mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-25 13:43:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,253 Commits 173 Branches 267 Tags
Commit Graph

31253 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ronald Cron
cbacb065f3
Merge pull request #9511 from gabor-mezei-arm/9325_bp36_move_config.py_to_framework 
[Backport 3.6] Move `config.py` functionalities to the framework
 2024-09-20 16:07:47 +00:00
Gabor Mezei
5a2bcf6f3e
Remove PSA macros usage from adapters 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-20 12:41:24 +02:00
David Horstmann
04176756d8
Merge pull request #9568 from eleuzi01/issue-9473 
Backport 3.6: Fix incorrect dependencies
 2024-09-19 13:53:21 +00:00
Gabor Mezei
bf1c8f9d29
Update framework 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 13:01:06 +02:00
Gabor Mezei
76f147d597
Remove unused CombinedConfig class 
In 3.6 `MbedTLSConfig` is used instead of `ConbinedConfig` due to keep compatibility

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 13:01:06 +02:00
Gabor Mezei
6f90e79ae5
Update old class names 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:59 +02:00
Gabor Mezei
1a0bd776b2
Use MbedTLSConfig for config handling to keep campatibility 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:59 +02:00
Gabor Mezei
8b54f0e7e8
Apply the parameter change 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:59 +02:00
Gabor Mezei
d72c9f9401
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:59 +02:00
Gabor Mezei
2285ed8282
Update member variable names 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:59 +02:00
Gabor Mezei
3ae480ba7d
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:58 +02:00
Gabor Mezei
634103c9f9
Update config.py to use config_common.py from the framework 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:58 +02:00
Elena Uziunaite
6a229f926e Remove some dependencies 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-17 16:06:18 +01:00
Elena Uziunaite
db0ed75c0f Add PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-17 15:45:19 +01:00
Elena Uziunaite
47a9b3d5a5 Replace MBEDTLS_PK_CAN_ECDSA_SOME with MBEDTLS_PK_CAN_ECDSA_SIGN 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-16 14:25:38 +01:00
Elena Uziunaite
fbab4f88dc Add missing ALG_SHA_1 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-16 12:34:11 +01:00
Gilles Peskine
26fc0390c9
Merge pull request #9498 from minosgalanakis/bugfix/return_early_in_ccm_star_bp36 
[Backport 3.6] ccm.c: Return early when ccm* is used without tag.
 2024-09-13 09:35:12 +00:00
Gilles Peskine
78b1362b42
Merge pull request #9546 from gilles-peskine-arm/ssl-opt-psk-detection-3.6 
[3.6] ssl-opt: improve PSK mode detection
 2024-09-13 09:35:07 +00:00
Gilles Peskine
cfbaffdfcc requires_certificate_authentication: prioritize TLS 1.3 
When checking whether the build supports certificate authentication, check
the key exchange modes enabled in the default protocol version. This is TLS
1.3 when it's enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
d57212ee9e Documentation improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
19c60d262b Fix detection of TLS 1.2 PSK-ephemeral key exchange modes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
5838a64bff Improve some comments 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
4c1347c1e8 Remove unused auth_mode parameter on a PSK test case 
It was causing the test case to be incorrectly skipped as needing
certificate authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
07e24e9ac3 Fix weirdly quoted invocations of requires_any_configs_enabled 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
d98b363bec Also activate PSK-only mode when PSK-ephemeral key exchanges are available 
The point of PSK-only mode is to transform certificate-based command lines
into PSK-based command lines, when the certificates are not relevant to what
is being tested. So it makes sense to do that in with PSK-ephemeral key
exchanges too.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
0a9f9d6f4f Unify the two requires-key-exchange-with-certificate function 
requires_certificate_authentication was called in more places, but did not
do fine-grained analysis of key exchanges and so gave the wrong results in
some builds.

requires_key_exchange_with_cert_in_tls12_or_tls13_enabled gave the correct
result but was only used in some test cases, not in the automatic detection
code.

Remove all uses of requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
because they are in fact covered by automated detection that calls
requires_certificate_authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
bbdc1a3575 Detect PSK-only mode in TLS 1.3 as well 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
5c766dcb01 Fix PSK-only mode doing less than it should 
Don't add a certificate requirement when PSK is enabled.

Do command line requirement detection after the injection of PSK into the
command line in PSK-only mode. Otherwise certificate requirements would be
added even in PSK-only mode.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
6eff90f2ba Detect more cases where certificates are required 
When requiring a cryptographic mechanism for the sake of certificate
authentication, also require that certificate authentication is enabled.

