mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-09 03:04:24 +02:00

Author	SHA1	Message	Date
Gilles Peskine	137e0c1a02	Merge pull request #8761 from valeriosetti/issue4681 Re-introduce enum-like checks from CHECK_PARAMS	2024-02-06 17:29:38 +00:00
Gilles Peskine	fb7001f15b	Merge pull request #8738 from gilles-peskine-arm/pk_import_into_psa-use_usage Implement mbedtls_pk_get_psa_attributes	2024-02-06 17:28:54 +00:00
David Horstmann	b8dc2453f1	Update buffer start and length in multipart test This fixes a test failure in which the buffer was not properly filled. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 17:03:13 +00:00
David Horstmann	30a61f2ec8	Add testcase to fail multipart cipher tests Encrypt more than 2 blocks of data, causing both update() calls to output data as well as the call to finish(). This exposes a test bug where the pointer to a buffer is not updated as it is filled with data. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 16:55:19 +00:00
Ryan Everett	a76a0011ab	Remove mutex calls in psa_wipe_all_key_slots Code size and code style improvement, these calls aren't needed. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-02-06 16:45:54 +00:00
Valerio Setti	1810fd9ac8	add changelog Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-06 17:03:32 +01:00
Valerio Setti	bb76f80218	pk_wrap: use proper raw buffer length in ecdsa_sign_psa() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-06 16:57:23 +01:00
Valerio Setti	cf81f69977	psa_util: smarter raw length check in mbedtls_ecdsa_raw_to_der() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-06 16:57:12 +01:00
Dave Rodgman	91d5fde944	Merge pull request #8745 from adeaarm/trail_key_id_field Put the id field at the end of the psa_key_attributes_s structure	2024-02-06 15:55:56 +00:00
Valerio Setti	6269f3baf4	Revert "psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()" This reverts commit `d4fc5d9d1c`. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-06 16:55:18 +01:00
Ronald Cron	2261ab298f	tests: early data status: Add HRR scenario Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Ronald Cron	d6dba675b8	tests: early data status: Add "server rejects" scenario Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Ronald Cron	265273e8b3	tests: early data status: Add "not sent" scenario Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Ronald Cron	5c208d7daf	tests: ssl: Add scenario param to early data status testing function Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Ronald Cron	a7f94e49a8	tests: ssl: Add early data status unit test Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Ronald Cron	90e223364c	tls13: cli: Refine early data status The main purpose of the change is to know from the status, at any point in the handshake, if early data can be sent or not and why. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Ronald Cron	fe59ff794d	tls13: Send dummy CCS only once Fix cases where the client was sending two CCS, no harm but better to send only one. Prevent to send even more CCS when early data are involved without having to add conditional state transitions. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Ronald Cron	bfcdc069ef	tests: ssl: Use get TLS 1.3 ticket helper for early data test Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Ronald Cron	1f6e4e4a49	tests: ssl: Add helper function to get a TLS 1.3 ticket Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Ronald Cron	ced99be007	tests: ssl: Add early data handshake option Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Ronald Cron	b4ad3e750b	tests: ssl: First reset to all zeroes options in init Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Ronald Cron	fb53647b0b	tests: ssl: Move group list to options Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Valerio Setti	2b6a7b37f4	suite_psa_crypto_util: use 521 bits data and bit-size instead of 528 Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-06 16:21:44 +01:00
Paul Elliott	79e2e5d2d0	Add comment to set/increment step functions These functions are thread safe, but using them from within multiple threads at the same time may not have the intended effect, given order cannot be guaranteed. Also, standardise header comment formatting. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-02-06 15:10:03 +00:00
Dave Rodgman	e093281a8b	Pacify check-names Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 15:00:58 +00:00
Valerio Setti	94c5806a64	suite_psa_crypto_util: make ecdsa_raw_to_der_incremental() more readable Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-06 15:49:06 +01:00
Dave Rodgman	d09f96b829	Improve docs Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 13:51:58 +00:00
Valerio Setti	eae7fce829	add changelog Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-06 14:40:59 +01:00
David Horstmann	86e6fe0cce	Generate poisoning wrappers for AEAD Modify wrapper generation script to generate poisoning calls and regenerate wrappers. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	18dc032fb4	Prevent unused warnings in psa_aead_set_nonce() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	e000a0aedf	Add buffer copying to psa_aead_verify() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	6db0e73dc4	Add buffer copying to psa_aead_finish() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	2914fac28a	Add buffer copying to psa_aead_update() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	25dac6edc1	Add buffer copying to psa_aead_update_ad() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	fed23777f3	Refactor: Use wrapper around internal set_nonce() * Rename psa_aead_set_nonce() to psa_aead_set_nonce_internal() * Recreate psa_aead_set_nonce() as a wrapper that copies buffers before calling the internal function. This is because psa_aead_set_nonce() is currently called by psa_aead_generate_nonce(). Refactoring this to call the static internal function avoids an extra set of buffer copies as well as simplifying future memory poisoning testing. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	8f0ef519d4	Add buffer copying to psa_aead_set_nonce() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	52402ec0fe	Fix bug in PSA AEAD test Resize buffer used to hold the nonce to twice the maximum nonce size. Some test cases were requesting more than the maximum nonce size without actually having backing space. This caused a buffer overflow when PSA buffer-copying code was added. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	d3cad8b017	Add buffer copying to psa_aead_generate_nonce() Note that this is not strictly necessary as this function only copies to the output buffer at the end. However, it simplifies testing for the time being. Future optimisation work could consider removing this copying. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:02 +00:00
David Horstmann	7f2e040a9b	Add buffer copying to psa_aead_decrypt() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:39:00 +00:00
David Horstmann	9d09a020c9	Copy buffers in psa_aead_encrypt() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-06 13:38:20 +00:00
Dave Rodgman	22b934e6d2	Use struct not union Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 13:16:13 +00:00
Dave Rodgman	f4e8234f93	Improve docs Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 13:16:13 +00:00
Manuel Pégourié-Gonnard	5c9cc0b30f	Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected TLS 1.3: SRV: Ignore early data when rejected	2024-02-06 13:16:03 +00:00
Dave Rodgman	ec9936d122	Improve gcc guards Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 13:04:09 +00:00
Paul Elliott	f20728ee49	Fix missed case for removing accessor Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-02-06 12:49:45 +00:00
Dave Rodgman	b327a1e706	Change unaligned access method for old gcc gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94662 shows that __attribute__ aligned may be ignored. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-06 11:32:01 +00:00
Ronald Cron	d0a772740e	tests: early data: Complete the handshake Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 11:15:48 +01:00
Gilles Peskine	735ac3ec05	Fix builds with secp224k1 as the only curve Normally, if an elliptic curve is enabled in the legacy API then it's also enabled in the PSA API. In particular, if the legacy API has at least one curve then that curve also works with PSA. There is an exception with secp224k1 which PSA does not support. In a build with secp224k1 as the only legacy curve, MBEDTLS_PK_HAVE_ECC_KEYS is enabled (because you can use the curve through PK) but PSA does not support any elliptic curve, so we can't run PK-PSA bridge tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-06 11:11:32 +01:00
Chien Wong	4e9683e818	Reduce many unnecessary static memory consumption .data section of ssl_client1 becomes 320 bytes smaller on AMD64. Signed-off-by: Chien Wong <m@xv97.com>	2024-02-06 17:50:44 +08:00
Valerio Setti	c213a2e1e5	adjust_legacy_from_psa: use groups instead of curves for DH Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-06 10:49:14 +01:00

... 17 18 19 20 21 ...

30672 Commits