mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-17 11:43:37 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,236 Commits 172 Branches 267 Tags
Commit Graph

30236 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ronald Cron
9785cf1821 Add RSA key certificates 
Add RSA key certificates using SHA256
instead of SHA1 for the signature
algorithm. Those are needed for some
TLS 1.3 compatibility tests with OpenSSL 3
to avoid having to enable in OpenSSL 3
the support for the deprecated SHA-1 based
signature algorithms.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-02 14:28:35 +02:00
Manuel Pégourié-Gonnard
611f899c0c
Merge pull request #8957 from valeriosetti/issue8836 
Unify consistency tests for mbedtls_pk_import_into_psa and mbedtls_pk_copy_from_psa
 2024-03-22 08:57:45 +00:00
Manuel Pégourié-Gonnard
e2925efa42
Merge pull request #8967 from ronald-cron-arm/improve-version-selection-tests-titles 
ssl-opt.sh: Improve version selection test titles
 2024-03-22 08:52:39 +00:00
Manuel Pégourié-Gonnard
2107feb7a6
Merge pull request #8586 from lpy4105/issue/fix-fake-case-listed-in-compat_sh 
Fix fake cases listed of compat.sh
 2024-03-21 15:05:11 +00:00
minosgalanakis
5a9020f5d4
Merge pull request #8941 from daverodgman/branches-3.6lts 
Update BRANCHES for 3.6
 2024-03-21 13:56:34 +00:00
Manuel Pégourié-Gonnard
32a96d656b
Merge pull request #8951 from valeriosetti/issue8938 
mbedtls_pk_setup_opaque always uses PKCS#1v1.5 for RSA keys
 2024-03-21 09:08:34 +00:00
Ronald Cron
35884a4301 ssl-opt.sh: Improve version selection test titles 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-21 09:44:28 +01:00
Valerio Setti
2833050bb6 test_suite_pk: fix guards in pk_psa_sign() 
If the public key is exported with mbedtls_pk_write_pubkey_der()
it should be re-imported with mbedtls_pk_parse_public_key().
Alternative options (when PK_WRITE is not defined), i.e.
mbedtls_ecp_point_write_binary() and mbedtls_rsa_write_pubkey(),
export the key in a different format which cannot be parsed by
pk_parse module so mbedtls_ecp_point_read_binary() and
mbedtls_rsa_parse_pubkey() should be used respectively in this
case.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 05:24:12 +01:00
Valerio Setti
ea01efa589 add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 17:19:08 +01:00
Valerio Setti
144c27b0f3 pkwrite: add new internal symbol for the max supported public key DER length 
This is also used in pk_psa_sign() to properly size buffers holding
the public key.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 17:10:35 +01:00
Valerio Setti
027796c0cc test_suite_pk: uniformly generate RSA and EC keys in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 16:55:35 +01:00
Valerio Setti
6fb2586dfd test_suite_pk: fix guards in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 16:55:14 +01:00
Valerio Setti
1b533ab205 test_suite_pk: test also RSA OAEP in pk_wrap_rsa_decrypt_test_vec() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 15:43:33 +01:00
Valerio Setti
d45836a1c3 pk_wrap: fix algorithm selection in rsa_opaque_decrypt() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 15:42:55 +01:00
Valerio Setti
480dfc7ad7 test_suite_pk: fix guards in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 12:24:29 +01:00
Valerio Setti
237424b84f test_suite_pk: simplify pk_copy_from_psa_success() 
Use mbedtls_test_key_consistency_psa_pk() to verify that the
generated PK contexts match with the original PSA keys instead
of doing sign/verify and encrypt/decrypt.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 12:10:38 +01:00
Valerio Setti
f71c060cb2 test_suite_pk: properly size buffers for public keys in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 19:35:37 +01:00
Valerio Setti
aa9cc49879 test_suite_pk: test also RSA keys with PKCS1 v2.1 padding mode in pk_psa_sign() 
Previously only only PKCS1 v1.5 was tested.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 19:03:55 +01:00
Valerio Setti
4f3262de2d pk_wrap: fix algorithm selection in rsa_opaque_sign_wrap() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Valerio Setti
d971b7834b test_suite_pk: fix RSA issue in pk_psa_sign() when !PK_[PARSE|WRITE]_C are defined 
This bug was not found until now because:
- !PK_[WRITE|PARSE]_C is only tested in component_full_no_pkparse_pkwrite()
- the test only case concerning RSA key had MBEDTLS_PK_WRITE_C as dependency
  so it was not executed in that component.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Valerio Setti
c262561424 test_suite_pk: rename some variables in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Valerio Setti
d38480b0e0 test_suite_pk: reshape pk_psa_sign() 
The behavior of the functions is kept intact. Changes concern:
- generate the initial PK context using PSA parameters only; this
  allows to remove 1 input parameter for the test function.
