Yanray Wang
9b811658a8
Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
2023-09-07 16:18:00 +08:00
Gilles Peskine
b9664ee676
Don't include configuration adjustment headers
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-05 11:57:14 +02:00
Yanray Wang
d7058b0a35
dh_client: removed under CIPHER_ENCRYPT_ONLY
...
dh_client requests AES-ECB to do decryption. So it needs to be
removed under CIPHER_ENCRYPT_ONLY.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-09-01 17:35:58 +08:00
Tom Cosgrove
17d5081ffb
Merge pull request #8099 from gilles-peskine-arm/split-config_psa-prepare
...
Prepare to split config_psa.h
2023-08-22 07:30:46 +00:00
Gilles Peskine
796bc2b8f9
Merge pull request #7486 from AndrzejKurek/calloc-also-zeroizes
...
Document mbedtls_calloc zeroization
2023-08-21 15:47:21 +00:00
Gilles Peskine
9af413bcc5
Don't try to include mbedtls/config_*.h
...
They're included by build_info.h and must not be included directly.
Currently, this only concerns one file: config_psa.h. It's technically a bug
to include it, but a harmless one because that header has already been
included by build_info.h except in configurations where it
effectively had no effect (enabling PSA options with PSA turned off).
We plan to split config_psa.h into multiple headers that are less
independent, which could make the inclusion more problematic.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-21 16:12:36 +02:00
Gilles Peskine
dbd13c3689
Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01
...
Updating crt/crl files due to expiry before 2027-01-01
2023-08-17 15:38:35 +00:00
Gilles Peskine
d370f93898
Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn
...
OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's
2023-08-16 09:19:46 +00:00
Manuel Pégourié-Gonnard
660bbf2470
test: disable BIGNUM support on the test ecc_no_bignum component
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Paul Elliott
2f12a29cdd
Merge pull request #7896 from AgathiyanB/gitignore-generated-files-toggle
...
Add script to toggle ignoring generated files
2023-08-09 14:54:32 +00:00
Gowtham Suresh Kumar
186731b22a
Fix warnings from clang-16
...
Running clang-16 on mbedtls reports warnings of type "-Wstrict-prototypes".
This patch fixes these warnings by adding void to functions with no
arguments. The generate_test_code.py is modified to insert void into test
functions with no arguments in *.function files.
Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2023-07-26 17:11:51 +01:00
Manuel Pégourié-Gonnard
828b3acd6b
Merge pull request #7848 from valeriosetti/issue7749
...
driver-only ECC: EPCf.TLS testing
2023-07-18 10:33:21 +02:00
Dave Rodgman
91d9daf2b3
Merge pull request #7925 from hasheddan/dtls-server-order
...
Fix order of steps in DTLS server example program
2023-07-17 09:41:43 +01:00
Daniel Mangum
af2f7a6fcb
Fix order of steps in DTLS server example program
...
Fixes the numbered order of steps in the DTLS server example program.
Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
2023-07-14 12:00:33 -04:00
Andrzej Kurek
312b6df38a
Add a missing guard in cert_req.c
...
IP parsing requires x509_CRT_PARSE_C
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-10 08:45:30 -04:00
Valerio Setti
dda0019e2e
ssl_test_lib: fix rebase error
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 10:22:51 +02:00
Valerio Setti
5bdebb2004
ssl_test_lib: fix variable naming for curve group
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
fb6356f003
ssl_test_lib: simplify function which prints supported curves
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
deb676442d
ssl_test_lib: manage FFDH keys the same way as ECC ones
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
acd32c005f
programs: add helper functions for supported EC curves
...
- get full list, or
- get TLS ID from name
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Manuel Pégourié-Gonnard
461d59b2f8
Merge pull request #7858 from mprse/ffdh_tls13_v2_f
...
Make use of FFDH keys in TLS 1.3 - follow-up
2023-07-07 16:19:35 +02:00
Dave Rodgman
c4749b1c66
Merge pull request #7584 from gilles-peskine-arm/fuzz-file-open-fail
...
Fuzz programs: print an error if loading the reproducer fails
2023-07-07 11:51:59 +01:00
Andrzej Kurek
6bc7a38683
Support more SAN subtypes in cert_req.c
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-07 05:13:13 -04:00
Agathiyan Bragadeesh
77b0d645f5
Add gitignore anchors to denote generated files
...
