TeamHepta/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-04-10 14:23:42 +02:00
Code Issues Packages Projects Releases Wiki Activity
18,053 Commits 179 Branches 280 Tags
7fb6fc60cef3d07d772944d7d604e45e9a233b3e
Commit Graph

4568 Commits

Author SHA1 Message Date
Pengyu Lv
7fb6fc60ce padlock: introduce MBEDTLS_VIA_PADLOCK_HAVE_CODE 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-09-14 14:02:02 +08:00
Pengyu Lv
e707dc1bb5 aesni: refine the condition of MBEDTLS_HAVE_X86_64 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-09-13 18:10:41 +08:00
Pengyu Lv
dc5a88b6a4 aesni: make AESNI only operate on X86 and X86_64 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-09-13 18:10:41 +08:00
Pengyu Lv
5a0915953a aesni: define MBEDTLS_HAVE_X86 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-09-13 18:10:25 +08:00
Gilles Peskine
937b91eb6f Fix boolean options in the wrong section 
Boolean options that modify the behavior of a module are supposed to be in
the "feature support" section, not in the "configuration options" support:
that section is documented to contain commented-out definitions with a
value, for which the comment contains the default version. In particular,
merely uncommenting a definition in the "configuration options" section is
not supposed to change anything.

Move the offending boolean options to the proper section.

This causes those options to be enabled by `config.py full` unless
explicitly excluded. For the moved options:

* Everest is already explicitly excluded.
* The ALT options need to link against a custom function, so exclude them.
* `MBEDTLS_TLS_DEFAULT_ALLOW_SHA1_IN_KEY_EXCHANGE` is ok for testing, and is
  currently never tested in `all.sh`. With this commit, we will now test the
  library with it enabled in configurations based on `full`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-07 17:40:16 +02:00
Tom Cosgrove
5c46332184 Merge pull request #8146 from tom-cosgrove-arm/define-psa-macros-to-1-2.28 
Backport 2.28: Define all PSA_xxx macros to 1 rather than have them empty, for consistency
 2023-09-04 22:26:54 +01:00
Tom Cosgrove
95b5d79cbf Move the description of MBEDTLS_TEST_DEFINES_ZEROIZE to before its use 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-01 14:44:09 +01:00
Tom Cosgrove
7f18f44053 Move zeroize-as-memset into a config file under tests/ 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-01 14:43:48 +01:00
Tom Cosgrove
73285cc075 Define all PSA_xxx macros to 1 rather than have them empty, for consistency 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-01 13:07:39 +01:00
Tom Cosgrove
43210b56f3 Add the ability to verify mbedtls_platform_zeroize() calls with -Wsizeof-pointer-memaccess 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-09-01 11:24:27 +01:00
Gilles Peskine
9471815dd3 Merge pull request #7828 from davidhorstmann-arm/2.28-reword-net-free-description-2544 
[Backport 2.28] Reword the description of `mbedtls_net_free()`
 2023-08-21 21:17:14 +00:00
Gilles Peskine
7fbbb61238 Merge remote-tracking branch 'mbedtls-2.28' into calloc-also-zeroizes-2-28 2023-08-21 17:25:47 +02:00
Chien Wong
8aa8d78ed9 Add potential missing inline definition 
Signed-off-by: Chien Wong <m@xv97.com>
 2023-08-10 12:24:43 +08:00
Chien Wong
12f6f28e15 Improve doc on special use of A in ecp group structure 
Signed-off-by: Chien Wong <m@xv97.com>
 2023-08-09 22:15:14 +08:00
Gilles Peskine
b438348774 Merge pull request #8010 from marekjansta/fix-x509-ec-algorithm-identifier-2.28 
Backport 2.28: Fixed x509 certificate generation to conform to RFCs when using ECC key
 2023-08-07 19:14:52 +00:00
Dave Rodgman
403ce0a6cc Bump version numbers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-02 15:35:45 +01:00
Marek Jansta
0a6743b2de Fixed AlgorithmIdentifier parameters when used with ECDSA signature algorithm in x509 certificate 
Signed-off-by: Marek Jansta <jansta@2n.cz>
 2023-07-31 17:33:23 +02:00
Marek Jansta
f5257c06d1 Cherry picked required prerequisites from dev branch, git hash 0167244b 
Signed-off-by: Marek Jansta <jansta@2n.cz>
 2023-07-31 17:33:16 +02:00
Gilles Peskine
e5507d5f20 Fix empty union when TLS is disabled 
When all TLS 1.2 support is disabled, union mbedtls_ssl_premaster_secret was
empty, which is not valid C even if the union is never used. Fixes #6628.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-26 17:22:04 +02:00
Andrzej Kurek
3f87d63c71 Improve the documentation of MBEDTLS_PLATFORM_MEMORY 
Introduce requests from review comments.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-14 10:22:34 -04:00
Andrzej Kurek
33b1222c88 Enable certain documented defines only when generating doxygen 
Avoid an "unrecognized define" error.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-14 10:14:29 -04:00
Andrzej Kurek
8ca66a0795 Add an mbedtls_calloc(SIZE_MAX/2, SIZE_MAX/2) test 
It should return NULL and not a valid pointer.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-14 10:13:26 -04:00
Andrzej Kurek
c83d49ebc2 Add a description of how mbedtls_calloc is determined 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-14 09:58:17 -04:00
Andrzej Kurek
ba16859cc6 Documentation and cosmetic fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-14 09:56:02 -04:00
Andrzej Kurek
dc11cd1668 Extend mbedtls_calloc and mbedtls_free documentation 
Co-authored-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-14 09:47:05 -04:00
Andrzej Kurek
db54dbdc56 Fix \p misuses in documentation 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-14 05:35:38 -04:00
Andrzej Kurek
532ec20983 doxygen: \p commands misuse - review comments 
Apply comments suggested in review.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-14 05:29:33 -04:00
Andrzej Kurek
c00fb7f379 doxygen: fix parameter name typos and misused \p commands 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-14 05:29:20 -04:00
Andrzej Kurek
0cbfbd96c1 doxygen: fix misused \p commands in rsa.h 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-14 05:22:57 -04:00
Andrzej Kurek
96ce1b04ea doxygen: fix parameter name typos and misused \p commands 
\p is reserved for function parameters.
\c is used to describe other values and variables.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-14 05:22:42 -04:00
Andrzej Kurek
a490042f1c Fix documentation - parameter name mistakes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-13 10:16:08 -04:00
Andrzej Kurek
a3d315a216 doxygen: remove unnecessary description 
Due to the nature of CTR, there is no mode parameter.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-07-13 10:15:02 -04:00
David Horstmann
4184e5c926 Move clarification to a separate note 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-27 12:22:00 +01:00
David Horstmann
0e93877b66 Reword the description of mbedtls_net_free() 
This makes it clearer that the context itself is not being freed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-23 23:24:46 +01:00
Dave Rodgman
763c8b96cc Fix armclang compile fail 
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
 2023-06-05 21:24:57 -04:00
Aaron M. Ucko
82e06cb7bc mbedtls/platform.h: Avoid potential macro redefinition warnings. 
Some identifiers (e.g. mbedtls_free) can name either functions or
macros depending on configuration settings.  For those that turn out
to name macros, first clear out any existing macro definitions to
accommodate possible unconditional bulk symbol renaming.  (There
remains no standard provision for such renaming, but it's nevertheless
straightforward enough to do as desired, particularly with this change
in place.)

