ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-07-13 11:41:17 +08:00
Code Issues Releases Wiki Activity
32,055 Commits 173 Branches 272 Tags
Commit Graph

32055 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
addf8fc03e Fix ECDSA documentation: blinding is no longer optional 
Since Mbed TLS 3.0, blinding is no longer optional in ECDSA.
`mbedtls_ecdsa_write_signature()` and
`mbedtls_ecdsa_write_signature_restartable()` error out if
`f_rng == NULL`. We forgot to update the function documentation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-05-16 15:00:09 +02:00
Gilles Peskine
c0b357d8b4 ECDSA is a special flower 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-05-16 14:59:42 +02:00
Gilles Peskine
ed10e2ab87 Note functions that store the RNG callback in a context 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-05-16 14:24:50 +02:00
Gilles Peskine
060c70e3ab Reference mbedtls_f_rng_t in public documentation 
In public functions that take `f_rng, p_rng` callbacks, link to the
documentation of the callback which is attached to the type name
`mbedtls_f_rng_t`.

Resolves #5868.

```
grep -l -w 'f_rng)' include | xargs perl -i -pe 's/\Qint (*f_rng)(void *, unsigned char *, size_t)\E/mbedtls_f_rng_t *f_rng/g'
```
and include `platform_util.h` where needed.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-05-16 14:19:38 +02:00
Gilles Peskine
1337d540ad Name and document the type of random generator callbacks 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-05-16 14:12:15 +02:00
Gilles Peskine
ff32e86429
Merge pull request #10170 from yanesca/mbedtls-3.6.3.1-pr 
Mbedtls 3.6.3.1 PR
 2025-05-13 10:19:56 +00:00
Janos Follath
c5848a5704 Merge branch 'mbedtls-3.6.3.1-rc' into mbedtls-3.6.3.1-pr 
This merge was done by the '-s ours' strategy. The only purpose of this
merge is to bring the commit for the 3.6.3.1 release into the
mbedtls-3.6 history and make the CI pass.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2025-05-09 13:03:56 +01:00
Janos Follath
6fb5120fde Remove .gitmodules 
Signed-off-by: Janos Follath <janos.follath@arm.com>
v3.6.3.1 		2025-05-08 16:06:32 +01:00
Gilles Peskine
f0daff971b
Merge pull request #10151 from gilles-peskine-arm/union-initialization-gcc15-preliminaries-3.6 
Backport 3.6: Test with GCC 15
 2025-05-07 14:22:28 +00:00
Gilles Peskine
15bb8e04bf Improve comments 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-30 16:58:00 +02:00
David Horstmann
3bd433d38a
Merge pull request #10150 from gilles-peskine-arm/pylint-check-str-concat-3.6 
Backport 3.6: Pylint: Complain about a missing comma in multiline lists of strings
 2025-04-28 16:53:39 +00:00
Gilles Peskine
88f6ce195e Update framework 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-25 19:06:50 +02:00
Gilles Peskine
df065720da Allow gcc-15 to be in $PATH 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-25 18:59:45 +02:00
Gilles Peskine
2eab9fd92a Enable drivers when testing with GCC 15 
The goal of testing with GCC 15 is to validate fixes for
https://github.com/Mbed-TLS/mbedtls/issues/9814 . The bug is present in
multiple places, and some of them affect third-party drivers but not our
built-in implementation. (The bug is that driver contexts might not be
zero-initialized, but some of our built-in implementations happen not to
care about this.) Thus, enable the test drivers in the test component that
uses GCC 15, to gain the extra checks performed in the driver wrappers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-25 18:59:42 +02:00
Gilles Peskine
bf90dc9c71 GCC 15: Silence -Wunterminated-string-initialization 
This is a new warning in GCC 15 that our code base triggers in many places.
Silence it for the time being.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-25 18:58:33 +02:00
Gilles Peskine
94c1b9a4c3 Test with GCC 15 
Non-regression for https://github.com/Mbed-TLS/mbedtls/issues/9814

