mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-23 07:20:56 +00:00

Author	SHA1	Message	Date
Ronald Cron	1f63fe4d74	tls13: srv: Fix resume flag in case of cancelled PSK If we prefer ephemeral key exchange mode over the pure PSK one, make sure the resume flag is disabled as eventually we are not going to resume a session even if we aimed to at some point. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	cf284565c5	tls13: srv: Determine best key exchange mode for a PSK Determine best key exchange for for ticket based and external PSKs. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	89089cc69b	tls13: srv: Factorize ciphersuite selection code Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	f7e9916b3d	tls13: srv: Fix MBEDTLS_SSL_SESSION_TICKETS guard position Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	12e72f1664	tls13: srv: Always parse the pre-shared key extension Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	7a30cf5954	tls13: srv: Stop earlier identity check If an identity has been determined as a ticket identity but the ticket is not usable, do not try to check if the identity is that of an external provided PSK. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	fbae94a52f	tls13: srv: Improve ticket identity check return values Improve the values returned by ssl_tls13_offered_psks_check_identity_match_ticket(). Distinguish between the two following cases: 1) the PSK identity is not a valid ticket identity 2) the PSK identity is a valid ticket identity but the ticket cannot be used for session resumption. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	3cdcac5647	tls13: srv: Fix return value Fix the value returned by ssl_tls13_offered_psks_check_identity_match_ticket() when there is no ticket parser function defined or no time. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	6e31127f08	tls13: srv: Define specific return macros for binder check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	139a4185b1	Merge pull request #8587 from yanrayw/issue/4911/ssl_setup-check-RNG-configuration TLS: check RNG when calling mbedtls_ssl_setup()	2024-03-08 07:38:39 +00:00
Ronald Cron	53dff7b0af	Do not forget about TLS 1.2 disabled at runtime aspect Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-07 16:01:51 +01:00
Ronald Cron	93795f2639	tls13: Improve comment about cast to uint32_t Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-07 09:57:07 +01:00
Ronald Cron	e301813da4	Improve change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-07 09:10:22 +01:00
Ronald Cron	130bfe7799	Add change log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-07 06:59:01 +01:00
tom-daubney-arm	d4c57c0ad2	Merge branch 'development-restricted' into key_agreement_buffer_protection Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>	2024-03-06 16:47:13 +00:00
Ryan Everett	63c1cf7eaa	Remove MBEDTLS_THREADING_C check in check_test_dependencies At the moment our tests only check for MBEDTLS_THREADIN_PTHREAD Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-06 16:46:15 +00:00
Paul Elliott	16d5160504	Allow the use of threading dependancies in PSA tests. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-06 16:46:15 +00:00
Ryan	b0b3c0d80a	Disable MBEDTLS_SELF_TEST in the TSan config Enabling this causes TSan warnings, as some self-tests use unprotected globals (see X_count variables in ecp.c). This isn't an issue, as these globals are only read in self tests, which do not use threads. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-06 16:46:08 +00:00
Ryan	2066d0451f	Add test cases for concurrently_generate_keys For every generate_key test there is now a concurrently_generate_keys test. 8 threads per test, and 5 repetitions. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-06 16:46:00 +00:00
Ryan	3a1b786d5d	Add a concurrent key generation test function Split into n threads, each thread will repeatedly generate, exercise and destroy a key. Then join the threads, and ensure using PSA_DONE that no keys still exist. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-06 16:45:36 +00:00
Thomas Daubney	a4866945b8	Fix issue with large allocation in tests In test_suite_psa_crypto_op_fail.generated.function the function key_agreement_fail was setting the public_key_length variable to SIZE_MAX which meant that a huge allocation was being attempted. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2024-03-06 16:32:25 +00:00
Paul Elliott	8a2062c538	Merge pull request #8892 from paul-elliott-arm/add_threading_to_drivers Ensure drivers have threading enabled if required	2024-03-06 14:35:49 +00:00
David Horstmann	a5175634b0	Merge branch 'development-restricted' into copying-pake Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-06 11:18:28 +00:00