- add/fix comments.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Gilles Peskine
b2b9068264
Merge pull request #8942 from valeriosetti/fix-null-dereference 
[Bugfix] Fix null dereference in `mbedtls_pk_verify_ext()`
 2024-03-19 10:47:29 +00:00
Manuel Pégourié-Gonnard
af14b89824
Merge pull request #8932 from ronald-cron-arm/enable-tls13-by-default 
Enable TLS 1.3 by default
 2024-03-19 09:51:49 +00:00
Valerio Setti
da47518554 test_suite_pk: always test verify_ext with opaque keys in pk_psa_wrap_sign_ext() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 09:54:46 +01:00
Valerio Setti
8ad5be0e5d add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-18 17:22:52 +01:00
Paul Elliott
92152dc746
Merge pull request #8940 from paul-elliott-arm/add_fixes_to_threading_changelog 
Add issues fixed to threading MVP changelog entry
 2024-03-18 15:30:11 +00:00
Dave Rodgman
0da8c514c3 Replace reference to master 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-18 15:25:53 +00:00
Valerio Setti
07500fd874 pk: check PK context type in mbedtls_pk_verify_ext() before trying RSA PSS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-18 16:22:33 +01:00
Valerio Setti
d59caf4e51 test_suite_pk: extend pk_psa_wrap_sign_ext() 
Try to perform verify_ext() using the opaque context when the
key type is MBEDTLS_PK_RSASSA_PSS. This currently leads to a
crash while running the test suite and this will be fixed by
the next commit.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-18 16:20:14 +01:00
Dave Rodgman
1fdf9d0a21 Update BRANCHES 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-18 14:37:24 +00:00
Dave Rodgman
374704255d
Merge pull request #8939 from daverodgman/codestyle-autogen 
Codestyle autogen fix
 2024-03-18 14:26:59 +00:00
Paul Elliott
f5f48549e2 Add issues fixed to changelog entry 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-18 13:52:25 +00:00
Dave Rodgman
1bd787a3e0 Minor relaxation to auto-gen regex 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-18 12:32:49 +00:00
Ronald Cron
d2cb7f4268 all.sh: Add TLS 1.2 only component 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-18 13:07:00 +01:00
Ronald Cron
46ac0658cf all.sh: Adapt/Fix some components 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-18 13:06:59 +01:00
Ronald Cron
a3f385d1a8 all.sh: Disable TLS 1.3 when pre-requisites are not meet 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-18 13:06:59 +01:00
Ronald Cron
27eb68d295 Enable TLS 1.3 by default 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-18 13:06:59 +01:00
Dave Rodgman
5ce1577629
Merge pull request #8928 from Ryan-Everett-arm/update-psa-thread-safety-docs 
Update psa-thread-safety.md to reflect version 3.6 changes
 2024-03-18 12:06:39 +00:00
Dave Rodgman
4e4540d8e0 line length fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-18 11:55:39 +00:00
Dave Rodgman
2a9eb22107 Check file content to see if it looks auto-generated 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-18 11:16:05 +00:00
Manuel Pégourié-Gonnard
47f8d0e840
Merge pull request #8934 from paul-elliott-arm/add_threading_changelog 
Add changelog entry for threading MVP
 2024-03-18 10:25:14 +00:00
Ryan Everett
765b75f2f8
Update docs/architecture/psa-thread-safety/psa-thread-safety.md 
Co-authored-by: Paul Elliott <62069445+paul-elliott-arm@users.noreply.github.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-18 10:20:43 +00:00
Manuel Pégourié-Gonnard
1053da8bf0
Merge pull request #8921 from gilles-peskine-arm/pk_import_into_psa-test-lifetime 
pk_import_into_psa: test persistent keys
 2024-03-18 10:00:00 +00:00
Paul Elliott
7d8fd3fafe Add changelog entry for threading MVP 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-17 16:18:23 +00:00
Paul Elliott
78064ac9e0
Merge pull request #8901 from paul-elliott-arm/make_psa_global_data_safe 
Make PSA global_data thread safe
 2024-03-15 19:50:01 +00:00
Ryan Everett
f266b51e3f Respond to feedback on psa-thread-safety.md 
A few typo fixes, extrapolations and extra details.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-15 17:30:31 +00:00
Ryan Everett
c408ef463c Update slot transition diagram 
Adds missing transition and italicises internal functions

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-15 17:29:46 +00:00
Manuel Pégourié-Gonnard
c9db499299
Merge pull request #8930 from ronald-cron-arm/tls13-doc-update 
TLS 1.3: Documentation update for 3.6 release
 2024-03-15 16:41:52 +00:00
Paul Elliott
b24e36d07b Add explanatory comment for init flags 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 16:25:48 +00:00