mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 21:40:11 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
27,193 Commits 170 Branches 263 Tags
Commit Graph

2473 Commits

Author SHA1 Message Date
Waleed Elmelegy
7d39cc410c Fix crypt_and_hash decrypt issue when used with stream cipher 
crypt_and_hash decryption fails when used with a stream cipher
mode of operation due to the input not being multiple of block
size, this only applies to block cipher modes and not stream
ciphers.This change exempts CTR, CFB & OFB modes from this check.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-06-09 16:58:23 +01:00
Dave Rodgman
05d71ffe5b Merge remote-tracking branch 'origin/development' into sha3-updated 2023-06-07 18:02:04 +01:00
Andrzej Kurek
0624e460fb Add a guard for IP parsing in cert_req app 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-07 08:54:35 -04:00
Andrzej Kurek
cd17ecfe85 Use better IP parsing in x509 programs 
Remove unnecessary duplicated code.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-07 08:50:05 -04:00
Przemek Stekiel
ff9fcbcace ssl_client2, ssl_server2: code optimization + guards adaptation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:53:40 +02:00
Przemek Stekiel
da4fba64b8 Further code optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel
316c19ef93 Adapt guards, dependencies + optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel
e7db09bede Move FFDH helper functions and macros to more suitable locations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel
6d7da5ee1e Add FFDH support in client2, server2 applications 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Gilles Peskine
84b547b5ee
Merge pull request #7400 from AndrzejKurek/cert-write-sans 
Add a possibility to generate certificates with a Subject Alternative Name
 2023-06-05 15:38:38 +02:00
Andrzej Kurek
f994bc51ad Refactor code in cert_write.c 
This way is more robust.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-02 05:10:17 -04:00
Dave Rodgman
7f97675b64
Merge pull request #5237 from davidhorstmann-arm/demo-out-of-tree 2023-05-19 21:27:24 +01:00
Andrzej Kurek
5eebfb8fd0 Enable escaping ';' in cert_write.c SANs 
This might get used in URIs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-17 15:23:56 -04:00
Andrzej Kurek
446e53d401 Fix a code style issue 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-17 15:23:56 -04:00
Andrzej Kurek
f70f460e5f Fix temporary IP parsing error 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-17 15:23:56 -04:00
Andrzej Kurek
ed557930bb Update ip_string_to_bytes to cert_req version 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-17 15:23:56 -04:00
Andrzej Kurek
5da1d751e9 Add missing memory deallocation 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-17 15:23:56 -04:00
Andrzej Kurek
1bc7df2540 Add documentation and a changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-17 15:23:56 -04:00
Andrzej Kurek
ccdd975286 Add a certificate exercising all supported SAN types 
This will be used for comparison in unit tests.
Add a possibility to write certificates with SAN
in cert_write.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-17 11:45:36 -04:00
Paul Elliott
aba165b58c
Merge pull request #7586 from gilles-peskine-arm/gitignore-objects-at-root 
Ignore *.o everywhere
 2023-05-15 13:57:24 +01:00
Gilles Peskine
8075f76708 Ignore *.o everywhere 
We don't commit *.o files anywhere, not even as test data. So ignore them
everywhere.

This resolves *.o files not being ignored under 3rdparty/p256-m.

Also remove a redundant ignore of *.exe in a subdirectory.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-12 13:58:05 +02:00
Gilles Peskine
1f9d8a43c2 Fuzz programs: print an error if loading the reproducer fails 
The fuzz programs were returning a nonzero status if they failed to load the
reproducer, but that's discreet and not informative. Make them also print an
error message.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-12 13:18:08 +02:00
David Horstmann
4dfa368681 Fix demo scripts for out-of-tree builds 
Allow demo scripts to be run from the build directory for out-of-tree
builds.

