Commit Graph

9842 Commits

Author SHA1 Message Date
Christoph M. Wintersteiger
54d09ad0df 3rdparty: Rename THIRDPARTY_OBJECTS 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
50d9f095ec 3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
37eb90617a 3rdparty: Fix Makefile coding conventions 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
8cd4fba777 ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do 2019-08-29 16:12:38 +01:00
Gilles Peskine
0a92cc1f5c Add a changelog entry for Everest ECDH (X25519) 2019-08-29 16:12:38 +01:00
Gilles Peskine
7e65c05bb0 Document that curve lists can include partially-supported curves
Document that a curve returned by mbedtls_ecp_curve_list() or
mbedtls_ecp_grp_id_list() may lack support for ECDH or ECDSA.

Add a corresponding changelog entry, under "API Changes" because we
have changed the behavior: formerly, these functions skipped ECDH-only
curves, although this was not documented.
2019-08-29 16:12:38 +01:00
Gilles Peskine
c6c7c49fd6 Add mbedtls_ecdh_can_do
All curves can currently do ECDH, but to make the API symmetric and
future-proof, add mbedtls_ecdh_can_do() to go with mbedtls_ecdsa_can_do().
2019-08-29 16:12:38 +01:00
Gilles Peskine
b14c4a533d Fix build with gcc -Wshadow 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
21411d2b79 ECDH: Make benchmarks check MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
655ddababa 3rdparty: Add additional build facilities for 3rd-party code 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
181f284e39 config.h: Silence missing documentation warning 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
6cddd30beb ECDH: Disable Everest by default 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
b33e811f2d ECDH: Fix file permission problem 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
6a1a9e468d ECDSA: Add mbedtls_ecdsa_can_do 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
9b33e7d7d7 ECDH: Exclude FStar and Hacl* from exported symbol checks 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
346932a099 Fix preprocessor directive recognition in list-enum-consts.pl 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
89f36aeb2a Add new 3rdparty build scripts 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
e14c779615 ECDH: Everest: Remove unnecessary file 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
3dca1a405a ECDH: Fix error checks in benchmark.c 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
f4bee2fbf7 ECDH: Use LOCAL_CFLAGS instead of CFLAGS 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
e50b9704d0 ECDH: Fix whitespace and doxygen comment 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
c14dd845ad ECDH: Add Everest Curve25519 to VS project files
This being the first 3rdparty-contribution, we may want to consider the
structure of the project file generation scripts. Perhaps add small,
constribution-specific scripts to each directory in 3rdparty instead of adding
all constraints to generate_visualc_files.pl?
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
b4e63a14d9 ECDH: Improve ECDH full handshake benchmark 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
0b93102415 ECDH: Rename full handshake benchmark 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
e0e8eb3114 ECDH: Add #ifdef filter to tests/scripts/list-enum-consts.pl
This allows the use of #ifdef ... #endif in enum definitions (e.g.,
mbedtls_ecdh_variant in ecdh.h).
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
0bc9c693ce ECDH: Add new (non-legacy) ECDH benchmark 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
977d89ab29 ECDH: Include Everest Curve25519 in build scripts 2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
02b8048846 ECDH: Add Everest Curve25519 config.h option 2019-08-29 16:12:38 +01:00
Jaeden Amero
3ec504738e Merge remote-tracking branch 'origin/pr/2807' into development
* origin/pr/2807:
  platform: Include stdarg.h where needed
  Update Mbed Crypto to contain mbed-crypto#152
  CMake: Add a subdirectory build regression test
  README: Enable builds as a CMake subproject
  ChangeLog: Enable builds as a CMake subproject
  Remove use of CMAKE_SOURCE_DIR
  Update library version to 2.18.0
2019-08-29 12:24:47 +01:00
Jaeden Amero
cfc9c8cdb8 Merge remote-tracking branch 'origin/pr/2798' into development
* origin/pr/2798:
  Update the crypto submodule
  Use multipart PSA key derivation API
2019-08-29 12:24:28 +01:00
Jaeden Amero
4e0db5642a Merge branch 'mbedtls-2.18' into development
Bring Mbed TLS 2.18.0 and 2.18.1 release changes back into the
development branch. We had branched to release 2.18.0 and 2.18.1 in
order to allow those releases to go out without having to block work on
the `development` branch.

Manually resolve conflicts in the Changelog by moving all freshly addded
changes to a new, unreleased version entry.

Reject changes to include/mbedtls/platform.h made in the mbedtls-2.18
branch, as that file is now sourced from Mbed Crypto.

