ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-06-11 00:52:48 +08:00
Code Issues Releases Wiki Activity
29,394 Commits 172 Branches 268 Tags
Commit Graph

29394 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Gilles Peskine
5294bb347c PSA wrapper generator 
The new script `tests/scripts/generate_psa_wrappers.py` generates the
implementation of wrapper functions for PSA API functions, as well as a
header that defines macros that redirect calls to the wrapper functions. By
default, the wrapper functions just call the underlying library function.
With `--log`, the wrapper functions log the arguments and return values.

This commit only introduces the new script. Subsequent commits will
integrate the wrappers in the build.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-15 19:03:08 +01:00
Gilles Peskine
f838eb2259 Guard the macro definition 
It doesn't make sense to define a macro expanding to a non-existent function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-15 19:03:08 +01:00
Gilles Peskine
d022093ea6 C function wrapper generator 
The Base class generates trivial wrappers that just call the underlying
function. It is meant as a base class to construct useful wrapper generators.

The Logging class generates wrappers that can log the inputs and outputs to
a function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-15 19:03:08 +01:00
Gilles Peskine
00ed38c25b Python module to parse function declarations from a header file 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-15 19:03:08 +01:00
Valerio Setti
4860a6c7ac test_suite_psa_crypto: revert known failing checks for [en|de]cryption with opaque keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-15 16:30:12 +01:00
Valerio Setti
62b6f10f64 test_driver_asymmetric_encryption: implement opaque [en/de]cryption functions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-15 16:30:07 +01:00
Valerio Setti
66a827fc83 test_driver_key_management: make opaque [un]wrapping functions public 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-15 15:00:52 +01:00
Dave Rodgman
46697da5b3 Make gcm counter increment more efficient 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:45:01 +00:00
Dave Rodgman
174eeff235 Save 14 bytes in CTR-DRBG 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:45:01 +00:00
Dave Rodgman
591ff05384 Use optimised counter increment in AES-CTR and CTR-DRBG 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:45:01 +00:00
Dave Rodgman
ae730348e9 Add tests for mbedtls_ctr_increment_counter 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:45:01 +00:00
Dave Rodgman
b49cf1019d Introduce mbedtls_ctr_increment_counter 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:45:01 +00:00
Ryan Everett
1d32a57764 Revert change to psa_destroy_key documentation 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-15 11:27:58 +00:00
Ryan Everett
709120a9ce Revert change to return behaviour in psa_reserve_free_key_slot 
This change was a mistake, we still need to wipe the pointers here.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-15 11:20:50 +00:00
Ryan Everett
dfe8bf86a8 Return CORRUPTION_DETECTED instead of BAD_SLOT when the slot's state is wrong 
These error codes are only returned if the program has been tampered with,
so they should be CORRUPTION_DETECTED.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-15 11:20:50 +00:00
Ryan Everett
4755e6bda4 Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION 
psa_wipe_key_slot can now be called on a slot in any state, if the slot's state
is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered
reader.

Remove the state changing calls that are no longer necessary.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-15 11:20:35 +00:00
Dave Rodgman
c4f984f2a5 Iterate in 16-byte chunks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:20:19 +00:00
Valerio Setti
5bb454aace psa_crypto: allow asymmetric encryption/decryption also with opaque keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-15 10:43:16 +01:00
Valerio Setti
f202c2968b test_suite_psa_crypto: test asymmetric encryption/decryption also with opaque keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-15 10:42:37 +01:00
Dave Rodgman
67223bb501 add support for AES-CTR to benchmark 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-12 18:33:57 +00:00
David Horstmann
9432e64933 Only run memory poisoning metatests when poisoning 
When we cannot memory poison due to platform constraints, do not attempt
to run memory poisoning metatests (but still run other ASan metatests).

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-01-12 15:13:54 +00:00
David Horstmann
8174478f82 Use thread-local flag to enable memory poisoning 
Allow memory poisoning to be enabled and disabled at runtime using a
thread-local flag. This allows poisoning to be disabled whenever a PSA
function is called but not through the test wrappers, removing false
positive use-after-poisons.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-01-12 15:13:54 +00:00
David Horstmann
8ba3f68561 Stop enforcing C99 in CMakeLists.txt 
This allows us to sometimes use C11 features.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-01-12 15:13:54 +00:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile 
TLS: remove RSA signature algorithms in `suite B` profile
 2024-01-12 14:34:28 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext 
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
 2024-01-12 13:39:15 +00:00
Waleed Elmelegy
f0ccf46713 Add minor cosmetic changes to record size limit changelog and comments 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-12 10:52:45 +00:00
Waleed Elmelegy
4b09dcd19c Change renegotiation test to use G_NEXT_SRV 
Change renegotiation test to use G_NEXT_SRV
to avoid problems when sending TLS 1.3
extensions since we exceed the extension
limit in G_SRV.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-12 10:50:25 +00:00
Paul Elliott
3519cfb3d8
Merge pull request #8639 from bensze01/release_components 
Set OpenSSL/GnuTLS variables when running release components
 2024-01-11 15:38:35 +00:00
Janos Follath
0b39d1ed7d Update Marvin fix Changelog entry 
Upon further consideration we think that a remote attacker close to the
victim might be able to have precise enough timing information to
exploit the side channel as well. Update the Changelog to reflect this.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-11 14:24:02 +00:00
Ronald Cron
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function 
Harmonise the names and return values of check functions in TLS code
 2024-01-11 13:51:39 +00:00
Ronald Cron
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check 
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
 2024-01-11 13:34:09 +00:00
Waleed Elmelegy
85ddd43656 Improve record size limit changelog wording 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-11 11:07:57 +00:00
Manuel Pégourié-Gonnard
eeb96ac9fe
Merge pull request #8433 from yuhaoth/pr/add-deprecated-flag-for-sig_hashes-api 
Add deprecated flag in document for sig_hashes
 2024-01-11 09:33:10 +00:00
Valerio Setti
19ec9e4f66 psa_crypto_ecp: remove support for secp224k1 
Since this curve is not supported in PSA (and it will not ever be
in the future), we save a few bytes.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-11 07:07:14 +01:00
Waleed Elmelegy
e83be5f639 Change renegotiation tests to work with TLS 1.2 only 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 23:39:54 +00:00
Paul Elliott
f149cd1a3a
Merge pull request #8688 from jwinzig-at-hilscher/development 
Fix bug in mbedtls_x509_set_extension
 2024-01-10 16:57:16 +00:00
Waleed Elmelegy
3ff472441a Fix warning in ssl_tls13_generic.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
1487760b55 Change order of checking of record size limit client tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
09561a7575 Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to config_adjust_ssl.h 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
a3bfdea82b Revert "Make sure record size limit is not configured without TLS 1.3" 
This reverts commit 52cac7a3e6782bbf46a76158c9034afad53981a7.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
7ae74b74cc Make sure record size limit is not configured without TLS 1.3 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
f37c70746b Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to full config 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
e840263f76 Move record size limit testing to tls13 component 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
2fa99b2ddd Add tests for client complying with record size limit 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
f501790ff2 Improve comments across record size limit changes 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
9457e67afd update record size limit tests to be more consistent 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
2a2462e8f9 Add Changlog entry for record size extension 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
3a37756496 Improve record size limit tests 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
fbe42743eb Fix issue in checking in writing extensions 
Fix issue in checking if server received
record size limit extension.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Waleed Elmelegy
e1ac98d888 remove mbedtls_ssl_is_record_size_limit_valid function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00