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-25 18:57:33 +02:00
Gilles Peskine
451b9ada27 Disable warning from gcc -pedantic on dlsym/dlopen 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-25 18:49:56 +02:00
Gilles Peskine
ebd0888cf0 Move persistent key tests to a separate .data file 
They can cause specific challenges when debugging, so move them out for
maintainers' convenience.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-25 18:48:59 +02:00
Gilles Peskine
f5f15aa9e2 Move concurrent tests to a separate .data file 
They can cause specific challenges when debugging, so move them out for
maintainers' convenience.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-25 18:48:52 +02:00
Gilles Peskine
cdb37812e5 Update obsolete section title 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-25 18:48:36 +02:00
Gilles Peskine
ae18357880
Merge pull request #10138 from XavierChapron/xch/constify-mbedtls_cipher_base_lookup_table-3.6 
Constify cipher_wrap:mbedtls_cipher_base_lookup_table
 2025-04-24 17:49:03 +00:00
Gilles Peskine
cc4649dd7f Complain about a missing comma in multiline lists of strings 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-24 19:37:58 +02:00
Gilles Peskine
0dd76e0470 Prepare framework for pylint check-str-concat-over-line-jumps 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-24 19:37:41 +02:00
Gilles Peskine
84442115ff
Merge pull request #10137 from gilles-peskine-arm/test_suite_ssl-fix-ret-20250408-3.6 
Backport 3.6: Fix uncaught failure conditions in test_suite_ssl
 2025-04-23 16:42:17 +00:00
Gilles Peskine
74383ab137
Merge pull request #10132 from valeriosetti/issue157-3.6 
[3.6] Make demo_common.sh usable on its own
 2025-04-18 11:11:11 +00:00
Valerio Setti
309ca525ac framework: update reference 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-04-18 10:31:28 +02:00
Xavier Chapron
afedef5eea Constify cipher_wrap:mbedtls_cipher_base_lookup_table 
This structure is initialized during the compilation and there is no
reason it changes.
Making it const allows the compiler to put it in .rodata section instead
of .data one.

Signed-off-by: Xavier Chapron <chapron.xavier@gmail.com>
 2025-04-18 09:24:36 +02:00
David Horstmann
e08edcc494
Merge pull request #9469 from mfil/feature/backport36_implement_tls_exporter 
[Backport 3.6] Implement TLS-Exporter
 2025-04-17 14:47:20 +00:00
Gilles Peskine
0e6032dd94 Fix some test helper functions returning 0 on some failures 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-17 10:35:04 +02:00
Gilles Peskine
1ff12810e5 Check the status of mbedtls_ssl_set_hostname() 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-17 10:35:03 +02:00
Max Fillinger
1b0e2e903b Add missing ifdef for mbedtls_ssl_tls13_exporter 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 14:35:24 +02:00
Max Fillinger
40c202461f Add label_len argument to non-PSA tls_prf_generic 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
820e5cc29b Fix dependencies for TLS-Exporter tests 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
0b65a91eea Fix doxygen for MBEDTLS_SSL_KEYING_MATERIAL_EXPORT 
Error was introduced while resolving a merge conflict.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
5122dc6219 Fix mistake in previous comment change 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
7833b18008 Fix HkdfLabel comment 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
529931a34a Allow maximum label length in Hkdf-Expand-Label 
Previously, the length of the label was limited to the maximal length
that would be used in the TLS 1.3 key schedule. With the keying material
exporter, labels of up to 249 bytes may be used.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
6a64f0f171 Exporter: Add min. and max. label tests 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
76bb753054 Fix max. label length in key material exporter 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
97a287953f Document BAD_INPUT_DATA error in key material exporter 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
c361064dee Fix requirements for TLS 1.3 Exporter compat test 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
6f7cf0e402 Use mbedtls_calloc, not regular calloc 
Also fix the allocation size.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
2310c1970b Add fixed compatibility test for TLS 1.3 Exporter 
When testing TLS 1.3, use O_NEXT_CLI.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
e009158d71 Remove exporter compatibility test for TLS 1.3 
The openssl version in the docker image doesn't support TLS 1.3, so we
can't run the test.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
0faf5d19a7 Fix openssl s_client invocation 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:49 +02:00
Max Fillinger
d22493f86b Print names of new tests properly 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:49 +02:00
Max Fillinger
a442aea2be Fix memory leak in example programs 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:49 +02:00
Max Fillinger
9c3a7ba6da ssl-opt.sh: Add tests for keying material export 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:49 +02:00
Max Fillinger
c8f936e746 mbedtls_test_ssl_do_handshake_with_endpoints: Zeroize endpoints 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-04-16 11:24:49 +02:00
Max Fillinger
ede294ea42 Exporter tests: Don't use unavailbable constant 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:49 +02:00