mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-25 13:43:31 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,275 Commits 173 Branches 267 Tags
Commit Graph

31275 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
fa1d84e102 Update framework to the main branch 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-26 10:18:36 +02:00
Gilles Peskine
f5f90d517f Don't pass the section name to adapters 
We have finished removing the reliance of named configuration on section
names.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-25 14:00:07 +02:00
Gilles Peskine
e5920a4ae8 Change "realfull" to activate everything 
Change "realfull" to activate everything. After investigation, it seems that
having "realfull" not activate everything was a historical oddity due to
proximity with "full", not a goal in itself.

https://github.com/Mbed-TLS/mbedtls/issues/520#issuecomment-727190862
https://github.com/Mbed-TLS/mbedtls/pull/965/files#r523409092

This changes the output of `scripts/config.py realfull`: now all non-boolean
options are uncommented.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-25 14:00:07 +02:00
Gilles Peskine
bfdffc33b3 Change "full" to affect boolean settings rather than use sections 
To get rid on the reliance on sections, change "full" and friends to enable
settings based on whether the setting is boolean, rather than based on the
section it contains.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-25 14:00:07 +02:00
Gilles Peskine
0ff1d984f8 Pass the setting's value to adapters 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-25 14:00:07 +02:00
Gilles Peskine
f0d2eb5828
Merge pull request #9603 from gilles-peskine-arm/test-ref-configs-go-away-3.6 
Backport 3.6: Switch from test-ref-configs.pl to separate components
 2024-09-24 13:00:54 +00:00
Paul Elliott
d8c7eae2cf
Merge pull request #9596 from gilles-peskine-arm/make_generated_files-document_CC-3.6 
Backport 3.6: make_generated_files.bat: document C compiler requirement
 2024-09-24 12:36:28 +00:00
Tom Cosgrove
81163122e4
Merge pull request #9601 from gilles-peskine-arm/use_psa_crypto-key_id_encodes_owner-compatible-config-3.6 
Fix obsolete comment about MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
 2024-09-24 10:44:44 +00:00
Ronald Cron
cbacb065f3
Merge pull request #9511 from gabor-mezei-arm/9325_bp36_move_config.py_to_framework 
[Backport 3.6] Move `config.py` functionalities to the framework
 2024-09-20 16:07:47 +00:00
Gabor Mezei
5a2bcf6f3e
Remove PSA macros usage from adapters 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-20 12:41:24 +02:00
Gilles Peskine
fde24b85ae Remove test-ref-configs.pl, which no longer does anything 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-19 18:57:18 +02:00
Gilles Peskine
ced0edc43e Move config-tfm.h testing to separate all.sh component 
Rename the existing component_test_tfm_config which tests a modified version
of config-tfm.h for the sake of driver-vs-reference comparison.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-19 18:57:11 +02:00
Gilles Peskine
dbd0f424b0 Move config-symmetric-only.h testing to separate all.sh components 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-19 18:57:03 +02:00
Gilles Peskine
e62925f1e6 Move config-thread.h testing to separate all.sh components 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-19 18:56:01 +02:00
Gilles Peskine
e9cd6a7011 Move config-suite-b.h testing to separate all.sh components 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-19 18:55:53 +02:00
Gilles Peskine
9929237537 Move config-ccm-psk-dtls1_2.h testing to separate all.sh components 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-19 18:55:49 +02:00
Gilles Peskine
f3d5019191 Move config-ccm-psk-tls1_2.h testing to separate all.sh components 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-19 18:55:44 +02:00
Gilles Peskine
4d347aa433 Move config-no-entropy.h testing to separate all.sh component 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-19 18:55:08 +02:00
Gilles Peskine
b35ed4565a make: support "make ssl-opt" to just build what ssl-opt.sh needs 
This also suffices for compat.sh.

Include the sample programs in this build. They aren't tested by ssl-opt.sh
yet, but they soon will be.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-19 18:47:04 +02:00
Gilles Peskine
7215b1e9c9 CMake: support "make ssl-opt" to just build what ssl-opt.sh needs 
This also suffices for compat.sh.

