mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-03 20:54:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
24,282 Commits 170 Branches 263 Tags
Commit Graph

24282 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
valerio
2bf85e349d ssl-opt: enable test for accelerated ECDH + USE_PSA 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-03-09 16:39:07 +01:00
valerio
f27472b128 ssl-opt: enable test and fix failures for reference ECDH + USE_PSA" 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-03-09 16:20:38 +01:00
Przemek Stekiel
89e268dfb9 Add change log entry (SubjectAltName extension in CSR) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 14:04:17 +01:00
Przemek Stekiel
42510a91c4 Use for loop instead while loop 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 14:04:17 +01:00
Przemek Stekiel
68ca81c8fe Change separator for SAN names to ';' 
When ';' is used as a separator san names must be provided in quotation marks:
./cert_req filename=../../tests/data_files/server8.key subject_name=dannybackx.hopto.org san="URI:http://pki.example.com/;IP:127.1.1.0;DNS:example.com"

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 14:04:11 +01:00
Gabor Mezei
fffd6d9ded
Fix maximum cannonical value 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-09 13:43:15 +01:00
Gabor Mezei
e4710ae9ed
Add and fix comments 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-09 13:43:02 +01:00
Przemek Stekiel
b8eaf635ba Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 12:14:26 +01:00
David Horstmann
369930dec2 Move docs/getting_started.md to docs repo 
Delete docs/getting_started.md as it has been moved to the dedicated
documentation repo.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-03-09 09:52:13 +00:00
Janos Follath
9e1d889766
Merge pull request #7231 from tom-cosgrove-arm/update-changelog-230308 
Update ChangeLog to make "fix" explicit
 2023-03-09 08:47:49 +00:00
Janos Follath
042e433eda Threat Model: clarify attack vectors 
Timing attacks can be launched by any of the main 3 attackers. Clarify
exactly how these are covered.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-03-08 20:07:59 +00:00
Janos Follath
d5a09400ae Threat Model: improve wording 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-03-08 19:58:29 +00:00
Dave Rodgman
5e5aa4a4e6
Merge pull request #7218 from tom-cosgrove-arm/fix-typos-230307 
Fix typos in development prior to release
 2023-03-08 17:19:59 +00:00
Dave Rodgman
51b62ef23d
Merge pull request #7228 from tom-cosgrove-arm/fix-alignment.h-on-32-bit-systems 
Fix mbedtls_bswap64() on 32-bit systems
 2023-03-08 17:19:29 +00:00
Janos Follath
3d377605f3 Threat Model: move the block cipher section 
The block cipher exception affects both remote and local timing attacks.
Move them to the Caveats section and reference it from both the local
and the remote attack section.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-03-08 16:58:01 +00:00
Janos Follath
ecaa293d32 Threat model: explain dangling countermeasures 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-03-08 16:38:07 +00:00
Janos Follath
fef82fd39b Threat Model: increase classification detail 
Originally for the sake of simplicity there was a single category for
software based attacks, namely timing side channel attacks.

Be more precise and categorise attacks as software based whether or not
they rely on physical information.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2023-03-08 16:10:39 +00:00
Manuel Pégourié-Gonnard
913d9bb921
Merge pull request #7162 from valeriosetti/issue7055 
Legacy MBEDTLS_PK_PARSE_C and MBEDTLS_PK_WRITE_C dependencies in test_suite_psa_crypto
 2023-03-08 17:07:19 +01:00
Valerio Setti
1470ce3eba fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:50:12 +01:00
Valerio Setti
2f081473b6 test: fix disparities in test_suite_ssl 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Valerio Setti
75fba32cb3 ssl: use new macros for ECDSA capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Valerio Setti
30c4618970 Add new PSA_HAS_FULL_ECDSA macro for easily signal that PSA has full ECDSA support 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Valerio Setti
f84b7d5c21 test: enable ECDSA based key exchanges in driver coverage tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Tom Cosgrove
b3c6a1e04a Update ChangeLog to make "fix" explicit 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-08 15:47:00 +00:00
Manuel Pégourié-Gonnard
289e5baa83
Merge pull request #7082 from valeriosetti/issue6861 
driver-only ECDSA: add ssl-opt.sh testing with testing parity
 2023-03-08 16:45:38 +01:00
Gabor Mezei
d1f16b937e
Add documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 15:26:32 +01:00
Tom Cosgrove
6ef9bb3d74 Implement and use MBEDTLS_STATIC_ASSERT() 
Fixes #3693