If the executable is not found in the source tree then search in the
current directory in case the script is being run from a build
directory.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-05-09 18:30:05 +01:00
Gilles Peskine
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids 
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
 2023-05-08 20:38:29 +02:00
Pol Henarejos
d06c6fc45b
Merge branch 'development' into sha3 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-05-05 16:01:18 +02:00
Dave Rodgman
417c4c8b2c
Merge pull request #5770 from mstorsjo/win32-fallback-timer 
Use QueryPerformanceCounter as fallback timer on non-x86 mingw
 2023-05-05 14:31:41 +01:00
Gilles Peskine
53a9ac576d
Merge pull request #7443 from mprse/psa_init_in_programs 
Init PSA in ssl and x509 programs
 2023-04-28 12:49:11 +02:00
Przemek Stekiel
94cf710edc Revert increase of MEMORY_HEAP_SIZE in ssl_client2 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-24 16:35:40 +02:00
Przemek Stekiel
5346396c48 Fix code-style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-24 09:01:41 +02:00
Przemek Stekiel
758aef60c5 Add guards for mbedtls_psa_crypto_free() 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-24 08:10:01 +02:00
Przemek Stekiel
774f9debf2 Init PSA in fuzz programs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-24 08:07:20 +02:00
Przemek Stekiel
2c1ef0967c Init PSA in pkey programs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-19 10:16:53 +02:00
Przemek Stekiel
a8c560a799 Free psa crypto at the end of programs when initialized 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-19 10:15:26 +02:00
Przemek Stekiel
e296868b25 Remove print from mini_client 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-17 11:11:01 +02:00
Przemek Stekiel
a0a1c1eab5 Move psa_crypto_init() after other init calls 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-17 11:10:05 +02:00
Przemek Stekiel
6260ee9cab cert_app: init entropy unconditionally 
When mbedtls_entropy_free() is called without mbedtls_entropy_init() entropy is uninitialized and contains garbage which may lead to segmentation fault.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-16 22:42:01 +02:00
Przemek Stekiel
89c636e6cf Init PSA in ssl and x509 programs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-16 22:41:52 +02:00
Valerio Setti
d49cbc1493 test: fix remaining failures in test due to the ECP_LIGHT symbol 
Changes in test_suite_psa_crypto are to enforce the dependency
on ECP_C which is mandatory for some key's derivation.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Gilles Peskine
7c1c7ce90e
Merge pull request #7401 from AndrzejKurek/md-guards-missing 
Add missing md.h includes
 2023-04-11 09:32:17 +02:00
Gilles Peskine
c9e8a65d06
Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api 
ssl_cache: misc improvements
 2023-04-11 09:30:40 +02:00
Andrzej Kurek
0af32483f3 Change the format of md.h include comments 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-07 03:10:28 -04:00
Andrzej Kurek
0e03f4c119 Remove unnecessary include 
This is a PSA-based program and psa/crypto.h
is already included.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-06 07:55:25 -04:00
Andrzej Kurek
316b7dd19c Add a justification for early md.h include in programs 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-05 14:44:38 -04:00
Andrzej Kurek
da86e2e5bd Revert to using MBEDTLS_SHA_1_C when mbedtls_sha1 is called directly 
This was mistakingly changed in #7327.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-05 14:39:22 -04:00
Andrzej Kurek
eaea30d30e Remove duplicated md.h includes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-05 14:36:51 -04:00
toth92g
27f9e7815c Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields 
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
Andrzej Kurek
1b75e5f784 Add missing md.h includes 
MBEDTLS_MD_CAN_SHAXXX are defined there.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-04 09:55:06 -04:00
Manuel Pégourié-Gonnard
33783b4646 Manually fix two remaining instances of old macros 
Unless I missed something, all remaining instance of all macros are in
files where it makes sense to use these. I went over the output of:

    git grep -c -E 'MBEDTLS_(MD5|RIPEMD160|SHA[0-9]*)_C'

and I think all the files listed fall into one of the following
acceptable categories:

- documentation and historical documents: Changelog, docs/**/*.md
- config files and related: mbedtls_config.h, configs/*.h,
  check_config.h, config_psa.h, etc.
- scripts that build/modify configs: all.sh, depends.py,
  set_psa_test_dependencies.py, etc.
- implementation of MD or PSA or related: md.h, psa_util.h, etc. and
  corresponding test suites
- implementation of hashes: md5.c, sha256.h, etc. and corresponding test
  suites
- two example programs using a low-level hash API: hash/hello.c,
  pkey/ecdsa.c
- test/benchmark.c, test/selftest.c: actually want our built-in
  implementations
- a function in test_suite_psa_crypto_storage_format that is
  specifically for checking if the hash is built in.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
93302422fd Fix instances of old feature macros being used 
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data

Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
7224086ebc Remove legacy_or_psa.h 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:29:31 +01:00