Include the sample programs in this build. They aren't tested by ssl-opt.sh
yet, but they soon will be.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-19 18:46:58 +02:00
Gilles Peskine
bb47c7368b CMake: support "make programs" 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-19 18:46:52 +02:00
David Horstmann
04176756d8
Merge pull request #9568 from eleuzi01/issue-9473 
Backport 3.6: Fix incorrect dependencies
 2024-09-19 13:53:21 +00:00
Gilles Peskine
3415dc828e Fix obsolete comment about MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER 
MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER has been compatible with
MBEDTLS_USE_PSA_CRYPTO since https://github.com/Mbed-TLS/mbedtls/pull/5380.
We still don't want to enable it in the full config because it's a behavior
change, even an interface change.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-19 13:45:39 +02:00
Gabor Mezei
bf1c8f9d29
Update framework 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 13:01:06 +02:00
Gabor Mezei
76f147d597
Remove unused CombinedConfig class 
In 3.6 `MbedTLSConfig` is used instead of `ConbinedConfig` due to keep compatibility

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 13:01:06 +02:00
Gabor Mezei
6f90e79ae5
Update old class names 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:59 +02:00
Gabor Mezei
1a0bd776b2
Use MbedTLSConfig for config handling to keep campatibility 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:59 +02:00
Gabor Mezei
8b54f0e7e8
Apply the parameter change 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:59 +02:00
Gabor Mezei
d72c9f9401
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:59 +02:00
Gabor Mezei
2285ed8282
Update member variable names 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:59 +02:00
Gabor Mezei
3ae480ba7d
Fix documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:58 +02:00
Gabor Mezei
634103c9f9
Update config.py to use config_common.py from the framework 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-09-19 10:51:58 +02:00
Gilles Peskine
83af88306d Document the C compiler requirement 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-18 14:17:14 +02:00
Gilles Peskine
605bc16e67 Make the file a bit more readable 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-18 14:17:13 +02:00
Elena Uziunaite
6a229f926e Remove some dependencies 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-17 16:06:18 +01:00
Elena Uziunaite
db0ed75c0f Add PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-17 15:45:19 +01:00
Elena Uziunaite
47a9b3d5a5 Replace MBEDTLS_PK_CAN_ECDSA_SOME with MBEDTLS_PK_CAN_ECDSA_SIGN 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-16 14:25:38 +01:00
Elena Uziunaite
fbab4f88dc Add missing ALG_SHA_1 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-16 12:34:11 +01:00
Gilles Peskine
26fc0390c9
Merge pull request #9498 from minosgalanakis/bugfix/return_early_in_ccm_star_bp36 
[Backport 3.6] ccm.c: Return early when ccm* is used without tag.
 2024-09-13 09:35:12 +00:00
Gilles Peskine
78b1362b42
Merge pull request #9546 from gilles-peskine-arm/ssl-opt-psk-detection-3.6 
[3.6] ssl-opt: improve PSK mode detection
 2024-09-13 09:35:07 +00:00
Gilles Peskine
cfbaffdfcc requires_certificate_authentication: prioritize TLS 1.3 
When checking whether the build supports certificate authentication, check
the key exchange modes enabled in the default protocol version. This is TLS
1.3 when it's enabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
d57212ee9e Documentation improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
19c60d262b Fix detection of TLS 1.2 PSK-ephemeral key exchange modes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
5838a64bff Improve some comments 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
4c1347c1e8 Remove unused auth_mode parameter on a PSK test case 
It was causing the test case to be incorrectly skipped as needing
certificate authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
07e24e9ac3 Fix weirdly quoted invocations of requires_any_configs_enabled 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
d98b363bec Also activate PSK-only mode when PSK-ephemeral key exchanges are available 
The point of PSK-only mode is to transform certificate-based command lines
into PSK-based command lines, when the certificates are not relevant to what
is being tested. So it makes sense to do that in with PSK-ephemeral key
exchanges too.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
0a9f9d6f4f Unify the two requires-key-exchange-with-certificate function 
requires_certificate_authentication was called in more places, but did not
do fine-grained analysis of key exchanges and so gave the wrong results in
some builds.

requires_key_exchange_with_cert_in_tls12_or_tls13_enabled gave the correct
result but was only used in some test cases, not in the automatic detection
code.

Remove all uses of requires_key_exchange_with_cert_in_tls12_or_tls13_enabled
because they are in fact covered by automated detection that calls
requires_certificate_authentication.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
bbdc1a3575 Detect PSK-only mode in TLS 1.3 as well 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00
Gilles Peskine
5c766dcb01 Fix PSK-only mode doing less than it should 
Don't add a certificate requirement when PSK is enabled.

Do command line requirement detection after the injection of PSK into the
command line in PSK-only mode. Otherwise certificate requirements would be
added even in PSK-only mode.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-09-13 09:49:04 +02:00