These anchors encapsulate gitignore patterns which typically ignore
files generated, so that scripts can be used to comment and uncomment
these patterns for releases when we need the generated files in the
repository.
Signed-off-by: Agathiyan Bragadeesh <agabra02@e127300.arm.com>
2023-07-06 17:58:18 +01:00
Przemek Stekiel
68e7544de8
parse_groups: curve -> group adaptations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-06 12:16:44 +02:00
Przemek Stekiel
45255e4c71
Adapt names (curves -> groups)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
Pengyu Lv
b078607f04
cert_write: Support write any for extended key usage
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Manuel Pégourié-Gonnard
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2
...
Make use of FFDH keys in TLS 1.3 v.2
2023-07-03 10:12:33 +02:00
Dave Rodgman
c23d2222ea
Merge pull request #7728 from waleed-elmelegy-arm/crypt_and_hash-decrypt-fix
...
Fix crypt_and_hash decrypt issue when used with stream cipher
2023-06-30 11:42:35 +01:00
Andrzej Kurek
60de0b198a
Move the overallocation test to test suites
...
This way the compiler does not complain about
an overly large allocation made.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
Andrzej Kurek
aae3208c29
Add an mbedtls_calloc(SIZE_MAX/2, SIZE_MAX/2) test
...
It should return NULL and not a valid pointer.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
Andrzej Kurek
e35f3a23be
Add a calloc selftest for more than a page
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
Andrzej Kurek
ecaf6fb8b2
Documentation and cosmetic fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
Andrzej Kurek
9032711dc7
Move the calloc buffer initialization test to selftest.c
...
This way it's more in line with the 2.28 version.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
Paul Elliott
458b96b1a7
Merge pull request #7638 from AndrzejKurek/cert-apps-use-ips
...
Use better IP parsing in x509 apps
2023-06-20 17:21:04 +01:00
Przemek Stekiel
7d42c0d0e5
Code cleanup #2
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 12:30:40 +02:00
Przemek Stekiel
75a5a9c205
Code cleanup
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 09:57:23 +02:00
Waleed Elmelegy
46549cb5fa
Replace function calls in crypt_and_hash program with locals
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-06-12 14:53:02 +01:00
Waleed Elmelegy
7d39cc410c
Fix crypt_and_hash decrypt issue when used with stream cipher
...
crypt_and_hash decryption fails when used with a stream cipher
mode of operation due to the input not being multiple of block
size, this only applies to block cipher modes and not stream
ciphers.This change exempts CTR, CFB & OFB modes from this check.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-06-09 16:58:23 +01:00
Dave Rodgman
05d71ffe5b
Merge remote-tracking branch 'origin/development' into sha3-updated
2023-06-07 18:02:04 +01:00
Andrzej Kurek
0624e460fb
Add a guard for IP parsing in cert_req app
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-07 08:54:35 -04:00
Andrzej Kurek
cd17ecfe85
Use better IP parsing in x509 programs
...
Remove unnecessary duplicated code.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-07 08:50:05 -04:00
Przemek Stekiel
ff9fcbcace
ssl_client2, ssl_server2: code optimization + guards adaptation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:53:40 +02:00
Przemek Stekiel
da4fba64b8
Further code optimizations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
Przemek Stekiel
316c19ef93
Adapt guards, dependencies + optimizations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
Przemek Stekiel
e7db09bede
Move FFDH helper functions and macros to more suitable locations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Przemek Stekiel
6d7da5ee1e
Add FFDH support in client2, server2 applications
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Gilles Peskine
84b547b5ee
Merge pull request #7400 from AndrzejKurek/cert-write-sans
...
Add a possibility to generate certificates with a Subject Alternative Name
2023-06-05 15:38:38 +02:00
Andrzej Kurek
f994bc51ad
Refactor code in cert_write.c
...
This way is more robust.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-02 05:10:17 -04:00
Dave Rodgman
7f97675b64
Merge pull request #5237 from davidhorstmann-arm/demo-out-of-tree
2023-05-19 21:27:24 +01:00