ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-06-13 01:46:00 +08:00
Code Issues Releases Wiki Activity
15,889 Commits 172 Branches 268 Tags
Commit Graph

15889 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
defdc3bc53 SECP224K1 is not yet supported via the PSA API 
Filed as https://github.com/ARMmbed/mbedtls/issues/3541. In the
meantime, disable the ssl-opt.sh test case that uses it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-03-23 13:59:58 +01:00
Gilles Peskine
a1684f42d3 PSA: Reject curves that are not enabled in the PSA configuration 
If an elliptic curve was enabled in the Mbed TLS classic API (#define
MBEDTLS_ECP_DP_xxx), but not enabled in the PSA configuration (#define
PSA_WANT_ECC_xxx), it would still work if you tried to use it through
PSA.

This is generally benign, but could be a security issue if you want to
disable a curve in PSA for some security reason (such as a known bug
in its implementation, which may not matter in the classic API if Mbed
TLS is running in a secure enclave and is only reachable from
untrusted callers through the PSA API). More urgently, this broke
test_suite_psa_crypto_not_supported.generated.

So if a curve is not enabled in the PSA configuration, ensure that
it's treated as unsupported through the PSA software implementation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-03-23 13:12:34 +01:00
Gilles Peskine
398413024d SECP224K1 is not yet supported via the PSA API 
Filed as https://github.com/ARMmbed/mbedtls/issues/3541. In the
meantime, disable the feature.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-03-23 12:06:45 +01:00
Gilles Peskine
8276986c3e Curve448 is not yet supported via the PSA API 
Filed as https://github.com/ARMmbed/mbedtls/issues/4249. In the
meantime, disable the feature.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-03-23 12:06:16 +01:00
Ronald Cron
63c3dc9395
Merge pull request #4158 from d3zd3z/pr/psa-config-ec 
Create PSA configs for ECC curves
 2021-03-22 17:35:04 +01:00
Gilles Peskine
01196d0464
Merge pull request #4214 from gilles-peskine-arm/psa-storage-format-test-types 
PSA storage format test case generator
 2021-03-22 12:16:17 +01:00
Chris Jones
8d2bc90b4e Add changelog entry for alt implementors 
Files available for use by alt implementations have been moved and renamed
so alt implementators should be told about the changes specific to them.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
 2021-03-19 15:17:23 +00:00
Chris Jones
d02f4c2e44 Reword move_internal_headers changelog entry 
Reword the changelog entry to tailor it for users of the library as
opposed to developers of the library.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
 2021-03-19 15:15:18 +00:00
Mateusz Starzyk
a2d16b39bc Remove certs.h includes from test applications. 
Tests should no longer consider certs.h as a part of public API.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-19 12:49:41 +01:00
Ronald Cron
5cb08a8e61
Merge pull request #4202 from paul-elliott-arm/changelog_linelength_enforcement 
Make assemble changelog script enforce line length
 2021-03-19 12:26:31 +01:00
Paul Elliott
d75773e941 Pythonify and fix reported line number 
Use enumerate to give the line number and use the correct offset to
actually calculate it.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-03-18 18:09:34 +00:00
Gilles Peskine
d08e538fa5
Merge pull request #4157 from stevew817/dispatch_hash_operations 
Dispatch hash operations through the driver wrapper layer
 2021-03-17 21:50:00 +01:00
Maulik Patel
3240c9d2ec Update tests for other invalid key operations. 
Update expected return values of psa_get_key_attributes(),
psa_export_key() and other key api(s) to PSA_ERROR_INVALID_HANDLE
for invalid key.

Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
 2021-03-17 16:11:05 +00:00
Maulik Patel
02a1750098 Update tests for psa_close_key for invalid key. 
Update expected return values of psa_close_key() to
PSA_ERROR_INVALID_HANDLE for invalid key handle operations.

Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
 2021-03-17 15:05:13 +00:00
Maulik Patel
f65ad8ccc1 Update psa_open_key tests for invalid key. 
Update expected return values of psa_open_key() to
PSA_ERROR_DOES_NOT_EXIST for invalid key handle operations.

Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
 2021-03-17 14:55:45 +00:00
Maulik Patel
c1bfcdda58 Fix:4162 Return correct error type for invalid key 
Return PSA_ERROR_INVALID_HANDLE instead of
PSA_ERROR_DOES_NOT_EXIST if invalid key is passed for some key
operations.

Signed-off-by: Maulik  Patel <Maulik.Patel@arm.com>
 2021-03-17 13:41:07 +00:00
Gilles Peskine
6cc510ea89
Merge pull request #4075 from rrlapointe/dtls_demo_use_read_timeout 
Actually use the READ_TIMEOUT_MS in the example DTLS client and server
 2021-03-17 14:39:50 +01:00
Paul Elliott
2065a8d8af Reduce level of -Wformat-truncation 
Reduce level of format truncation warnings due to issues with false
positives (an unknown size buffer is always treated as size 1)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-03-17 13:12:22 +00:00
Paul Elliott
29b641688d Fix printf format issue in programs 
Fix issues that were missed as part of previous printf attribute
cleanup

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-03-17 13:08:10 +00:00
Gilles Peskine
0e7b6ebb64 Fix typos in comments 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-03-17 13:46:59 +01:00
TRodziewicz
782a7eab14 ecjpake_zkp_read() now returns ...BAD_INPUT_DATA when r len == 0 and test follows that 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-03-17 11:36:31 +01:00
Ronald Cron
da3da94373
Merge pull request #4210 from gilles-peskine-arm/crypto_values-param-names 
Fix parameter names after \p in include/psa
 2021-03-17 10:17:18 +01:00
Gilles Peskine
d86bc52d78 Cover encodings of algorithms without parameters 
Generate test cases for all algorithms without parameters. Only the encoding
of the algorithm in the key metadata is covered: the test keys are not of a
type that permits the algorithm to be used in an operation.

