2459 commits

Author	SHA1	Message	Date
Yanray Wang	d7058b0a35	dh_client: removed under CIPHER_ENCRYPT_ONLY ... dh_client requests AES-ECB to do decryption. So it needs to be removed under CIPHER_ENCRYPT_ONLY. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-09-01 17:35:58 +08:00
Tom Cosgrove	17d5081ffb	Merge pull request #8099 from gilles-peskine-arm/split-config_psa-prepare ... Prepare to split config_psa.h	2023-08-22 07:30:46 +00:00
Gilles Peskine	796bc2b8f9	Merge pull request #7486 from AndrzejKurek/calloc-also-zeroizes ... Document mbedtls_calloc zeroization	2023-08-21 15:47:21 +00:00
Gilles Peskine	9af413bcc5	Don't try to include mbedtls/config_*.h ... They're included by build_info.h and must not be included directly. Currently, this only concerns one file: config_psa.h. It's technically a bug to include it, but a harmless one because that header has already been included by build_info.h except in configurations where it effectively had no effect (enabling PSA options with PSA turned off). We plan to split config_psa.h into multiple headers that are less independent, which could make the inclusion more problematic. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-08-21 16:12:36 +02:00
Gilles Peskine	dbd13c3689	Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01 ... Updating crt/crl files due to expiry before 2027-01-01	2023-08-17 15:38:35 +00:00
Gilles Peskine	d370f93898	Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn ... OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's	2023-08-16 09:19:46 +00:00
Manuel Pégourié-Gonnard	660bbf2470	test: disable BIGNUM support on the test ecc_no_bignum component ... Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-10 06:43:23 +02:00
Paul Elliott	2f12a29cdd	Merge pull request #7896 from AgathiyanB/gitignore-generated-files-toggle ... Add script to toggle ignoring generated files	2023-08-09 14:54:32 +00:00
Gowtham Suresh Kumar	186731b22a	Fix warnings from clang-16 ... Running clang-16 on mbedtls reports warnings of type "-Wstrict-prototypes". This patch fixes these warnings by adding void to functions with no arguments. The generate_test_code.py is modified to insert void into test functions with no arguments in *.function files. Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>	2023-07-26 17:11:51 +01:00
Manuel Pégourié-Gonnard	828b3acd6b	Merge pull request #7848 from valeriosetti/issue7749 ... driver-only ECC: EPCf.TLS testing	2023-07-18 10:33:21 +02:00
Dave Rodgman	91d9daf2b3	Merge pull request #7925 from hasheddan/dtls-server-order ... Fix order of steps in DTLS server example program	2023-07-17 09:41:43 +01:00
Daniel Mangum	af2f7a6fcb	Fix order of steps in DTLS server example program ... Fixes the numbered order of steps in the DTLS server example program. Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>	2023-07-14 12:00:33 -04:00
Andrzej Kurek	312b6df38a	Add a missing guard in cert_req.c ... IP parsing requires x509_CRT_PARSE_C Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-07-10 08:45:30 -04:00
Valerio Setti	dda0019e2e	ssl_test_lib: fix rebase error ... Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-10 10:22:51 +02:00
Valerio Setti	5bdebb2004	ssl_test_lib: fix variable naming for curve group ... Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-10 09:13:57 +02:00
Valerio Setti	fb6356f003	ssl_test_lib: simplify function which prints supported curves ... Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-10 09:13:57 +02:00
Valerio Setti	deb676442d	ssl_test_lib: manage FFDH keys the same way as ECC ones ... Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-10 09:13:57 +02:00
Valerio Setti	acd32c005f	programs: add helper functions for supported EC curves ... - get full list, or - get TLS ID from name Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-10 09:13:57 +02:00
Manuel Pégourié-Gonnard	461d59b2f8	Merge pull request #7858 from mprse/ffdh_tls13_v2_f ... Make use of FFDH keys in TLS 1.3 - follow-up	2023-07-07 16:19:35 +02:00
Dave Rodgman	c4749b1c66	Merge pull request #7584 from gilles-peskine-arm/fuzz-file-open-fail ... Fuzz programs: print an error if loading the reproducer fails	2023-07-07 11:51:59 +01:00
Andrzej Kurek	6bc7a38683	Support more SAN subtypes in cert_req.c ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-07-07 05:13:13 -04:00
Agathiyan Bragadeesh	77b0d645f5	Add gitignore anchors to denote generated files ... These anchors encapsulate gitignore patterns which typically ignore files generated, so that scripts can be used to comment and uncomment these patterns for releases when we need the generated files in the repository. Signed-off-by: Agathiyan Bragadeesh <agabra02@e127300.arm.com>	2023-07-06 17:58:18 +01:00
