mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-02 17:54:18 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
25,363 Commits 170 Branches 263 Tags
Commit Graph

6023 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
59b61da7c4 Fix dependency check for TLS 1.3 ECDH 
This part is specific to 1.3 and directly calls PSA APIs regardless of
whether MBEDTLS_USE_PSA_CRYPTO is defined, so use PSA_WANT. Note: the
code is already using PSA_WANT everywhere in ssl_tls13*.c.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-30 09:35:41 +02:00
Andrzej Kurek
c27ba3a531 Clarify SAN structure memory management 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:41:34 -04:00
Andrzej Kurek
8bc128eca7 Add missing information about supported subjectAltName types 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:40:38 -04:00
Andrzej Kurek
5f0c6e82fb Add missing deallocation of subject alt name 
Since mbedtls_x509_get_name allocates memory
when parsing a directoryName, deallocation
has to be performed if anything fails in the
meantime.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:40:38 -04:00
Andrzej Kurek
d40c2b65a6 Introduce proper memory management for SANs 
DirectoryName parsing performs allocation that has to be handled.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:03:01 -04:00
Andrzej Kurek
e12b01d31b Add support for directoryName subjectAltName 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-29 11:03:01 -04:00
Dave Rodgman
05c5a91514
Merge pull request #7307 from Mbed-TLS/sphinx-versioned-documentation 
Generate API documentation with Sphinx and Breathe
 2023-03-29 12:01:59 +01:00
Manuel Pégourié-Gonnard
4fa702ae79 Update documented dependencies on ECC algs 
Previous PRs update check_config.h correctly, but forgot the
documentation in mbedtls_config.h.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-29 12:19:41 +02:00
Manuel Pégourié-Gonnard
93b21e74f9 Update documentation to mention ECC drivers 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-29 10:30:26 +02:00
Valerio Setti
ee9fa46111 check_config: add helper symbol for SECP256R1 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 10:28:39 +02:00
Valerio Setti
1a6d96f59e test: use full config as test starting point and solve issues 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 10:28:06 +02:00
Valerio Setti
271c12e256 psa: use only PSA_WANT symbols for PSA_VENDOR_ECC_MAX_CURVE_BITS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 10:27:18 +02:00
Valerio Setti
8f1e98a971 psa: set PSA_VENDOR_ECC_MAX_CURVE_BITS based on both SW and accelerated support 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-29 10:27:18 +02:00
Valerio Setti
77a904c761 ssl: remove useless guard 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-28 16:26:48 +02:00
Valerio Setti
1fa5c56863 ssl_tls: fix guard symbols for EC accelerated tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-28 16:26:47 +02:00
Paul Elliott
69034388e9 Fix conflict between restricted and development 
MBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA was removed in
development and replaced with MBEDTLS_MD_CAN_SHA384.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-27 21:24:45 +01:00
Paul Elliott
d01a3bca05 Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback 
Mbed TLS 3.4.0
 2023-03-27 18:09:49 +01:00
Valerio Setti
ab9dc667ff psa_util: fix for correctly computing elements in array 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-27 11:25:10 -04:00
Pengyu Lv
4e70724396 ssl_cache: Add descriptions of returns of cache accessors 
Add descriptions of the return values of mbedtls_ssl_cache_get
and mbedtls_ssl_cache_set.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-27 11:29:49 +08:00
Manuel Pégourié-Gonnard
2ca08c8409 Try again to clarify USE_PSA_CRYPTO 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
a22857b710 Fix documented dependencies on TLS 1.2 
The check in check_config.h was fixed in a previous PR, but the
documentation hadn't been updated accordingly.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:44:59 +01:00
Manuel Pégourié-Gonnard
70a1b6d828 Fix typos 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
5a51d0d789 Fix depends.py failure with correct TLS 1.2 deps 
TLS 1.2 has never been able to work with only SHA-512, it just happened
to pass previously because the declared dependencies were too lax.
(Probably related to the fact that in the past we didn't distinguish
between SHA-512 and SHA-384 in dependencies.)

So, just disable all of TLS in SHA-512-only builds. While at it, tune
build_info.h to make this easier - it already had partial support for
disabling TLS 1.2 or TLS 1.3 in an easier way, but not both of them at
the same time.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
a31ddb98dc Fix and simplify TLS hash dependency declarations 
Fixes #6441

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
bb21c5afa7 Use helper macros for hashes in check_config.h 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
93302422fd Fix instances of old feature macros being used 
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data

Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
4011eb49dc Fix entropy-related feature macros 
Was causing testing disparities picked by analyze_outcomes.py

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
5cd4b6403b Use MD-light in entropy.c 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Przemek Stekiel
b175b146a2 Remove driver_pake_get_role function 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-23 13:37:18 +01:00
Przemek Stekiel
e80ec0a9af Adapt J-PAKE built-in impl to use user/peer 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-23 13:37:12 +01:00
Paul Elliott
db67e99bbf Bump library, libcrypto and libx509 versions 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-23 10:57:39 +00:00
Pengyu Lv
5038a38695 ssl_cache: Return standard mbedtls error code 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-23 15:53:43 +08:00
Przemek Stekiel
656b2595fb psa_pake_input: validate buffer size using PSA_PAKE_INPUT_SIZE 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-23 08:05:52 +01:00
Pengyu Lv
cdf06f69dd Improve function return value description 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-23 11:15:24 +08:00
Valerio Setti
080a22ba75 ssl_tls13: use PSA_WANT_ALG_ECDH as symbol for marking ECDH capability 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:48:34 +01:00
Valerio Setti
4059aba353 accelerated ecdh: re-enable TLS 1.3 key exchanges and fix guards in check_config 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:48:34 +01:00
Valerio Setti
ccf0be28e8 fix typo 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:40:05 +01:00
Valerio Setti
da8535b74e ecdh: simplify guards for the newly created PSA_HAVE_FULL_ECDH symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:40:05 +01:00
Valerio Setti
d3f0b9e78c ecdhe: fix guards for accelerated ECDHE key exchanges 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-22 10:36:59 +01:00
Przemek Stekiel
1f778bcfd8 EC-JPAKE: remove limitation for user/peer (alow any value) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-22 09:52:08 +01:00
Paul Elliott
f1eb5e2a04 Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-21 15:35:17 +00:00
Manuel Pégourié-Gonnard
161dca63c3 Fix typos & improve wording in comments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
7224086ebc Remove legacy_or_psa.h 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
a946489efd X.509: use MD_CAN macros 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
49e67f814f PKCS5: always use MD 
As a consequence, MD_C is now enabled in component accel_hash_use_psa.

Fix guards in X.509 info function to avoid this causing a failure now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
fb8d90a2db RSA: always use MD light 
Note: already auto-enabled in build_info.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
1c2008fa37 PEM: always use MD light 
Note: PEM_PARSE already auto-enables MD_LIGHT in build_info.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
be97afe5d4 PKCS12: always use MD light 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
41bc8b6b1e ECJPAKE: always use MD light 
This enables access to all available hashes, instead of the previous
situation where you had to choose by including MD_C or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
235a933f99 PSA hash algs must be a superset of built-ins 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00