mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-17 02:43:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
29,777 Commits 172 Branches 267 Tags
Commit Graph

29777 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ronald Cron
e1295fabaf tests: ssl: early data: Fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 17:05:27 +01:00
Ronald Cron
52472104a2 tests: suite: early data: Add comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
4facb0a9cd tests: ssl: Improve early data test code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
1a13e2f43e tests: ssl: Improve test code for very small max_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
db944a7863 ssl_msg.c: Fix log position 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:50:58 +01:00
Ronald Cron
93795f2639 tls13: Improve comment about cast to uint32_t 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-07 09:57:07 +01:00
Ronald Cron
2e7dfd5181 tls13: Remove unnecessary cast from size_t to uint32_t 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-05 13:48:11 +01:00
Ronald Cron
e93cd1b580 tests: ssl: Free write/read test buffers 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 19:30:00 +01:00
Ronald Cron
fcbf776d06 tests: ssl: Restore write_early_data test function 
For negative testing of early data (tests
related to max_early_data_size in this PR), restore
the test function to write early data that was
first introduced to be able to test the reading
of early data with the writing part and was
removed (as not used anymore) by the PR 8760.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 10:00:47 +01:00
Ronald Cron
25ad10a920 tests: ssl: Improve tls13_srv_max_early_data_size() 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
19bfe0a631 tls13: Rename early_data_count to total_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
70eab45ba6 tls13: generic: Fix log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
dc81b7343f tests: srv max early data size: Add reach_max test arg 
Add the reach_max flag argument for the
test13_srv_max_early_data_size test
function. Non zero value only valid in case
of TEST_EARLY_DATA_ACCEPTED scenario.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
01d273d31f Enforce maximum size of early data in case of HRR 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
919e596c05 Enforce maximum size of early data when rejected 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
2160bfe4e2 tests: ssl: Test enforcement of maximum early data size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
8571804382 tls13: srv: Enforce maximum size of early data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:09 +01:00
Ronald Cron
c286519747 tls13: srv: Do not forget to include max_early_data_size in the ticket 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:03:51 +01:00
Ronald Cron
26a9811027 ssl: Add early_data_count field 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:03:51 +01:00
Ronald Cron
5d3036e6d5 tests: ssl: Add max_early_data_size option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:03:51 +01:00
Ronald Cron
9b4e964c2c
Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data 
TLS 1.3: Add mbedtls_ssl_write_early_data() API
 2024-02-29 14:31:55 +00:00
Manuel Pégourié-Gonnard
7f523bf9eb
Merge pull request #8845 from gilles-peskine-arm/ecp-write-doc-3.6 
Document ECP write functions
 2024-02-28 11:04:38 +00:00
Dave Rodgman
09e6fb42eb
Merge pull request #8865 from daverodgman/iar-fixes-feb27 
Add missing casts to fix IAR warnings
 2024-02-27 14:41:53 +00:00
Manuel Pégourié-Gonnard
5b5faf0898
Merge pull request #8844 from davidhorstmann-arm/restore-x509-functions-to-public 
Restore some X509 functions to public headers
 2024-02-27 10:55:16 +00:00
Dave Rodgman
6a3da2d5ed Add missing casts 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-27 10:41:53 +00:00
Tom Cosgrove
ca21b241bd
Merge pull request #8840 from gilles-peskine-arm/domain_parameters-remove 
Remove domain parameters
 2024-02-27 10:36:51 +00:00
Gilles Peskine
e22f6a9610 Finish cleaning up override that's no longer needed 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 16:57:31 +01:00
Gilles Peskine
97c0b2f393 Remove domain parameters from psa_key_attributes_t 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 16:57:30 +01:00
David Horstmann
ef950ccb1d Un-unrestore mbedtls_x509_string_to_names() 
Re-restore mbedtls_x509_string_to_names() to public as our example
programs use it, and it is the reverse of mbedtls_x509_dn_gets().

