mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-13 04:13:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,892 Commits 174 Branches 263 Tags
Commit Graph

31892 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
David Horstmann
a4415d992a Defer static keystore to 3.6.3 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-10-16 10:30:33 +02:00
Gilles Peskine
e298eeb739 Changelog entry for security fix 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-10-16 10:30:30 +02:00
Valerio Setti
63348bed30 test_suite_pkwrite: extend coverage of wrong output buffer sizes in pk_write_check_common() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-10-14 09:44:06 +02:00
Valerio Setti
91577020a2 pkwrite: fix buffer overrun 
This commit fixes potential buffer overrun in:
- pk_write_rsa_der
- pk_write_ec_pubkey

In both functions, when dealing with opaque keys, there was no
check that the provided buffer was large enough to contain the
key being exported. This commit fixes this problem and it also
adds some testing in test_suite_pkwrite to trigger these checks.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-10-11 14:55:24 +02:00
Ronald Cron
467edcd64a
Merge pull request #9445 from ronald-cron-arm/tf-psa-crypto-cmake-build 
Add crypto only CMake build system
 2024-10-03 20:56:00 +00:00
Ronald Cron
0d10fedbeb
Merge pull request #9236 from ronald-cron-arm/config-file-split 
Configuration file split proposal
 2024-10-03 20:53:49 +00:00
Gilles Peskine
38d4c91b06
Merge pull request #9594 from gilles-peskine-arm/analyze_outcomes-classes-development 
analyze_outcomes.py refactoring: change stringly typed data to classes
 2024-10-03 10:38:04 +00:00
Ronald Cron
45daa8d8c3 Convert config-split.md with Pandoc 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-03 09:38:27 +02:00
Ronald Cron
cbafe75f19 Fix hyperlink 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-03 09:33:25 +02:00
Ronald Cron
3ca3f151f5 Add missing backticks 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-03 09:29:36 +02:00
Ronald Cron
5f64611f6b Remove Mbed TLS feature support section 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-02 14:15:45 +02:00
Ronald Cron
e2b24d3461 Move MBEDTLS_USE_PSA_CRYPTO to "Builtin drivers" section 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-02 13:42:46 +02:00
Ronald Cron
da4522c2b8 Move MBEDTLS_ERROR_C to section "General configuration options" 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-02 13:42:34 +02:00
Manuel Pégourié-Gonnard
cb42f29c4e
Merge pull request #9662 from gilles-peskine-arm/dtls_server-allow_unexpected_message_on_second_handshake-dev 
dtls_server: allow unexpected message on second handshake
 2024-10-02 10:39:53 +00:00
Gilles Peskine
13b4954597 Remove "error" allowance in dtls_server 
Now that dtls_server doesn't print "error" when it receives stray messages
while it's waiting for a second handshake, have the tests fail if "error" is
printed for some other reason.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-10-02 11:09:20 +02:00
Gilles Peskine
713127de4c dtls_server: allow unexpected messages during handshake 
If MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE happens during the handshake, don't
show it as an "error". It might be an error, but it might also be a fact of
life if it happens during the second or more handshake: it can be a
duplicated packet or a close_notify alert from the previous connection,
which is hard to avoid and harmless.