Moritz Fischer	967f8cde84	library: psa_crypto: Explicitly initialize shared_secret When building with -Og (specifically Zephyr with CONFIG_DEBUG_OPTIMIZATIONS=y) one observes the following warning: 'shared_secret' may be used uninitialized [-Werror=maybe-uninitialized] Fix this by zero initializing 'shared_secret' similar to the issue addressed in commit 2fab5c960 ("Work around for GCC bug"). Signed-off-by: Moritz Fischer <moritzf@google.com>	2024-03-05 22:32:32 +00:00
David Horstmann	714418f2dc	Merge pull request #1167 from gabor-mezei-arm/buffer_protection_for_cipher Buffer protection for cipher functions	2024-03-05 18:42:48 +00:00
Gilles Peskine	31403a4ca8	Merge pull request #8678 from daverodgman/quietbuild Make builds less verbose	2024-03-05 18:04:16 +00:00
Gilles Peskine	71cc260563	Merge pull request #8728 from minosgalanakis/features/add_mbedtls_x509_crt_get_ca_istrue_accesor_6151 [MBEDTLS_PRIVATE] Add mbedtls_x509_crt_get_ca_istrue() accesor	2024-03-05 18:04:06 +00:00
Dave Rodgman	3c4166aef3	Merge pull request #8863 from minosgalanakis/feature/add_ecdh_context_5016 [MBEDTLS_PRIVATE] Add a getter for the ECDH context->grp.id member.	2024-03-05 16:58:13 +00:00
Minos Galanakis	581e63637a	test_suite_x509parse: Added test-case for legacy certificate Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-05 14:39:23 +00:00
Paul Elliott	053b7886e5	Ensure drivers have threading enabled if required Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-05 14:27:23 +00:00
Ronald Cron	2e7dfd5181	tls13: Remove unnecessary cast from size_t to uint32_t Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-05 13:48:11 +01:00
Minos Galanakis	87b4f6d86c	x509: Reworded documentation bits. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-05 11:05:51 +00:00
Gilles Peskine	d06244b813	Merge pull request #8821 from davidhorstmann-arm/fix-config-bitflag Update `SSL_SERIALIZED_SESSION_CONFIG_BITFLAG` with new flags	2024-03-05 09:59:42 +00:00
Gilles Peskine	8462146d01	Merge pull request #8867 from gilles-peskine-arm/psa_key_attributes-remove_core Merge psa_core_key_attributes_t back into psa_key_attributes_t	2024-03-05 09:59:24 +00:00
Dave Rodgman	a38fad9dad	Adjust defaults Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-04 18:27:32 +00:00
Gilles Peskine	ddbe4ae901	Fix intended code blocks that were not suitably indented Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-04 18:30:09 +01:00
Gabor Mezei	1b5b58d4d9	Fix merge Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-03-04 17:15:08 +01:00
Gábor Mezei	716cf2d4e0	Merge branch 'development-restricted' into buffer_protection_for_cipher Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>	2024-03-04 15:38:05 +00:00
Paul Elliott	634f4d6d7d	Merge pull request #8846 from gilles-peskine-arm/ecp-write-ext-3.6 Introduce mbedtls_ecp_write_key_ext	2024-03-04 14:56:55 +00:00
David Horstmann	2bb537ec61	Merge pull request #1172 from davidhorstmann-arm/generate-random-buffer-protection Add secure buffer copying to `psa_generate_random()`	2024-03-04 13:23:46 +00:00
Ronald Cron	987cf898db	ssl_helpers: Restore rng_seed incrementation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-04 10:24:27 +01:00
Gilles Peskine	fad79fcdd9	Merge remote-tracking branch 'development' into ecp-write-ext-3.6 Conflicts: * library/pk.c: mbedtls_pk_wrap_as_opaque() changed in the feature branch and was removed in the target branch.	2024-03-04 08:52:08 +01:00
Minos Galanakis	79ee110446	Added changelog Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-04 02:22:01 +00:00
Minos Galanakis	a83ada4eba	tests: Added test for `mbedtls_x509_crt_get_ca_istrue()` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-04 02:22:01 +00:00
Minos Galanakis	2abbac74dc	x509: Added `mbedtls_x509_crt_get_ca_istrue()` API accessor. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-04 02:22:01 +00:00
Minos Galanakis	3cfdd73dfa	Changelog: Added changelog for `mbedtls_ecdh_get_grp_id`. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-02 09:14:13 +00:00
Ronald Cron	e93cd1b580	tests: ssl: Free write/read test buffers Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 19:30:00 +01:00
Valerio Setti	ada2ec3482	psa_crypto_stubs/changelog: fix typos Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-01 18:04:14 +01:00
Ronald Cron	aab4a546bf	tests: Set the default conf then customize Set the default conf then customize, not the other way around. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 17:09:22 +01:00
Ronald Cron	10b040fa6f	tests: ssl_helpers: Rename rng_get to mbedtls_test_random mbedtls_test_ as the prefix for test APIs _random like in mbedtls_ctr/hmac_drbg_random Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 17:00:38 +01:00

1 2 3 4 5 ...

30282 Commits