Commit graph

27287 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
3ec976c42c Fix typo in variable declaration
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-20 16:12:46 +02:00
Gilles Peskine
edc8456e01 Work around a race condition in parallel builds
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-20 15:03:18 +02:00
Gilles Peskine
eda1b1f744
Merge pull request #7921 from valeriosetti/issue7613
TLS: Clean up ECDSA dependencies
2023-09-20 12:47:55 +00:00
Gilles Peskine
452beb9076
Merge pull request #8203 from gilles-peskine-arm/p256-m-production
Declare p256-m as ready for production
2023-09-20 09:36:05 +00:00
Manuel Pégourié-Gonnard
f25189473b Fix documentation of error codes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-20 09:42:55 +02:00
Manuel Pégourié-Gonnard
5ca69349b5 Improve comments on key formats
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-20 09:28:02 +02:00
Manuel Pégourié-Gonnard
fbea9d2e7d Improve return code
CORRUPTION_DETECTED should be reserved for cases that are impossible,
short of physical corruption during execution or a major bug in the
code. We shouldn't use this for the kind of mistakes that can happen
during configuration or integration, such as calling a driver on a key
type that it doesn't support.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-20 09:22:29 +02:00
Gilles Peskine
bd50d5baec
Merge pull request #8177 from gilles-peskine-arm/generated-files-off-in-release
Generated files off in release
2023-09-18 14:11:58 +00:00
Dave Rodgman
25c271a035
Merge pull request #8182 from daverodgman/asn1write-size
Reduce code size in mbedtls_asn1_write_len
2023-09-18 10:27:23 +00:00
Manuel Pégourié-Gonnard
97bb726e2d Add clarifying comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-18 11:28:32 +02:00
Manuel Pégourié-Gonnard
275afe187f Fix preset shared between 1.2 and 1.3
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-18 11:19:20 +02:00
Manuel Pégourié-Gonnard
f299efdb96 Improve a comment
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-18 11:19:04 +02:00
Gilles Peskine
67c86e626b
Merge pull request #7961 from gilles-peskine-arm/psa_crypto_config-in-full
Enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config
2023-09-18 08:13:12 +00:00
Gilles Peskine
8fbef064a6
Merge pull request #8217 from paul-elliott-arm/remove_unused_values_programs
Remove unneeded setting of ret from ssl programs
2023-09-18 08:13:00 +00:00
Gilles Peskine
5083a5b85e
Merge pull request #8220 from jnmeurisse/development
Fix issue #8215 : add missing requires documentation in mbedtls_config.h
2023-09-18 10:06:14 +02:00
Manuel Pégourié-Gonnard
4f119b8f21 Remove extra copies of a block of comment/define
Not sure how it happened, but this block was not just duplicated, but
triplicated. Keep only the first copy: the one before the code that uses
the macro being defined.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-18 09:57:04 +02:00
Manuel Pégourié-Gonnard
f7298cd397 Fix some issues in comments
Ranging from typos to outdated comment contradicting the code.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-18 09:55:24 +02:00
jnmeurisse
83f0a65d71
Fix issue #8215 : add missing requires documentation in mbedtls_config.h
Add missing requirements MBEDTLS_SSL_PROTO_TLS1_2 to option MBEDTLS_SSL_RENEGOTIATION documentation.

Signed-off-by: jnmeurisse <88129653+jnmeurisse@users.noreply.github.com>
2023-09-16 18:12:18 +02:00
Dave Rodgman
0c9516ea89 code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-15 18:30:09 +01:00
Dave Rodgman
127f35d5e5 Merge remote-tracking branch 'origin/development' into asn1write-size
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-15 18:02:59 +01:00
Dave Rodgman
ecdfc1c94f Fix poorly named function
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-15 18:00:37 +01:00
Paul Elliott
fd3360ebf4 Remove unneeded setting of ret from ssl programs
Remove coverity warnings on unused values.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-09-15 17:41:25 +01:00
Gilles Peskine
170be457bd
Merge pull request #8207 from mcagriaksoy/branch_old_try
Fixes log level for got supported group message
2023-09-15 05:53:00 +00:00
Gilles Peskine
865730ec67
Merge pull request #8212 from tom-cosgrove-arm/mbedtls_ssl_max_early_data_size-default-value
MBEDTLS_SSL_MAX_EARLY_DATA_SIZE: default value should be commented out in config
2023-09-15 05:51:59 +00:00
mcagriaksoy
7f84471a60 Adding changelog for log level message fix
Signed-off-by: mcagriaksoy <mcagriaksoy@yandex.com>
2023-09-14 22:43:08 +02:00
Dave Rodgman
6fda82cdc7
Merge pull request #8214 from daverodgman/clang18-fix
Fix some clang-18 warnings
2023-09-14 17:12:23 +00:00
Dave Rodgman
a11eac4292 code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-14 16:16:04 +01:00
Dave Rodgman
e99b24dd9f Fix some clang-18 warnings
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-14 15:52:02 +01:00
Tom Cosgrove
a63775b168 Move MBEDTLS_SSL_MAX_EARLY_DATA_SIZE to the correct section
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-09-14 13:31:19 +01:00
Tom Cosgrove
3b4471ef87 MBEDTLS_SSL_MAX_EARLY_DATA_SIZE: default value should be commented out in config
Numeric options should be commented out with their default values in the config
file, and a separate header file should set the default value if necessary.
