espressif/mbedtls
1
0
Fork 0
mirror of https://github.com/espressif/mbedtls.git synced 2025-07-06 02:10:11 +08:00
Code Issues Packages Projects Releases Wiki Activity
31,240 Commits 34 Branches 164 Tags
Commit Graph

31240 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Minos Galanakis
a184fd0516 programs/dh_client/server: Replaced mbedtls_sha1 with mbedtls_sha256 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-01-18 14:29:41 +00:00
Valerio Setti
d929106f36 ssl_ciphersuites: move internal functions declarations to a private header 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 15:08:28 +01:00
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340 
Export the mbedtls_md_psa_alg_from_type function
 2024-01-18 13:58:55 +00:00
Ryan Everett
fb02d57de7 Document the thread safety of the primitive key slot functions 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-18 10:54:42 +00:00
Ryan Everett
0e3b677cf4 Support PSA_ERROR_SERVICE_FAILURE 
To be returned in the case where mbedtls_mutex_lock and
mbedtls_mutex_unlock fail.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-18 10:47:29 +00:00
Ryan Everett
846889355c Initialize and free the key slot mutex 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-18 10:47:05 +00:00
Gilles Peskine
b1f96c0354
Merge pull request #7815 from gilles-peskine-arm/ecp-export-partial 
ECP keypair utility functions
 2024-01-18 10:29:05 +00:00
Gilles Peskine
c9077cccd3
Merge pull request #8664 from valeriosetti/issue7764 
Conversion function from ecp group to PSA curve
 2024-01-18 10:28:55 +00:00
Ryan Everett
491f7e5ac3 Define key_slot_mutex 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-18 10:21:38 +00:00
Valerio Setti
18371ee08f generate_tls13_compat_tests: add DH group dependency when FFDH is used 
"tls13-compat.sh" is also updated in this commit using the python
script.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 10:44:57 +01:00
Valerio Setti
05754d8e85 ssl-opt: add DH groups requirements in test cases using FFDH 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 09:47:00 +01:00
Valerio Setti
4f34b155f5 test_driver_key_management: keep mbedtls_test_opaque_wrap_key() private 
Only mbedtls_test_opaque_unwrap_key() is actually needed by other
test drivers to deal with opaque keys. mbedtls_test_opaque_wrap_key()
can be kept private to test_driver_key_management.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 08:44:13 +01:00
Valerio Setti
43ff242a8b changelog: fix typo 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 08:42:38 +01:00
Dave Rodgman
fb133513d6
Merge pull request #8705 from daverodgman/ctr-perf 
Ctr perf
 2024-01-17 20:25:41 +00:00
Paul Elliott
2728267ec4
Merge pull request #8672 from Ryan-Everett-arm/implement-new-key-slot-states 
Implement the new key slot state system within the PSA subsystem.
 2024-01-17 17:50:04 +00:00
David Horstmann
d3efb92922 Add underflow check to UNPOISON counter decrement 
Make sure that extra UNPOISON calls do not cause the poisoning counter
to underflow and wrap around.

Memory that is unpoisoned multiple times should remain unpoisoned.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-01-17 15:27:50 +00:00
Dave Rodgman
5c745fa7da Pacify check_files 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-17 15:27:05 +00:00
Dave Rodgman
5f8e2a2b5f Spelling fix 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-17 15:27:05 +00:00
Dave Rodgman
ad4b705863 Use quiet make wrappers from all.sh 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-17 15:27:05 +00:00
Dave Rodgman
3e2c61dca2 Create quiet wrappers for make and cmake 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-17 15:27:05 +00:00
Valerio Setti
78aa0bc1d9 all.sh: fix tests with accelerated FFDH 
Explicitly accelerate also DH groups in those tests.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:57:06 +01:00
Valerio Setti
1161b44981 crypto_config_test_driver_extension: support accelaration of DH groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:57:06 +01:00
Valerio Setti
48a847afb7 tests: add guards for DH groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:57:06 +01:00
Valerio Setti
6bed64ec75 all.sh: add new component with only DH 2048 bits. 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:57:06 +01:00
Valerio Setti
504a10254c psa_crypto: do not validate DH groups which are not enabled 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:57:03 +01:00
Valerio Setti
e8683ce9ef ssl_test_lib: add guards for enabled DH groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:30 +01:00
Valerio Setti
ecaf7c5690 ssl_tls: add guards for enabled DH key types 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:30 +01:00
Valerio Setti
de50413009 crypto_sizes: adjust PSA_VENDOR_FFDH_MAX_KEY_BITS based on the supported groups 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:30 +01:00
Valerio Setti
4ed8daa929 psa_crypto_ffdh: add guards for enabled domain parameters 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:30 +01:00
Valerio Setti
fecef8bc8e config_adjust: fix adjustments between legacy and PSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:26 +01:00
David Horstmann
9de6edd462 Separate memory poisoning tests from generic ASan 
Some platforms may support ASan but be C99-only (no C11 support).
These platforms will support ASan metatests but not memory poisoning,
which requires C11 features.