* mbedtls-2.18:
  platform: Include stdarg.h where needed
  Update Mbed Crypto to contain mbed-crypto#152
  CMake: Add a subdirectory build regression test
  README: Enable builds as a CMake subproject
  ChangeLog: Enable builds as a CMake subproject
  Remove use of CMAKE_SOURCE_DIR
  Update library version to 2.18.0
2019-08-27 11:18:28 +01:00
Jaeden Amero
b2d61e3742 Merge remote-tracking branch 'origin/pr/2792' into development
Merged from the top PR in a multi-part PR series:
- https://github.com/ARMmbed/mbedtls/pull/2792 (merged from here)
- https://github.com/ARMmbed/mbedtls/pull/2791
- https://github.com/ARMmbed/mbedtls/pull/2789
- https://github.com/ARMmbed/mbedtls/pull/2788
- https://github.com/ARMmbed/mbedtls/pull/2785
- https://github.com/ARMmbed/mbedtls/pull/2766
- https://github.com/ARMmbed/mbedtls/pull/2764

* origin/pr/2792: (114 commits)
  Don't redefine calloc and free
  Add changelog entry to record checking
  Fix compiler warning
  Add debug messages
  Remove duplicate entries from ChangeLog
  Fix parameter name in doxygen
  Add missing guards for mac usage
  Improve reability and debugability of large if
  Fix a typo in a comment
  Fix MSVC warning
  Fix compile error in reduced configurations
  Avoid duplication of session format header
  Implement config-checking header to context s11n
  Provide serialisation API only if it's enabled
  Fix compiler warning: comparing signed to unsigned
  Actually reset the context on save as advertised
  Re-use buffer allocated by handshake_init()
  Enable serialisation tests in ssl-opt.sh
  Change requirements for setting timer callback
  Add setting of forced fields when deserializing
  ...
2019-08-27 08:34:58 +01:00
Jarno Lamsa
472a2a2fcd Don't redefine calloc and free 2019-08-23 13:13:52 +03:00
Jarno Lamsa
9e90df58c0 Add changelog entry to record checking
Add changelog entry to record checking. The record checking
feature is used with Connection ID and SSL context serialisation.
2019-08-23 13:11:31 +03:00
Jarno Lamsa
b7b486cfd1 Fix compiler warning
Fix a compiler warning when MBEDTLS_SHA512_C isn't defined.
2019-08-23 13:11:31 +03:00
Jarno Lamsa
8c51b7cd94 Add debug messages
Add debug messages to easier identify which condition fails
with usage restrictions in mbedtls_ssl_context_save()
2019-08-23 13:11:31 +03:00
Jarno Lamsa
bccf03591f Remove duplicate entries from ChangeLog 2019-08-23 13:11:31 +03:00
Jarno Lamsa
b9ca1b0868 Fix parameter name in doxygen 2019-08-23 13:11:31 +03:00
Jarno Lamsa
c84bd24224 Add missing guards for mac usage
There were couple of cases where guards were missing when
no ciphersuites are using mac.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
e458869b3f Improve reability and debugability of large if
Breaking into a series of statements makes things easier when stepping through
the code in a debugger.

Previous comments we stating the opposite or what the code tested for (what we
want vs what we're erroring out on) which was confusing.

Also expand a bit on the reasons for these restrictions.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
4ca930f8b9 Fix a typo in a comment 2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
f041f4e19c Fix MSVC warning
We know the length of the ALPN string is always less than 255, so the cast to
uint8_t is safe.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
9a96fd7ac3 Fix compile error in reduced configurations
Found by running scripts/baremetal.h --rom --gcc --check after adding
MBEDTLS_SSL_CONTEXT_SERIALIZATION to baremetal.h
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
45ac1f0c92 Avoid duplication of session format header 2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
4e9370ba91 Implement config-checking header to context s11n
Modelled after the config-checking header from session s11n.

The list of relevant config flags was established by manually checking the
fields serialized in the format, and which config.h flags they depend on.
This probably deserves double-checking by reviewers.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
5c0e377532 Provide serialisation API only if it's enabled 2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
5ea13b854a Fix compiler warning: comparing signed to unsigned
Since the type of cid_len is unsigned but shorter than int, it gets
"promoted" to int (which is also the type of the result), unless we make the
other operand an unsigned int which then forces the expression to unsigned int
as well.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
9df5a82079 Actually reset the context on save as advertised
Also fix some wording in the documentation while at it.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
142ba736d9 Re-use buffer allocated by handshake_init()
This fixes a memory leak as well (found by running ssl-opt.sh in an Asan
build).
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
862b3196d6 Enable serialisation tests in ssl-opt.sh
They currently pass in a default build.
2019-08-23 13:11:31 +03:00