Christoph M. Wintersteiger
54d09ad0df
3rdparty: Rename THIRDPARTY_OBJECTS
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
50d9f095ec
3rdparty: Update description of MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
37eb90617a
3rdparty: Fix Makefile coding conventions
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
8cd4fba777
ECDSA: Refactor return value checks for mbedtls_ecdsa_can_do
2019-08-29 16:12:38 +01:00
Gilles Peskine
0a92cc1f5c
Add a changelog entry for Everest ECDH (X25519)
2019-08-29 16:12:38 +01:00
Gilles Peskine
7e65c05bb0
Document that curve lists can include partially-supported curves
...
Document that a curve returned by mbedtls_ecp_curve_list() or
mbedtls_ecp_grp_id_list() may lack support for ECDH or ECDSA.
Add a corresponding changelog entry, under "API Changes" because we
have changed the behavior: formerly, these functions skipped ECDH-only
curves, although this was not documented.
2019-08-29 16:12:38 +01:00
Gilles Peskine
c6c7c49fd6
Add mbedtls_ecdh_can_do
...
All curves can currently do ECDH, but to make the API symmetric and
future-proof, add mbedtls_ecdh_can_do() to go with mbedtls_ecdsa_can_do().
2019-08-29 16:12:38 +01:00
Gilles Peskine
b14c4a533d
Fix build with gcc -Wshadow
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
21411d2b79
ECDH: Make benchmarks check MBEDTLS_ERR_PLATFORM_FEATURE_UNSUPPORTED
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
655ddababa
3rdparty: Add additional build facilities for 3rd-party code
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
181f284e39
config.h: Silence missing documentation warning
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
6cddd30beb
ECDH: Disable Everest by default
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
b33e811f2d
ECDH: Fix file permission problem
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
6a1a9e468d
ECDSA: Add mbedtls_ecdsa_can_do
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
9b33e7d7d7
ECDH: Exclude FStar and Hacl* from exported symbol checks
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
346932a099
Fix preprocessor directive recognition in list-enum-consts.pl
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
89f36aeb2a
Add new 3rdparty build scripts
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
e14c779615
ECDH: Everest: Remove unnecessary file
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
3dca1a405a
ECDH: Fix error checks in benchmark.c
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
f4bee2fbf7
ECDH: Use LOCAL_CFLAGS instead of CFLAGS
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
e50b9704d0
ECDH: Fix whitespace and doxygen comment
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
c14dd845ad
ECDH: Add Everest Curve25519 to VS project files
...
This being the first 3rdparty-contribution, we may want to consider the
structure of the project file generation scripts. Perhaps add small,
constribution-specific scripts to each directory in 3rdparty instead of adding
all constraints to generate_visualc_files.pl?
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
b4e63a14d9
ECDH: Improve ECDH full handshake benchmark
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
0b93102415
ECDH: Rename full handshake benchmark
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
e0e8eb3114
ECDH: Add #ifdef filter to tests/scripts/list-enum-consts.pl
...
This allows the use of #ifdef ... #endif in enum definitions (e.g.,
mbedtls_ecdh_variant in ecdh.h).
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
0bc9c693ce
ECDH: Add new (non-legacy) ECDH benchmark
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
977d89ab29
ECDH: Include Everest Curve25519 in build scripts
2019-08-29 16:12:38 +01:00
Christoph M. Wintersteiger
02b8048846
ECDH: Add Everest Curve25519 config.h option
2019-08-29 16:12:38 +01:00
Jaeden Amero
3ec504738e
Merge remote-tracking branch 'origin/pr/2807' into development
...
* origin/pr/2807:
platform: Include stdarg.h where needed
Update Mbed Crypto to contain mbed-crypto#152
CMake: Add a subdirectory build regression test
README: Enable builds as a CMake subproject
ChangeLog: Enable builds as a CMake subproject
Remove use of CMAKE_SOURCE_DIR
Update library version to 2.18.0
2019-08-29 12:24:47 +01:00
Jaeden Amero
cfc9c8cdb8
Merge remote-tracking branch 'origin/pr/2798' into development
...
* origin/pr/2798:
Update the crypto submodule
Use multipart PSA key derivation API
2019-08-29 12:24:28 +01:00
Jaeden Amero
4e0db5642a
Merge branch 'mbedtls-2.18' into development
...
Bring Mbed TLS 2.18.0 and 2.18.1 release changes back into the
development branch. We had branched to release 2.18.0 and 2.18.1 in
order to allow those releases to go out without having to block work on
the `development` branch.
Manually resolve conflicts in the Changelog by moving all freshly addded
changes to a new, unreleased version entry.
Reject changes to include/mbedtls/platform.h made in the mbedtls-2.18
branch, as that file is now sourced from Mbed Crypto.
