mbedtls

mirror of https://github.com/espressif/mbedtls.git synced 2025-06-23 08:51:23 +08:00

Author	SHA1	Message	Date
Ronald Cron	70eab45ba6	tls13: generic: Fix log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	dc81b7343f	tests: srv max early data size: Add reach_max test arg Add the reach_max flag argument for the test13_srv_max_early_data_size test function. Non zero value only valid in case of TEST_EARLY_DATA_ACCEPTED scenario. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	01d273d31f	Enforce maximum size of early data in case of HRR Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	919e596c05	Enforce maximum size of early data when rejected Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	2160bfe4e2	tests: ssl: Test enforcement of maximum early data size Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	8571804382	tls13: srv: Enforce maximum size of early data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:09 +01:00
Ronald Cron	c286519747	tls13: srv: Do not forget to include max_early_data_size in the ticket Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:03:51 +01:00
Ronald Cron	26a9811027	ssl: Add early_data_count field Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:03:51 +01:00
Ronald Cron	5d3036e6d5	tests: ssl: Add max_early_data_size option Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:03:51 +01:00
Dave Rodgman	79aaaa46e9	Fix formatting Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-29 18:41:36 +00:00
David Horstmann	531aca2810	Fix missing fields in ssl session struct comment The endpoint and version were factorized out into the main session. Update the session struct comment to reflect these new fields, as was previously missed. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 18:14:28 +00:00
David Horstmann	cb01b361e1	Move session descriptions into a single comment Describe the TLS 1.2, TLS 1.3 and full session structs in the same place for ease of reference. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 18:10:13 +00:00
David Horstmann	80a9668762	Add config guards to session struct comments This shows which fields of the session are dependent on which config options. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 18:00:32 +00:00
David Horstmann	e59f970f28	Move session functions to same part of file Ensure that session save and load functions are not scattered throughout ssl_tls.c but are in the same part of the file. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 17:50:44 +00:00
David Horstmann	92b258bb50	Update ssl session serialization config bitflag Add config bits for server name indication, early data and record size limit, which all cause the serialized session to be structured differently. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 17:41:31 +00:00
David Horstmann	5c5a32f52a	Add session config bit for KEEP_PEER_CERTIFICATE This config option decides whether the session stores the entire certificate or just a digest of it, but was missing from the serialization config bitflag. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 17:41:31 +00:00
Gilles Peskine	469f7811fa	Require framework directory to exist when building The framework directory will be provided by a submodule. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-29 18:19:56 +01:00
Valerio Setti	d32dd08934	changelog: fix description Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-29 16:28:03 +01:00
Valerio Setti	1a58e9a232	psa_util: change guard for mbedtls_psa_get_random() to CRYPTO_CLIENT This commit also: - updates changelog - add a stub function to be used in component_test_psa_crypto_client() test Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-29 16:14:29 +01:00
Dave Rodgman	87218b364d	blank line for readability Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-29 15:02:30 +00:00
Dave Rodgman	869e310456	Use export to set VERBOSE_LOGS Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-29 15:02:27 +00:00
Ronald Cron	9b4e964c2c	Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data TLS 1.3: Add mbedtls_ssl_write_early_data() API	2024-02-29 14:31:55 +00:00
David Horstmann	c5688a2629	Merge branch 'development-restricted' into generate-random-buffer-protection Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 14:25:56 +00:00
Valerio Setti	a50190e2df	add changelog Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-29 15:23:00 +01:00
Signed-off-by: Steven WdV	bcfed50917	Fix compilation on macOS without apple-clang Signed-off-by: Steven WdV <swdv@cs.ru.nl>	2024-02-29 15:19:06 +01:00
David Horstmann	920a932bab	Merge pull request #1153 from tom-daubney-arm/asymmetric_encrypt_buffer_protection Implement safe buffer copying in asymmetric encryption	2024-02-29 14:16:59 +00:00
Dave Rodgman	5f7862a567	Fix docs Co-authored-by: Gilles Peskine <gilles.peskine@arm.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-29 14:14:37 +00:00
Dave Rodgman	a3e694c2ad	simplify printf call Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-29 14:06:49 +00:00
Dave Rodgman	63c94a36f1	improve docs Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-29 14:06:36 +00:00
Dave Rodgman	2096478034	Add editor hint for emacs Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-29 14:06:19 +00:00
Dave Rodgman	1f08a3248e	Rename quiet to quiet.sh Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-02-29 14:04:59 +00:00
Valerio Setti	4ee6f81195	add changelog Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-29 15:01:21 +01:00
Minos Galanakis	b4ce628b64	tests: Added test for `mbedtls_ecdh_context_grp` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-02-29 13:31:34 +00:00
Minos Galanakis	d753738fc0	echd: Added `mbedtls_ecdh_get_grp_id` getter. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-02-29 13:31:34 +00:00
David Horstmann	7581363122	Fix incorrect conflict resolution A return statement was missing in the wrapper generation script. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 11:26:45 +00:00
Gabor Mezei	0b04116cc8	Do not copy the content to the local output buffer with allocation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-29 10:08:16 +00:00
tom-daubney-arm	840dfe8b41	Merge branch 'development-restricted' into asymmetric_encrypt_buffer_protection Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>	2024-02-28 15:42:38 +00:00
Gabor Mezei	f1dd0253ec	Remove write check in driver wrappers tests This check is intended to ensure that we do not write intermediate results to the shared output buffer. This check will be made obselete by generic memory-poisoning-based testing for all functions. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:18:21 +00:00
Gabor Mezei	358eb218ab	Fix buffer protection handling for `cipher_generate_iv` Use the `LOCAL_OUTPUT_` macros for buffer protection instead of the existing local variable. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:19 +00:00
Gabor Mezei	b74ac66c8b	Update test wrapper functions for ciper buffer protection Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:18 +00:00
Gabor Mezei	7abf8ee51b	Add buffer protection for `cipher_generate_iv` and `cipher_set_iv` Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:18 +00:00
Gabor Mezei	8b8e485961	Move local buffer allocation just before usage Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:18 +00:00
Gabor Mezei	4892d75e9b	Add `LOCAL_OUTPUT_ALLOC_WITH_COPY` macro if buffer protection is disabled Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:17 +00:00
Gabor Mezei	c25fbd2cc1	Fix ASAN error for `psa_cipher_update` The ASAN gives an error for `psa_cipher_update` when the `input_length` is 0 and the `input` buffer is `NULL`. The root cause of this issue is `mbedtls_cipher_update` always need a valid pointer for the input buffer even if the length is 0. This fix avoids the `mbedtls_cipher_update` to be called if the input buffer length is 0. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:17 +00:00
Gabor Mezei	b8f97a1f3f	Add test wrapper functions for cipher buffer protection Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:17:17 +00:00
Gabor Mezei	212eb08884	Add buffer protection for cipher functions Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-02-28 15:15:49 +00:00
David Horstmann	e097bbdcf3	Add missing guards around exit label Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-28 14:17:10 +00:00
Gilles Peskine	84a7bfbd33	mbedtls_ecp_write_key_ext(): Upgrade import_pair_into_psa as well It wasn't done with the others because that code was added in a concurrent branch. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-28 14:21:32 +01:00
Gilles Peskine	b395e74edd	mbedtls_ecp_write_key_ext(): make key const Having a non-const `key` parameter was anotherf defect of mbedtls_ecp_write_key(). Take this opportunity to fix it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-28 14:18:28 +01:00
Gilles Peskine	04ae479b04	mbedtls_ecp_write_key_ext: document error for no private key set Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-02-28 13:19:42 +01:00

... 20 21 22 23 24 ...

31240 Commits