Manuel Pégourié-Gonnard
b72ecfd5a0
Merge pull request #5468 from Unity-Technologies/mbedtls-2.28-windows-arm64-workaround
...
Backport 2.28: Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug
2022-02-01 09:21:37 +01:00
Tautvydas Žilys
61156f8a6a
Cap the workaround for mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to MSVC versions prior to 17.1.
...
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
2022-01-31 13:37:47 -08:00
Andrzej Kurek
a16ffaf811
Add a check in check_config.h for PK_WRITE_C when RSA is enabled
...
This is required for importing RSA keys, as
mbedtls_psa_rsa_export_key is used internally.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-31 09:52:33 -05:00
Andrzej Kurek
699290de04
Fix config-mini-tls1_1 PK_WRITE requirement when USA_PSA_CRYPTO is used
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-31 09:51:44 -05:00
Andrzej Kurek
d08ed95419
Formatting: remove tabs from check_config.h
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-27 11:03:09 -05:00
Andrzej Kurek
38adac32e7
Add a changelog entry regarding bugfixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-27 11:01:33 -05:00
Andrzej Kurek
19d6ab0fb8
Enable testing with PSA for config-mini-tls1_1
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-27 11:01:24 -05:00
Andrzej Kurek
1faa2a3c6e
Add a check for MBEDTLS_PK_WRITE_C with USE_PSA_CRYPTO to check-config.h
...
Also force MBEDTLS_PK_WRITE_C in reduced configs using
MBEDTLS_USE_PSA_CRYPTO, MBEDTLS_PK_C and
MBEDTLS_ECDSA_C.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-27 11:00:24 -05:00
Tautvydas Žilys
ea4af4d345
Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug.
...
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
2022-01-26 15:44:47 -08:00
Andrzej Kurek
19e83fa3a5
Restructure test-ref-configs to test with USE_PSA_CRYPTO turned on
...
Run some of the test configs twice, enabling MBEDTLS_USE_PSA_CRYPTO
and MBEDTLS_PSA_CRYPTO_C in one of the runs.
Add relevant comments in these configs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-26 07:45:43 -05:00
Andrzej Kurek
e001596d83
Add missing MBEDTLS_ASN1_WRITE_C dependency in test_suite_psa_crypto
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-26 07:45:43 -05:00
Andrzej Kurek
e2462ba437
Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
...
Fix dependencies across test ssl programs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-26 07:45:43 -05:00
Andrzej Kurek
c60cc1d7be
Add missing dependency on MBEDTLS_GCM_C in cipher tests
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-26 07:45:43 -05:00
Andrzej Kurek
53ad763848
Mark unused variable in tests for cases with reduced configs
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-26 07:45:43 -05:00
Gilles Peskine
3df1dae6c0
CMake: generate the list of test suites automatically
...
We keep forgetting to register new test suites in tests/CMakeLists.txt. To
fix this problem once and for all, remove the need for manual registration.
The following test suites were missing:
test_suite_cipher.aria
test_suite_psa_crypto_driver_wrappers
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-25 23:28:51 +01:00
Gilles Peskine
8c681b7290
Add positive test case with self-signed certificates
...
Add a positive test case where both the client and the server require
authentication and both use a non-CA self-signed certificate.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-25 17:09:19 +01:00
Gilles Peskine
98dcb4c024
Merge pull request #5458 from AndrzejKurek/gitignore-eclipse-2-28
...
Backport 2.28: Add eclipse-specific project files to gitignore
2022-01-25 17:02:58 +01:00
Gilles Peskine
efd696afb9
New option to list all test cases
...
Occasionally useful for diagnosing issues with test reports.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-25 13:32:32 +01:00
Gilles Peskine
0c2f8ee3f0
Move collect_available_test_cases to check_test_cases.py
...
No behavior change.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-25 13:32:25 +01:00
Andrzej Kurek
d5746aa13d
Add eclipse-specific project files to gitignore
...
The project file must be at root directory:
https://bugs.eclipse.org/bugs/show_bug.cgi?id=78438
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-25 07:03:06 -05:00
Gilles Peskine
ed29547902
Merge pull request #5452 from AndrzejKurek/doxygen-closure-fixes-2-28
...
Backport 2.28: doxygen: add missing asterisk to group closures
2022-01-24 21:40:42 +01:00
Andrzej Kurek
fe5fb8e5d2
doxygen: remove empty platform_time configuration section
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-24 10:33:13 -05:00
Andrzej Kurek
ff632d5a3c
doxygen: move addtogroup closures to include more elements
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-24 10:32:00 -05:00
Andrzej Kurek
73afe27d5d
Add missing asterisk to doxygen closures
...
Clarify section names next to closing braces
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-24 10:31:06 -05:00
Gilles Peskine
bf62325c9f
Merge pull request #5439 from SebastianBoe/mbedtls-2.28_check_config
...