Setting auth_mode explicitly means that we're testing something related to
how certificate-based authentication is handled, so require a key exchange
with certificate-based authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
9cd5848757 ssl-opt: Fix GnuTLS PSK injection 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:03 +02:00
Gilles Peskine
0bc572961f Use CONFIGS_ENABLED instead of repeatedly calling query_compile_time_config 
It's faster and more readable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:48:52 +02:00
Gilles Peskine
ed8cc46d42 Fix "Renegotiation: openssl server, client-initiated" with OpenSSL 3 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:48:52 +02:00
Ronald Cron
4012b5d4a3
Merge pull request #9553 from ronald-cron-arm/project-and-branches-detection-3.6 
3.6: Projects and 3.6 branch detections
 2024-09-12 11:06:08 +00:00
Paul Elliott
d3d586bf5f
Merge pull request #9174 from billatarm/3.6-add-pc-test 
[BACKPORT 3.6] tests: add a test for pkg-config files
 2024-09-11 21:14:29 +00:00
Bill Roberts
3cc48e4de7
tests: add a test for pkg-config files 
Add a test that does some basic validation of the pkg-config files.

Example run:
./tests/scripts/all.sh test_cmake_as_package
<snip>
******************************************************************
* test_cmake_as_package: build: cmake 'as-package' build
* Wed Sep 11 16:22:09 UTC 2024
******************************************************************
cmake .
make
Built against Mbed TLS 3.6.1
testing package config file: mbedtls ... passed
testing package config file: mbedx509 ... passed
testing package config file: mbedcrypto ... passed
make clean

Signed-off-by: Bill Roberts <bill.roberts@arm.com>
 2024-09-11 09:24:20 -07:00
Ronald Cron
ceaee10539 Update framework to the merge of #45 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-09-11 14:53:34 +02:00
Ronald Cron
30916874c5 Update framework 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-09-11 09:42:12 +02:00
Manuel Pégourié-Gonnard
8cd0dfaa32
Merge pull request #9537 from mpg/tickets13-followup 
[3.6] Follow-up to 9507 Disable new session tickets at runtime
 2024-09-10 07:05:29 +00:00
Manuel Pégourié-Gonnard
f59d7b9292
Merge pull request #9493 from yanesca/rsapub_additional_tests 
[3.6] Rsapub additional tests
 2024-09-09 09:36:33 +00:00
Manuel Pégourié-Gonnard
aa80f5380c Use libary default in ssl_client2 for new_session_tickets 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-06 10:06:38 +02:00
Gilles Peskine
d210bf73b2
Merge pull request #9338 from sezrab/analyze_driver_vs_reference_header_correction-3.6 
Backport 3.6:  Fix inconsistent ordering of driver vs reference in analyze_outcomes
 2024-09-05 16:36:02 +00:00
Manuel Pégourié-Gonnard
1116de3ca1 Add guard on internal 1.2-only function 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-04 10:56:08 +02:00
Manuel Pégourié-Gonnard
15fa9ceedd Misc improvements to comments 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-03 10:10:18 +02:00
Manuel Pégourié-Gonnard
33a2918a48
Merge pull request #9390 from eleuzi01/backport-9327 
[Backport 3.6] Remove hacks about asm vs constant-flow testing
 2024-09-03 07:37:07 +00:00
Elena Uziunaite
6496d56329 Make error line consistent with the header 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-02 15:34:02 +01:00
Manuel Pégourié-Gonnard
6cda2cae48
Merge pull request #9509 from eleuzi01/backport-9508 
[Backport 3.6] Fix typo in psa-transition.md
 2024-09-02 10:57:03 +00:00
Manuel Pégourié-Gonnard
9ec6d45e99 Fix code style (for real this time, hopefully) 
For some reason I didn't think about other files in the previous commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:41:05 +02:00
Manuel Pégourié-Gonnard
4bc15d89cb Fix guards on #include 
The rest of the file uses mbedtls_mpi_uint_t unconditionally, so its
definition should also be #include'd unconditionally.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 11:12:09 +02:00
Manuel Pégourié-Gonnard
126cfedba4 Fix code style 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 10:42:46 +02:00
Janos Follath
0a75adcf4e Prepare codepath tests for early termination 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-09-02 10:30:47 +02:00