Add a docstring, so that it is a properly documented public function.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-26 13:59:43 +00:00
Tom Cosgrove
f4a200f106
Merge pull request #8838 from paul-elliott-arm/improve_test_data_accessors 
Improve test info data accessors
 2024-02-26 11:22:20 +00:00
Gilles Peskine
ae5eb64705 Remove domain parameters from the public API 
Only leave deprecated, minimal non-linkable functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 08:50:53 +01:00
Gilles Peskine
bb6f3ff394 Rename variables 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 08:50:53 +01:00
Gilles Peskine
4c32b69f37 Ignore domain parameters in RSA key generation 
Remove the ability to select a custom public exponent via domain parameters
in RSA key generation. The only way to select a custom public exponent is
now to pass custom production parameters to psa_generate_key_ext().

A subsequent commit will remove domain parameters altogether from the API,
thus this commit does not bother to update the documentation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 08:50:38 +01:00
Gilles Peskine
6a2c400b8c typo 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-26 08:34:06 +01:00
Gilles Peskine
0f63028809
Merge pull request #8815 from gilles-peskine-arm/psa_generate_key_ext-prototype 
Introduce psa_generate_key_ext
 2024-02-26 07:16:49 +00:00
Paul Elliott
9011dae0c1 Improve documentation / comments 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-02-24 10:57:22 +00:00
Paul Elliott
665cf928d9
Merge pull request #8856 from Ryan-Everett-arm/threadsafe-openkey 
Make psa_open_key threadsafe
 2024-02-24 10:29:57 +00:00
Paul Elliott
5a4a6e44ef
Merge pull request #8833 from Ryan-Everett-arm/threadsafe-multiparts 
Make multi-part operations thread-safe
 2024-02-24 10:29:20 +00:00
Tom Cosgrove
817772a6ca
Merge pull request #8716 from mschulz-at-hilscher/feature/gcm_largetable 
Use large GCM tables
 2024-02-23 16:25:38 +00:00
Manuel Pégourié-Gonnard
81c322329e
Merge pull request #8855 from gilles-peskine-arm/benchmark-ecdh-no-legacy 
Remove most uses of MBEDTLS_ALLOW_PRIVATE_ACCESS in test programs
 2024-02-23 09:16:46 +00:00
Gilles Peskine
7f72a06e02 Remove cruft 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 18:41:25 +01:00
Gilles Peskine
f6eb0b8ab0 Changelog entry for benchmark improvement 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 18:40:10 +01:00
Manuel Pégourié-Gonnard
dd9cbf99c2 Benchmark only one side of ECDH, both static and ephemeral 
Static ECDH is of interest to us as developers because it's a generic
scalar multiplication (as opposed to using the standard base point) and
it's useful to have that handy.

For reference the other operations of interest to developers are:
- multiplication of the conventional base point: ECDSA signing is almost
exactly that (just a few field ops on top, notably 1 inversion);
- linear combination: ECDSA verification is almost exactly that too.

Including ephemeral as well, because it's hopefully what's of interest
to most users.

Compared to the previous version, include only one side of the
operations. I don't think including both sides is of interest to anyone.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-02-22 12:29:06 +01:00
Ronald Cron
dcb09ca6df tests: write early data: Improve get_early_data_status testing 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-22 12:22:59 +01:00
Ronald Cron
f19989da31 tls13: Improve sanity check in get_early_data_status 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-22 12:22:53 +01:00
Gilles Peskine
74589ba31c ssl_context_info: explicitly note accesses to private fields 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:12:01 +01:00
Gilles Peskine
72da8b3521 Don't authorize private access to fields where not actually needed 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:07:29 +01:00
Gilles Peskine
abf0be392a fuzz_dtlsserver: explicitly note the one access to a private field 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:07:09 +01:00
Gilles Peskine
d5f68976e8 fuzz_pubkey, fuzz_privkey: no real need to access private fields 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-22 12:05:35 +01:00
Ronald Cron
8f1de7e029 tls13: Improve documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-22 12:02:39 +01:00