This commit only covers algorithms without parameters. A subsequent commit
will generate algorithms with parameters.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-03-16 22:29:12 +01:00
David Brown
3298851d05 Fix alignment of PSA defines 
When these names were changed, the definition got misaligned with the
rest of the fields.  Fix this alignment.

Signed-off-by: David Brown <david.brown@linaro.org>
 2021-03-16 10:44:22 -06:00
Mateusz Starzyk
1aec64642c Remove certs module from mbedtls. 
Certs will be used only by tests and programs.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 15:51:25 +01:00
Mateusz Starzyk
e204dbf272 Drop support for MBEDTLS_SSL_HW_RECORD_ACCEL. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:49:54 +01:00
Mateusz Starzyk
7e37338dda Drop single-DES ciphersuites. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:49:54 +01:00
Mateusz Starzyk
5224e29f0e Drop support for RC4 TLS ciphersuites. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:49:54 +01:00
Mateusz Starzyk
a3a9984a5d Drop support for TLS record-level compression. 
Remove option MBEDTLS_ZLIB_SUPPORT.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:49:51 +01:00
Mateusz Starzyk
2012ed7560 Drop support for compatibility with our own previous buggy implementation of truncated HMAC (MBEDTLS_SSL_TRUNCATED_HMAC_COMPAT). 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:19:09 +01:00
Mateusz Starzyk
06b07fb839 Drop support for SSLv3. 
Remove options: MBEDTLS_SSL_MINOR_VERSION_0 and
MBEDTLS_SSL_PROTO_SSL3).

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-03-16 12:19:05 +01:00
Gilles Peskine
74a7f93c94 Add BUGS.md 
Instructions on how to report a bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-03-16 12:05:44 +01:00
Gilles Peskine
92042d9bc4 The 2.7 branch is retired 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-03-16 12:05:30 +01:00
Gilles Peskine
991bbe7f5e Mention the master branch as well 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-03-16 12:05:16 +01:00
Gilles Peskine
a23df13e52 Minor presentation improvements 
Minor wording improvement and cosmetic formatting improvements.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-03-16 12:04:44 +01:00
Steven Cooreman
f8e45a4e98 Simplify compilation guards around hash driver testing 
The hash driver entry points (and consequentially the hash driver core)
are now always compiled on when PSA_CRYPTO_DRIVER_TEST is turned on.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-16 11:07:55 +01:00
Gilles Peskine
01a622a1a4
Merge pull request #4197 from bensze01/psa_ccm_nonce_length 
Correct the maximum generated nonce length for CCM
 2021-03-16 10:10:41 +01:00
David Brown
eed74df1ee Re-order PSA ECC configs 
Arrange these to be in alphabetical order.

Signed-off-by: David Brown <david.brown@linaro.org>
 2021-03-15 15:53:57 -06:00
David Brown
44bfed596d Update PSA not supported generated data 
Update this based on the output of the generator script.  The Brainpool
curves are now supported, since they are spelled properly in the config.

Signed-off-by: David Brown <david.brown@linaro.org>
 2021-03-15 15:40:10 -06:00
David Brown
110ea816ca psa: Fix name of BRAINPOOL configs 
These should be WANT_ECC_BRAINPOOL_P_... not WANT_ECC_BP_...  Change to
match.

Signed-off-by: David Brown <david.brown@linaro.org>
 2021-03-15 15:30:28 -06:00
Ryan LaPointe
dbb192d157 Fix inaccurate comment in sample DTLS server 
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
 2021-03-15 16:43:27 -04:00
Ryan LaPointe
59244e87e1 Actually use the READ_TIMEOUT_MS in the sample DTLS client and server 
Signed-off-by: Ryan LaPointe <ryan@ryanlapointe.org>
 2021-03-15 16:43:08 -04:00
Steven Cooreman
b6bf4bbf95 Clear up language on zeroizing driver context at setup 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-15 19:00:14 +01:00
Steven Cooreman
aa87fd0012 Make driver IDs always visible 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-15 18:54:03 +01:00
Steven Cooreman
61bb8fc693 remove superfluous calls to hash_abort 
The PSA Core is already calling psa_hash_abort, so the driver doesn't
have to do that explicitly.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-15 12:35:17 +01:00
Steven Cooreman
5e4c18f6d9 Reorder the driver wrapper switch-case content 
Reordered the cases to be in numeric order.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-15 12:26:07 +01:00
Steven Cooreman
893232fbde Ensure the full driver structure is zeroized at setup 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-15 12:23:37 +01:00
Steven Cooreman
fa952958a5 Don't void actually used arguments 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-15 12:16:25 +01:00
Steven Cooreman
0f8ffa806b Rename and retype hash test driver context structure 
Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-15 12:14:40 +01:00
Steven Cooreman
753f973f87 Use full config during driver testing 
Due to the way the test drivers are setup, we require the full setup.

Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>
 2021-03-15 12:14:40 +01:00