This was done for most other options in #8161; do it here for
MBEDTLS_SSL_MAX_EARLY_DATA_SIZE.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-09-14 13:18:50 +01:00
Manuel Pégourié-Gonnard
b95e92cd41
Merge pull request #8076 from valeriosetti/issue8005
Test with ECC and FFDH accelerated and no bignum
2023-09-14 09:12:35 +00:00
Yanray Wang
7732ced037 cipher_wrap: remove 192- and 256-bit for AES_ONLY_128_BIT_KEY_LENGTH
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-14 14:35:44 +08:00
mcagriaksoy
d9f22804ea Fixes log level for got supported group message
Signed-off-by: mcagriaksoy <mcagriaksoy@yandex.com>
2023-09-13 22:43:38 +02:00
Gilles Peskine
0ddffb6de2
Merge pull request #7210 from sergio-nsk/patch-2
Fix llvm error: variable 'default_iv_length' and other may be used uninitialized
2023-09-13 16:38:55 +02:00
Paul Elliott
3d0bffb257 Improve statement in driver-only-builds.md
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-09-13 15:15:37 +01:00
Gilles Peskine
528ec901ab Add a changelog entry for p256-m
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-13 15:41:23 +02:00
Gilles Peskine
6f784dff49 Reflect the fact p256-m has been integrated into Mbed TLS
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-13 15:32:30 +02:00
Gilles Peskine
016db89107 Update p256-m to state that it's ready for production
Add some guidance as to whether and how to enable it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-13 14:34:40 +02:00
Gilles Peskine
9b5d7d7801
Merge pull request #8195 from daverodgman/improve_sslmsg
Improve use of ct interface in mbedtls_ssl_decrypt_buf
2023-09-13 12:32:12 +00:00
Gilles Peskine
3cea3efc25
Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509
Accept numericoid hexstring x509
2023-09-13 08:54:33 +00:00
Gilles Peskine
f22999e99f
Merge pull request #8093 from yuhaoth/pr/add-target-architecture-macros
Add architecture detection macros
2023-09-13 08:53:47 +00:00
Dave Rodgman
da0bb9fae8
Merge pull request #8034 from gilles-peskine-arm/bump_version-doc_mainpage
Update capitalization of "Mbed" and fix bump_version.sh
2023-09-13 08:41:20 +00:00
Paul Elliott
0934b2007c
Merge pull request #8190 from paul-elliott-arm/update_cmake_min_ver
Update CMake minimum version(s) to match main CMakeLists.txt
2023-09-13 08:39:50 +00:00
Dave Rodgman
7d52f2a0d9 Improve use of ct interface in mbedtls_ssl_decrypt_buf
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-13 09:30:03 +01:00
Dave Rodgman
31beb2d449
Merge pull request #8166 from gilles-peskine-arm/p256-m-zeroize
p256-m: Use the zeroize function from Mbed TLS
2023-09-12 21:33:03 +00:00
Dave Rodgman
4923640574
Merge pull request #8189 from tom-cosgrove-arm/fix-ct-error-padlen-correct
Use the correct variable when tracking padding length
2023-09-12 17:31:06 +00:00
Gilles Peskine
2e38a0d603 More spelling corrections
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-12 19:19:31 +02:00
Gilles Peskine
e820c0abc8 Update spelling "mbed TLS" to "Mbed TLS"
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":

```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```

Justification for the omissions:

* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
  occurrences are significant names in certificates and such. Changing
  the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
  updates.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-12 19:18:17 +02:00
Gilles Peskine
4843278237 Allow "Mbed TLS" as the project name in Doxygen
Previously the code only recognized the old spelling "mbed TLS", so it
missed doxygen/input/doc_mainpage.h.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-12 19:16:17 +02:00
Agathiyan Bragadeesh
a72ea814d8 Remove double blank line in x509_create.c
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
2023-09-12 17:57:09 +01:00