Fixes #9652.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-10-02 11:09:20 +02:00
Minos Galanakis
393f9a1dde test_psa_compliance: Use the pre-built library 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-10-01 15:32:01 +02:00
Minos Galanakis
308c737572 Add all.sh component 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
d2ca9a1b7e Add support to build only the tf-psa-crypto tree 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
e9e7b763ef TF-PSA-Crypto.cmake: Fix paths to tests scripts and C modules 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
9c8472624d TF-PSA-Crypto.cmake: TF-PSA-Cryto-ify the file 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
31829a8abf TF-PSA-Crypto.cmake: Fix submodules 
Remove framework and pkgconfig for the time
being.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
97d05e5e53 TF-PSA-Crypto.cmake: Remove TLS and x509 specifics 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
4c3fa0aa99 TF-PSA-Crypto.cmake: Do not support package config/install/apidoc/lcov 
Do not support package config, install, apidoc
and lcov for the time being.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
701faac8de Introduce TF-PSA-Crypto.cmake 
Copy of mbedtls top CMakeLists.txt file.
The TF-PSA-Crypto top CMakeList.txt file
will be derived from that file to outline
what is common and what is different
between the two.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
8d887d18f1 cmake: tf-psa-crypto: Replace some Mbed TLS options/variables by TF-PSA-Crypto ones 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
b6254f5b97 cmake: Add MBEDTLS_FRAMEWORK_DIR 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
4c670fa98e cmake: Add TF_PSA_CRYPTO_DIR 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
d3f717d536 CMake: Move build of crypto test suites to tf-psa-crypto 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
69c489c25a Move PSA drivers to drivers/builtin/src 
They were mistakenly moved to the
core directory from the library
directory.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
e82ad15f5e CMake: Move build of the crypto library to tf-psa-crypto 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
ac01d6eb7c CMake: Move build of legacy crypto modules to tf-psa-crypto 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
f8a3f28b6d CMake: Move library options to the top CMakeLists.txt 
Move library options to the top CMakeLists.txt.
That way:
- we will be able to set the TF-PSA-Crypto
library options according to the Mbed TLS ones.
- we can define the crypto library target names
in the top CMakeLists.txt and not in the library
one that is dedicated to the TLS and x509
libraries now.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
ac8dcb8966 Remove dependency on mbedtls_test_helpers 
Remove dependency on mbedtls_test_helpers
to build the crypto test suites.
mbedtls_test_helpers is TLS specific.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
7d5419b6f1 Move test_suite_constant_time_hmac back to mbedtls 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-10-01 15:32:01 +02:00
Ronald Cron
96c6f5eb36
Merge pull request #9492 from eleuzi01/remove-legacy-symbol-definitions 
Remove definitions of legacy symbols
 2024-10-01 10:33:06 +00:00
Elena Uziunaite
780e8562ef Update submodule 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-30 14:58:07 +01:00
Gilles Peskine
46771295f2
Merge pull request #9558 from gilles-peskine-arm/run-test-suites-on-subproject 
Run test suites on subproject
 2024-09-28 08:31:30 +00:00
Gilles Peskine
0930b331c0 Don't use the "allow list" terminology any longer 
What was formerly called an allow list is now an ignore table.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-27 18:28:29 +02:00
Ronald Cron
eb589f9b99 Rename MBEDTLS_PSA_CRYPTO_(USER_)CONFIG_FILE 
Rename MBEDTLS_PSA_CRYPTO_(USER_)CONFIG_FILE to
TF_PSA_CRYPTO_(USER_)CONFIG_FILE as we rename
crypto_config.h to tf_psa_crypto_config.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-09-27 17:03:54 +02:00
Ronald Cron
89d8a27d00 Rework overview of section changes 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-09-27 17:03:09 +02:00
Ronald Cron
be352633ae Re-organize "Mbed TLS modules" and "Module configuration options" 
Re-organize "Mbed TLS modules" and "Module configuration options"
into "X.509 feature selection" and "TLS feature selection" for
better alignment with tf_psa_crypto_config.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-09-27 17:03:07 +02:00
Ronald Cron
b992bc8aa7 Re-order mbedtls_config.h sections 
Re-order mbedtls_config.h sections for
the order to be more aligned with the
tf_psa_crypto_config.h one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-09-27 17:00:49 +02:00
Ronald Cron
3c7b3be34e No subsection 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-09-27 16:59:39 +02:00
Ronald Cron
2c152fdc4e Add links to section descriptions 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-09-27 16:59:33 +02:00
Ronald Cron
294b5e06b1 Improve alphabetic ordering in sections 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-09-27 16:32:02 +02:00
David Horstmann
1a09caa8a8
Merge pull request #9638 from gilles-peskine-arm/ssl-opt-sample-programs-dev 
Test sample programs in ssl-opt.sh
 2024-09-26 14:33:11 +00:00
Elena Uziunaite
bf90fa97c9 Update submodule to the head of framework PR 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-26 15:22:39 +01:00
Elena Uziunaite
9b0bdd0590 Remove MBEDTLS_ECP_HAVE_xxx and MBEDTLS_MD_CAN_xxx 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-26 14:48:59 +01:00
Elena Uziunaite
7f85f1f958 Cosmetic changes 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-26 14:48:59 +01:00