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-08 14:19:51 +00:00
Tom Cosgrove
bbe166e721 Fix mbedtls_bswap64() on 32-bit systems 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-08 13:23:24 +00:00
Gabor Mezei
eb591ff94d
Add test generation for ecp_mod_p256_raw 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 14:12:20 +01:00
Gabor Mezei
716447ff32
Fix limb size calculation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 14:09:51 +01:00
Gabor Mezei
ed1acf642c
Apply naming conventions 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 14:09:50 +01:00
Gabor Mezei
5221c04b92
Change the p256_raw fuction to be testable 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 14:09:50 +01:00
Gabor Mezei
ab6ac91a0a
Extract Secp256r1 from the prototype 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-03-08 14:09:50 +01:00
Tom Cosgrove
c15a2b949d Update the text about gcc5 support for Armv8 CE 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-08 12:55:48 +00:00
Przemek Stekiel
07c5ea348c Add check for buffer overflow and fix style. 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-08 13:31:19 +01:00
Valerio Setti
733de595e3 psa_crypto_rsa: remove PK_WRITE_C in psa_rsa_export_key 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti
c0e7da55c5 test: removing remaning dependencies of PK_WRITE/PK_PARSE from test_suite_psa_crypto suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti
73a218513b psa_crypto_rsa: add comment/explanation for residual PK_WRITE_C guard 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti
f9bc5b75f1 test: remove dependencies on PK_WRITE and PK_PARSE from test_suite_psa_crypto suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 11:03:09 +01:00
Valerio Setti
ccfad9ae0e ssl-opt: remove remaining redundant dependencies 
There were some dependencies that are now automatically satisfied by the
detect_required_features() function.

After this check there should be no redundant requirement for:
- requires_pk_alg "ECDSA"
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_ECDSA_CERT
- requires_any_configs_enabled $TLS1_2_KEY_EXCHANGES_WITH_CERT

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 10:25:05 +01:00
Valerio Setti
3b2c02821e ssl-opt: return to previous debug level in test 
This was a leftover from some debug activity that unfortunately ended up
in previous commits.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 10:22:29 +01:00
Przemek Stekiel
691e91adac Further pake code optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-08 09:54:00 +01:00
Gilles Peskine
429e90153c Improve pip instructions 
Our build scripts invoke `python3` in preference to `python`, so make the
default instruction use `python3`. On many systems (macOS, some Linux),
`python` invokes Python 2 which our scripts do not support.

Suggest --user by default. It's usually the right thing outside of venvs.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-07 20:40:04 +01:00
Gilles Peskine
ed7b5978cd
Merge pull request #6172 from gilles-peskine-arm/doc-tls13-psa_crypto_init 
Document the need to call psa_crypto_init for TLS 1.3
 2023-03-07 20:13:53 +01:00
Gilles Peskine
a2fc399f57
Merge pull request #6829 from AndrzejKurek/unify-psa-errors 
Unify PSA to Mbed TLS error translation
 2023-03-07 19:55:44 +01:00
Gilles Peskine
12e3c8e019
Merge pull request #7168 from mpg/use-md 
Use MD (not low-level hash interface) in X.509 and TLS
 2023-03-07 19:55:12 +01:00
Gilles Peskine
30fc999f43
Merge pull request #7164 from oberon-microsystems/fix-test-exported-length-edwards 
Fix expected export length for Edwards curves in test suite.
 2023-03-07 19:53:48 +01:00
Valerio Setti
213c4eae3a ssl-opt: enhance comment for get_tls_version() function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-07 19:29:57 +01:00
Dave Rodgman
06554e6b08
Merge pull request #7220 from tom-cosgrove-arm/enable-explicit_bzero-on-openbsd 
Enable explicit_bzero() on OpenBSD
 2023-03-07 17:59:45 +00:00
Valerio Setti
2f1d967643 ssl: fix included pk header file 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-07 18:14:34 +01:00