does require it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 13:03:12 +01:00
Gilles Peskine
0cff1116f7 Remind the reader that PK doesn't support DH 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 13:02:58 +01:00
Gilles Peskine
7caf2dc964 Discuss mbedtls_pk_copy_public_from_psa 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 13:02:45 +01:00
Gilles Peskine
b5b185b482
Merge pull request #8850 from billatarm/fix-pc-files 
project: set version
 2024-03-12 11:30:27 +00:00
Manuel Pégourié-Gonnard
fe164aecfc
Merge pull request #8887 from gilles-peskine-arm/pk_import_into_psa-fix_doxygen_code_blocks 
Fix intended code blocks that were not suitably indented
 2024-03-12 11:27:45 +00:00
Valerio Setti
6fbde6e242 test_suite_pk: revert erroneous missing initialization of PSA key IDs 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-12 11:00:39 +01:00
Manuel Pégourié-Gonnard
1c191c1317
Merge pull request #8917 from gilles-peskine-arm/mbedtls_pk_decrypt-USE_PSA_CRYPTO-changelog-correction 
mbedtls_pk_decrypt/encrypt actually check the padding mode
 2024-03-12 07:53:54 +00:00
Valerio Setti
8b3c6fffa7 test_suite_pk: add comment for pk_copy_from_psa_builtin_fail 
Explain why this kind of test is possible for RSA keys, while
it is not possible for EC ones.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-12 06:05:03 +01:00
Valerio Setti
d286491ed7 changelog: fix text 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-12 05:11:09 +01:00
Gilles Peskine
88c2755a30 mbedtls_pk_decrypt/encrypt actually check the padding mode 
The sign/verify functions happily use the wrong algorithm, but the
encrypt/decrypt functions error out if the padding mode specifies V21.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-11 18:49:54 +01:00
Dave Rodgman
66ebde46df
Merge pull request #8916 from daverodgman/iar-bignum-fix 
Fix IAR warning
 2024-03-11 17:43:43 +00:00
Dave Rodgman
d282e264cd Fix IAR warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-11 15:28:48 +00:00