Signed-off-by: Aaron M. Ucko <ucko@ncbi.nlm.nih.gov>
 2023-05-22 10:07:17 -04:00
Fredrik Hesse
5b673a828d Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments. 
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
 2023-05-15 15:27:54 +01:00
Andrzej Kurek
97cbff7c0d Add a test for calloc zeroization 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-25 05:51:34 -04:00
Andrzej Kurek
a242c757c2 Document mbedtls_calloc zeroization 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-25 05:23:10 -04:00
Dave Rodgman
87af9c38d6 Merge pull request #7310 from Mbed-TLS/2.28-sphinx-versioned-documentation 
[Backport 2.28] Generate API documentation with Sphinx and Breathe
 2023-03-29 14:43:08 +01:00
Dave Rodgman
e4f1aac0fd Bump version to 2.28.3 
Command used: ./scripts/bump_version.sh --version 2.28.3

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-23 18:06:54 +00:00
Tom Cosgrove
779199faac Document that MBEDTLS_AESNI_HAVE_INTRINSICS and MBEDTLS_AESNI_HAVE_CODE are internal 
macros, despite appearing in a public header file.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-17 17:16:53 +00:00
Gilles Peskine
9494a99c2f Fix preprocessor conditional 
This was intended as an if-else-if chain. Make it so.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-17 16:36:05 +00:00
Gilles Peskine
3efd3149f8 Finish sentence in comment 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-17 16:35:54 +00:00
Gilles Peskine
e5038c666e Document the new state of AESNI support 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-17 16:32:01 +00:00
Gilles Peskine
6dec541e68 AESNI: Overhaul implementation selection 
Have clearly separated code to:
* determine whether the assembly-based implementation is available;
* determine whether the intrinsics-based implementation is available;
* select one of the available implementations if any.

Now MBEDTLS_AESNI_HAVE_CODE can be the single interface for aes.c and
aesni.c to determine which AESNI is built.

Change the implementation selection: now, if both implementations are
available, always prefer assembly. Before, the intrinsics were used if
available. This preference is to minimize disruption, and will likely
be revised in a later minor release.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-17 16:31:59 +00:00
Gilles Peskine
3ba81d3217 Remove the dependency of MBEDTLS_AESNI_C on MBEDTLS_HAVE_ASM 
AESNI can now be implemented with intrinsics.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-17 16:31:55 +00:00
Gilles Peskine
5511a34566 New preprocessor symbol indicating that AESNI support is present 
The configuration symbol MBEDTLS_AESNI_C requests AESNI support, but it is
ignored if the platform doesn't have AESNI. This allows keeping
MBEDTLS_AESNI_C enabled (as it is in the default build) when building for
platforms other than x86_64, or when MBEDTLS_HAVE_ASM is disabled.

To facilitate maintenance, always use the symbol MBEDTLS_AESNI_HAVE_CODE to
answer the question "can I call mbedtls_aesni_xxx functions?", rather than
repeating the check `defined(MBEDTLS_AESNI_C) && ...`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-17 16:31:12 +00:00
David Horstmann
c9d8c3305d Add space to appease doxygen bug 
See doxygen/doxygen#8706

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-03-17 13:59:10 +00:00
Dave Rodgman
362142f6d3 Merge pull request #7223 from gilles-peskine-arm/doc-tls13-psa_crypto_init-2.28 
2.28: Document the need to call psa_crypto_init() with USE_PSA_CRYPTO
 2023-03-09 15:44:39 +00:00