To allow for this, create a separate platform requirement, "poison",
in metatest.c to distinguish generic ASan metatests from ones that
require suppport for memory poisoning.

In practice our platforms support both, so run "poison" tests in
the same all.sh components where we run "asan" ones.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-01-17 14:53:08 +00:00
David Horstmann
fad038c501 Change memory poisoning flag to a count 
This allows unusually-nested memory poisoning to work correctly, since
it keeps track of whether any buffers are still poisoned, rather than
just disabling poisoning at the first call to the UNPOISON() macro.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-01-17 14:23:20 +00:00
Ryan Everett
4a0ba80bdb
Clarify psa_destroy_key documentation 
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Ryan Everett <144035422+Ryan-Everett-arm@users.noreply.github.com>
 2024-01-17 14:12:33 +00:00
David Horstmann
c2ab398d01 Request C11 in CMake (but only for tests) 
Set the C_STANDARD property on the mbedtls_test target to 11.
This requests C11 for the tests only.

If C11 is not supported the build will not fail, since
C_STANDARD_REQUIRED is not set, and memory poisoning will be disabled
by a preprocessor check on __STDC_VERSION__.

Additionally, reintroduce previous C99 enforcement on the rest of the
library.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-01-17 14:02:40 +00:00
Gilles Peskine
dd77343381 Open question for ECDSA signature that can be resolved during implementation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 14:33:32 +01:00
Gilles Peskine
d5b04a0c63 Add a usage parameter to mbedtls_pk_get_psa_attributes 
Let the user specify whether to use the key as a sign/verify key, an
encrypt/decrypt key or a key agreement key. Also let the user indicate if
they just want the public part when the input is a key pair.

Based on a discussion in
https://github.com/Mbed-TLS/mbedtls/pull/8682#discussion_r1444936480

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 14:31:57 +01:00
Gilles Peskine
702d9f65f6 Resolve several open questions as nothing special to do 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 12:58:25 +01:00
Ryan Everett
38a2b7a6a3 Extend psa_wipe_key_slot documentation 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-17 11:45:44 +00:00
Ryan Everett
7ed542e0f1 Implement delayed deletion in psa_destroy_key and some cleanup 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-17 11:40:29 +00:00
Gilles Peskine
42a025dc9c Reference filed issues 
All PK-related actions are now covered.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 12:35:31 +01:00
Dave Rodgman
885248c8ee Add header guards 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-17 11:06:31 +00:00
Valerio Setti
bbff303fe1 crypto_config: define feature macros for DH keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 11:47:44 +01:00
Gilles Peskine
5a64c42693 Reference ongoing work 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 10:09:16 +01:00
Gilles Peskine
89ca6c7e72 typo 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 10:08:56 +01:00
Gilles Peskine
32294044e1 Generalize mbedtls_pk_setup_opaque beyond MBEDTLS_USE_PSA_CRYPTO 
It's useful in applications that want to use some PSA opaque keys regardless
of whether all pk operations go through PSA.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-17 10:07:55 +01:00
Valerio Setti
584dc80d96 add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 08:06:32 +01:00
Bence Szépkúti
1325942c28
Merge pull request #8707 from bensze01/new_redirect_format 
Migrate to new RTD redirect format
 2024-01-16 20:22:08 +00:00
Dave Rodgman
9039ba572b Fix test dependencies 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-16 18:38:55 +00:00
Dave Rodgman
7e5b7f91ca Fix error in ctr_drbg 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-16 17:28:25 +00:00
Dave Rodgman
b7778b2388 Fix ASAN error in test 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-16 16:27:34 +00:00