* mbedtls-2.18:
platform: Include stdarg.h where needed
Update Mbed Crypto to contain mbed-crypto#152
CMake: Add a subdirectory build regression test
README: Enable builds as a CMake subproject
ChangeLog: Enable builds as a CMake subproject
Remove use of CMAKE_SOURCE_DIR
Update library version to 2.18.0
2019-08-27 11:18:28 +01:00
Jaeden Amero
b2d61e3742
Merge remote-tracking branch 'origin/pr/2792' into development
...
Merged from the top PR in a multi-part PR series:
- https://github.com/ARMmbed/mbedtls/pull/2792 (merged from here)
- https://github.com/ARMmbed/mbedtls/pull/2791
- https://github.com/ARMmbed/mbedtls/pull/2789
- https://github.com/ARMmbed/mbedtls/pull/2788
- https://github.com/ARMmbed/mbedtls/pull/2785
- https://github.com/ARMmbed/mbedtls/pull/2766
- https://github.com/ARMmbed/mbedtls/pull/2764
* origin/pr/2792: (114 commits)
Don't redefine calloc and free
Add changelog entry to record checking
Fix compiler warning
Add debug messages
Remove duplicate entries from ChangeLog
Fix parameter name in doxygen
Add missing guards for mac usage
Improve reability and debugability of large if
Fix a typo in a comment
Fix MSVC warning
Fix compile error in reduced configurations
Avoid duplication of session format header
Implement config-checking header to context s11n
Provide serialisation API only if it's enabled
Fix compiler warning: comparing signed to unsigned
Actually reset the context on save as advertised
Re-use buffer allocated by handshake_init()
Enable serialisation tests in ssl-opt.sh
Change requirements for setting timer callback
Add setting of forced fields when deserializing
...
2019-08-27 08:34:58 +01:00
Jarno Lamsa
472a2a2fcd
Don't redefine calloc and free
2019-08-23 13:13:52 +03:00
Jarno Lamsa
9e90df58c0
Add changelog entry to record checking
...
Add changelog entry to record checking. The record checking
feature is used with Connection ID and SSL context serialisation.
2019-08-23 13:11:31 +03:00
Jarno Lamsa
b7b486cfd1
Fix compiler warning
...
Fix a compiler warning when MBEDTLS_SHA512_C isn't defined.
2019-08-23 13:11:31 +03:00
Jarno Lamsa
8c51b7cd94
Add debug messages
...
Add debug messages to easier identify which condition fails
with usage restrictions in mbedtls_ssl_context_save()
2019-08-23 13:11:31 +03:00
Jarno Lamsa
bccf03591f
Remove duplicate entries from ChangeLog
2019-08-23 13:11:31 +03:00
Jarno Lamsa
b9ca1b0868
Fix parameter name in doxygen
2019-08-23 13:11:31 +03:00
Jarno Lamsa
c84bd24224
Add missing guards for mac usage
...
There were couple of cases where guards were missing when
no ciphersuites are using mac.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
e458869b3f
Improve reability and debugability of large if
...
Breaking into a series of statements makes things easier when stepping through
the code in a debugger.
Previous comments we stating the opposite or what the code tested for (what we
want vs what we're erroring out on) which was confusing.
Also expand a bit on the reasons for these restrictions.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
4ca930f8b9
Fix a typo in a comment
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
f041f4e19c
Fix MSVC warning
...
We know the length of the ALPN string is always less than 255, so the cast to
uint8_t is safe.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
9a96fd7ac3
Fix compile error in reduced configurations
...
Found by running scripts/baremetal.h --rom --gcc --check after adding
MBEDTLS_SSL_CONTEXT_SERIALIZATION to baremetal.h
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
45ac1f0c92
Avoid duplication of session format header
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
4e9370ba91
Implement config-checking header to context s11n
...
Modelled after the config-checking header from session s11n.
The list of relevant config flags was established by manually checking the
fields serialized in the format, and which config.h flags they depend on.
This probably deserves double-checking by reviewers.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
5c0e377532
Provide serialisation API only if it's enabled
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
5ea13b854a
Fix compiler warning: comparing signed to unsigned
...
Since the type of cid_len is unsigned but shorter than int, it gets
"promoted" to int (which is also the type of the result), unless we make the
other operand an unsigned int which then forces the expression to unsigned int
as well.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
9df5a82079
Actually reset the context on save as advertised
...
Also fix some wording in the documentation while at it.
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
142ba736d9
Re-use buffer allocated by handshake_init()
...
This fixes a memory leak as well (found by running ssl-opt.sh in an Asan
build).
2019-08-23 13:11:31 +03:00
Manuel Pégourié-Gonnard
862b3196d6
Enable serialisation tests in ssl-opt.sh
...
They currently pass in a default build.
2019-08-23 13:11:31 +03:00