Commit graph

2463 commits

Author SHA1 Message Date
Dave Rodgman
da0bb9fae8
Merge pull request #8034 from gilles-peskine-arm/bump_version-doc_mainpage
Update capitalization of "Mbed" and fix bump_version.sh
2023-09-13 08:41:20 +00:00
Gilles Peskine
e820c0abc8 Update spelling "mbed TLS" to "Mbed TLS"
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":

```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```

Justification for the omissions:

* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
  occurrences are significant names in certificates and such. Changing
  the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
  updates.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-12 19:18:17 +02:00
Paul Elliott
a722d0a415 Update CMake minimum version(s) to match main CMakeLists.txt
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-09-12 16:42:14 +01:00
Ronald Cron
eab2055bde Fix query_config.c generation with CMake build system
In case of an out-of-tree build with the CMake build
system the path to crypto_config.h has to be defined
as the path to mbedtls_config.h. Add this possibility
tp generate_query_config.pl.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-09-08 10:23:25 +02:00
Gilles Peskine
b9664ee676 Don't include configuration adjustment headers
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-05 11:57:14 +02:00
Tom Cosgrove
17d5081ffb
Merge pull request #8099 from gilles-peskine-arm/split-config_psa-prepare
Prepare to split config_psa.h
2023-08-22 07:30:46 +00:00
Gilles Peskine
796bc2b8f9
Merge pull request #7486 from AndrzejKurek/calloc-also-zeroizes
Document mbedtls_calloc zeroization
2023-08-21 15:47:21 +00:00
Gilles Peskine
9af413bcc5 Don't try to include mbedtls/config_*.h
They're included by build_info.h and must not be included directly.

Currently, this only concerns one file: config_psa.h. It's technically a bug
to include it, but a harmless one because that header has already been
included by build_info.h except in configurations where it
effectively had no effect (enabling PSA options with PSA turned off).

We plan to split config_psa.h into multiple headers that are less
independent, which could make the inclusion more problematic.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-08-21 16:12:36 +02:00
Gilles Peskine
dbd13c3689
Merge pull request #7662 from lpy4105/issue/renew_cert_2027-01-01
Updating crt/crl files due to expiry before 2027-01-01
2023-08-17 15:38:35 +00:00
Gilles Peskine
d370f93898
Merge pull request #7898 from AndrzejKurek/csr-rfc822-dn
OPC UA - add support for RFC822 and DirectoryName SubjectAltNames when generating CSR's
2023-08-16 09:19:46 +00:00
Manuel Pégourié-Gonnard
660bbf2470 test: disable BIGNUM support on the test ecc_no_bignum component
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-08-10 06:43:23 +02:00
Paul Elliott
2f12a29cdd
Merge pull request #7896 from AgathiyanB/gitignore-generated-files-toggle
Add script to toggle ignoring generated files
2023-08-09 14:54:32 +00:00
Gowtham Suresh Kumar
186731b22a Fix warnings from clang-16
Running clang-16 on mbedtls reports warnings of type "-Wstrict-prototypes".
This patch fixes these warnings by adding void to functions with no
arguments. The generate_test_code.py is modified to insert void into test
functions with no arguments in *.function files.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2023-07-26 17:11:51 +01:00
Manuel Pégourié-Gonnard
828b3acd6b
Merge pull request #7848 from valeriosetti/issue7749
driver-only ECC: EPCf.TLS testing
2023-07-18 10:33:21 +02:00
Dave Rodgman
91d9daf2b3
Merge pull request #7925 from hasheddan/dtls-server-order
Fix order of steps in DTLS server example program
2023-07-17 09:41:43 +01:00
Daniel Mangum
af2f7a6fcb Fix order of steps in DTLS server example program
Fixes the numbered order of steps in the DTLS server example program.

Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
2023-07-14 12:00:33 -04:00
Andrzej Kurek
312b6df38a Add a missing guard in cert_req.c
IP parsing requires x509_CRT_PARSE_C
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-10 08:45:30 -04:00
Valerio Setti
dda0019e2e ssl_test_lib: fix rebase error
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 10:22:51 +02:00
Valerio Setti
5bdebb2004 ssl_test_lib: fix variable naming for curve group
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
fb6356f003 ssl_test_lib: simplify function which prints supported curves
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
deb676442d ssl_test_lib: manage FFDH keys the same way as ECC ones
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Valerio Setti
acd32c005f programs: add helper functions for supported EC curves
- get full list, or
- get TLS ID from name

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
Manuel Pégourié-Gonnard
461d59b2f8
Merge pull request #7858 from mprse/ffdh_tls13_v2_f
Make use of FFDH keys in TLS 1.3 - follow-up
2023-07-07 16:19:35 +02:00
Dave Rodgman
c4749b1c66
Merge pull request #7584 from gilles-peskine-arm/fuzz-file-open-fail
Fuzz programs: print an error if loading the reproducer fails
2023-07-07 11:51:59 +01:00
Andrzej Kurek
6bc7a38683 Support more SAN subtypes in cert_req.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-07-07 05:13:13 -04:00
Agathiyan Bragadeesh
77b0d645f5 Add gitignore anchors to denote generated files
These anchors encapsulate gitignore patterns which typically ignore
files generated, so that scripts can be used to comment and uncomment
these patterns for releases when we need the generated files in the
repository.

Signed-off-by: Agathiyan Bragadeesh <agabra02@e127300.arm.com>
2023-07-06 17:58:18 +01:00
Przemek Stekiel
68e7544de8 parse_groups: curve -> group adaptations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-06 12:16:44 +02:00
Przemek Stekiel
45255e4c71 Adapt names (curves -> groups)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
Pengyu Lv
b078607f04 cert_write: Support write any for extended key usage
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-07-04 17:30:21 +08:00
Manuel Pégourié-Gonnard
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2
Make use of FFDH keys in TLS 1.3 v.2
2023-07-03 10:12:33 +02:00
Dave Rodgman
c23d2222ea
Merge pull request #7728 from waleed-elmelegy-arm/crypt_and_hash-decrypt-fix
Fix crypt_and_hash decrypt issue when used with stream cipher
2023-06-30 11:42:35 +01:00
Andrzej Kurek
60de0b198a Move the overallocation test to test suites
This way the compiler does not complain about
an overly large allocation made.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
Andrzej Kurek
aae3208c29 Add an mbedtls_calloc(SIZE_MAX/2, SIZE_MAX/2) test
It should return NULL and not a valid pointer.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
Andrzej Kurek
e35f3a23be Add a calloc selftest for more than a page
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
Andrzej Kurek
ecaf6fb8b2 Documentation and cosmetic fixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
Andrzej Kurek
9032711dc7 Move the calloc buffer initialization test to selftest.c
This way it's more in line with the 2.28 version.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-27 09:26:08 -04:00
Paul Elliott
458b96b1a7
Merge pull request #7638 from AndrzejKurek/cert-apps-use-ips
Use better IP parsing in x509 apps
2023-06-20 17:21:04 +01:00
Przemek Stekiel
7d42c0d0e5 Code cleanup #2
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 12:30:40 +02:00
Przemek Stekiel
75a5a9c205 Code cleanup
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 09:57:23 +02:00
Waleed Elmelegy
46549cb5fa Replace function calls in crypt_and_hash program with locals
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-06-12 14:53:02 +01:00
Waleed Elmelegy
7d39cc410c Fix crypt_and_hash decrypt issue when used with stream cipher
crypt_and_hash decryption fails when used with a stream cipher
mode of operation due to the input not being multiple of block
size, this only applies to block cipher modes and not stream
ciphers.This change exempts CTR, CFB & OFB modes from this check.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-06-09 16:58:23 +01:00
Dave Rodgman
05d71ffe5b Merge remote-tracking branch 'origin/development' into sha3-updated 2023-06-07 18:02:04 +01:00
Andrzej Kurek
0624e460fb Add a guard for IP parsing in cert_req app
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-07 08:54:35 -04:00
Andrzej Kurek
cd17ecfe85 Use better IP parsing in x509 programs
Remove unnecessary duplicated code.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-07 08:50:05 -04:00
Przemek Stekiel
ff9fcbcace ssl_client2, ssl_server2: code optimization + guards adaptation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:53:40 +02:00
Przemek Stekiel
da4fba64b8 Further code optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
Przemek Stekiel
316c19ef93 Adapt guards, dependencies + optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
Przemek Stekiel
e7db09bede Move FFDH helper functions and macros to more suitable locations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Przemek Stekiel
6d7da5ee1e Add FFDH support in client2, server2 applications
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Gilles Peskine
84b547b5ee
Merge pull request #7400 from AndrzejKurek/cert-write-sans
Add a possibility to generate certificates with a Subject Alternative Name
2023-06-05 15:38:38 +02:00