Przemek Stekiel	68e7544de8	parse_groups: curve -> group adaptations ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-06 12:16:44 +02:00
Przemek Stekiel	45255e4c71	Adapt names (curves -> groups) ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-05 09:26:26 +02:00
Pengyu Lv	b078607f04	cert_write: Support write any for extended key usage ... Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-07-04 17:30:21 +08:00
Manuel Pégourié-Gonnard	56b159a12a	Merge pull request #7627 from mprse/ffdh_tls13_v2 ... Make use of FFDH keys in TLS 1.3 v.2	2023-07-03 10:12:33 +02:00
Dave Rodgman	c23d2222ea	Merge pull request #7728 from waleed-elmelegy-arm/crypt_and_hash-decrypt-fix ... Fix crypt_and_hash decrypt issue when used with stream cipher	2023-06-30 11:42:35 +01:00
Andrzej Kurek	60de0b198a	Move the overallocation test to test suites ... This way the compiler does not complain about an overly large allocation made. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-27 09:26:08 -04:00
Andrzej Kurek	aae3208c29	Add an mbedtls_calloc(SIZE_MAX/2, SIZE_MAX/2) test ... It should return NULL and not a valid pointer. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-27 09:26:08 -04:00
Andrzej Kurek	e35f3a23be	Add a calloc selftest for more than a page ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-27 09:26:08 -04:00
Andrzej Kurek	ecaf6fb8b2	Documentation and cosmetic fixes ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-27 09:26:08 -04:00
Andrzej Kurek	9032711dc7	Move the calloc buffer initialization test to selftest.c ... This way it's more in line with the 2.28 version. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-27 09:26:08 -04:00
Paul Elliott	458b96b1a7	Merge pull request #7638 from AndrzejKurek/cert-apps-use-ips ... Use better IP parsing in x509 apps	2023-06-20 17:21:04 +01:00
Przemek Stekiel	7d42c0d0e5	Code cleanup #2 ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-13 12:30:40 +02:00
Przemek Stekiel	75a5a9c205	Code cleanup ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-13 09:57:23 +02:00
Waleed Elmelegy	46549cb5fa	Replace function calls in crypt_and_hash program with locals ... Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-06-12 14:53:02 +01:00
Waleed Elmelegy	7d39cc410c	Fix crypt_and_hash decrypt issue when used with stream cipher ... crypt_and_hash decryption fails when used with a stream cipher mode of operation due to the input not being multiple of block size, this only applies to block cipher modes and not stream ciphers.This change exempts CTR, CFB & OFB modes from this check. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-06-09 16:58:23 +01:00
Dave Rodgman	05d71ffe5b	Merge remote-tracking branch 'origin/development' into sha3-updated	2023-06-07 18:02:04 +01:00
Andrzej Kurek	0624e460fb	Add a guard for IP parsing in cert_req app ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-07 08:54:35 -04:00
Andrzej Kurek	cd17ecfe85	Use better IP parsing in x509 programs ... Remove unnecessary duplicated code. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-07 08:50:05 -04:00
Przemek Stekiel	ff9fcbcace	ssl_client2, ssl_server2: code optimization + guards adaptation ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:53:40 +02:00
Przemek Stekiel	da4fba64b8	Further code optimizations ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:31:09 +02:00
Przemek Stekiel	316c19ef93	Adapt guards, dependencies + optimizations ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com> Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:31:09 +02:00
Przemek Stekiel	e7db09bede	Move FFDH helper functions and macros to more suitable locations ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:31:08 +02:00
Przemek Stekiel	6d7da5ee1e	Add FFDH support in client2, server2 applications ... Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:31:08 +02:00
Gilles Peskine	84b547b5ee	Merge pull request #7400 from AndrzejKurek/cert-write-sans ... Add a possibility to generate certificates with a Subject Alternative Name	2023-06-05 15:38:38 +02:00
Andrzej Kurek	f994bc51ad	Refactor code in cert_write.c ... This way is more robust. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-02 05:10:17 -04:00
Dave Rodgman	7f97675b64	Merge pull request #5237 from davidhorstmann-arm/demo-out-of-tree	2023-05-19 21:27:24 +01:00
Andrzej Kurek	5eebfb8fd0	Enable escaping ';' in cert_write.c SANs ... This might get used in URIs. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-17 15:23:56 -04:00
Andrzej Kurek	446e53d401	Fix a code style issue ... Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-05-17 15:23:56 -04:00