Backport 2.28: Add missing config check for PKCS5.
2022-01-22 00:52:18 +01:00
Gilles Peskine
d78e6cc817
Any package used in a script must be listed in ci.requirements.txt
...
This includes scripts that don't run on the CI, but are analyzed by
all.sh check_python_files.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-22 00:48:00 +01:00
Sebastian Bøe
9db51a6e26
Add missing config check for PKCS5.
...
PKCS5 depends on MD, but is missing a config check resulting in
obscure errors on invalid configurations.
Signed-off-by: Sebastian Bøe <sebastian.boe@nordicsemi.no>
2022-01-19 13:26:09 +01:00
Manuel Pégourié-Gonnard
4afaba52a9
Merge pull request #5416 from gstrauss/mbedtls_ssl_config_defaults-repeat-2.28
...
Backport 2.28: Reset dhm_P and dhm_G if config call repeated
2022-01-14 10:41:12 +01:00
Gilles Peskine
bbfa3f1967
Merge pull request #5422 from yanesca/update_mailing_list_links_backport
...
Update mailing list links [Backport]
2022-01-12 16:47:02 +01:00
Janos Follath
c6935e8b19
Update mailing list links
...
The mailing list software has been updated and the links have changed.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-01-12 13:17:16 +00:00
Glenn Strauss
de081ce75c
Reset dhm_P and dhm_G if config call repeated
...
Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated
to avoid leaking memory.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-11 20:07:44 -05:00
Gilles Peskine
4ed2844405
Merge pull request #5312 from gilles-peskine-arm/add_list_config_function-2.x
...
Backport 2.x: Add list config function
2021-12-20 22:08:01 +01:00
Dave Rodgman
53c268e6a9
Merge pull request #873 from ARMmbed/mbedtls-2.28.0_merge_into_release
...
Mbedtls 2.28.0 merge into release
2021-12-17 11:22:26 +00:00
Dave Rodgman
8b3f26a5ac
Merge pull request #868 from ARMmbed/mbedtls-2.28.0rc0-pr
...
Mbedtls 2.28.0rc0 pr
2021-12-15 13:47:54 +00:00
Dave Rodgman
d41dab39c5
Bump version to 2.28.0
...
Executed ./scripts/bump_version.sh --version 2.28.0 --so-tls 14
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-15 11:55:31 +00:00
Dave Rodgman
29c3aee6a7
Update branch information in BRANCHES.md
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-15 11:53:12 +00:00
Dave Rodgman
f00d9a2340
Minor Changelog updates & fixes
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-15 11:52:54 +00:00
Dave Rodgman
0798a827c8
Assemble changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-15 11:48:21 +00:00
Ronald Cron
2d2fb47e45
Add change log for #4883
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-15 11:47:25 +00:00
Dave Rodgman
04e920410d
Add missing changelog for ARIA ( #5051 )
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-14 12:53:07 +00:00
Dave Rodgman
08412e2a67
Merge remote-tracking branch 'restricted/development_2.x-restricted' into mbedtls-2.28.0rc0-pr
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-12-14 12:52:51 +00:00
Gilles Peskine
c97cc18fb8
Merge pull request #5327 from gilles-peskine-arm/zeroize-tag-2.28
...
Backport 2.2x: Zeroize expected MAC/tag intermediate variables
2021-12-13 19:09:32 +01:00
Gilles Peskine
f9a0501683
mbedtls_cipher_check_tag: jump on error for more robustness to refactoring
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 16:59:04 +01:00
Gilles Peskine
384b98bdae
Merge pull request #5310 from paul-elliott-arm/pkcs12_fix_2.x
...
Backport 2.x: Fixes for pkcs12 with NULL and/or zero length password
2021-12-13 14:52:44 +01:00
Gilles Peskine
622d80453b
Initialize hash_len before using it
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 14:45:38 +01:00
Gilles Peskine
d61551c017
Generalize MAC zeroization changelog entry
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 13:55:17 +01:00
Gilles Peskine
8c99a760d5
PKCS#1v1.5 signature: better cleanup of temporary values
...
Zeroize temporary buffers used to sanity-check the signature.
If there is an error, overwrite the tentative signature in the output
buffer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 13:55:17 +01:00
Gilles Peskine
f91b2e5a97
mbedtls_ssl_parse_finished: zeroize expected finished value on error
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 13:55:17 +01:00
Gilles Peskine
69d3b86baa
mbedtls_ssl_cookie_check: zeroize expected cookie on cookie mismatch
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 13:49:14 +01:00
Gilles Peskine
b3f4e5b1e1
PSA hash verification: zeroize expected hash on hash mismatch
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 13:49:14 +01:00