Commit graph

10279 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard 0956e3ebed Exclude NO_SHA224 option from scripts/config.pl
As a negative option that removes a feature it should be excluded.
2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard e06cc3109c Add MBEDTLS_SHA256_NO_SHA224 to baremetal.h 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 394c5fb24b Implement NO_SHA224 in MD layer as well 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 5a26ff3cf9 Declare dependencies on !NO_SHA224 in test suites 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard abebdd16ef Adapt SHA-256 selftest to NO_SHA224 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 8463d29156 Implement MBEDTLS_SHA256_NO_SHA224 2019-09-09 10:21:30 +02:00
Manuel Pégourié-Gonnard 9b781b2880 Add MBEDTLS_SHA256_NO_SHA244 option (unimplemented) 2019-09-09 09:06:56 +02:00
Jarno Lamsa 28012e2ea2 Remove redundant rng wrapper 2019-09-09 08:42:11 +03:00
Jarno Lamsa f35f35bcbe Use rnd_std_rand for generating hash 2019-09-09 08:19:56 +03:00
Jarno Lamsa a7e0f632fc Add unit tests for primitive test vectors
Add a unit test for both ECDSA and ECDH, testing
reference test vectors for secp256r1.
2019-09-09 08:19:56 +03:00
Jarno Lamsa 34fcbfe287 Add rng for the tinycrypt tests
Use rnd_std_rand for the rng.
2019-09-09 08:19:56 +03:00
Jarno Lamsa 6c2f76e9cd Add a unit test for ECDSA
Add a basic unit test for the ECDSA part of the tinycrypt.
It generates keys, signs and verifies. Modified from tinycrypt
tests found in tinycrypt-repository.
2019-09-09 08:19:56 +03:00
Jarno Lamsa 7c5dc6b20a Add test suite for tinycrypt
Initially add a test for ECDH-part.
2019-09-09 08:19:56 +03:00
Simon Butcher 0e895727be Merge remote-tracking branch 'origin/pr/656' into baremetal 2019-09-07 12:48:28 +01:00
Simon Butcher d82db9d48c Merge remote-tracking branch 'origin/pr/649' into baremetal 2019-09-07 12:46:12 +01:00
Simon Butcher d91adcf7f5 Merge remote-tracking branch 'origin/pr/624' into baremetal 2019-09-07 12:44:42 +01:00
Simon Butcher 2da461e657 Merge remote-tracking branch 'origin/pr/655' into baremetal 2019-09-07 12:35:54 +01:00
Simon Butcher e501c8d308 Merge remote-tracking branch 'origin/pr/644' into baremetal 2019-09-07 12:34:46 +01:00
Jaeden Amero 04a049bda1 Merge remote-tracking branch 'origin/pr/2823' into mbedtls-2.16
* origin/pr/2823:
  Bump version to Mbed TLS 2.16.3
2019-09-06 13:35:30 +01:00
Jaeden Amero fcb8711f6f Bump version to Mbed TLS 2.16.3 2019-09-06 13:27:00 +01:00
Hanno Becker d5cfe6fbd0 Use native DTLS version encoding if only DTLS is enabled
This commit changes the internal identifiers

  MBEDTLS_SSL_MINOR_VERSION_XXX

in DTLS-only builds to match the version encoding used by the
DTLS standard, encoding DTLS 1.0 as 255 and DTLS 1.2 as DTLS 1.0.
Accordingly, the version comparison functions introduced in the
previous commit must be re-implemented, as older version have
_larger_ identifiers now.

Further, since we identify DTLS 1.0 as MBEDTLS_SSL_MINOR_VERSION_2
and DTLS 1.2 as MBEDTLS_SSL_MINOR_VERSION_3, what remains is to
define MBEDTLS_SSL_MINOR_VERSION_{0|1}. While these don't have any
meaning meaning in DTLS, they still need to be set and obey the
ordering in the sense that the version comparison functions '<='
should attest that

  MBEDTLS_SSL_MINOR_VERSION_i '<=' MBEDTLS_SSL_MINOR_VERSION_j

for i <= j. Since '<=' is actually >= and the wire format value
for DTLS 1.0 == MBEDTLS_SSL_MINOR_VERSION_2 is the 255, this
forces us to use values beyond 255, and hence to extend the
storage type for minor versions from uint8_t to uint16_t.
2019-09-06 10:35:41 +01:00
Teppo Järvelin f69e641e03 Changed x509_internal.h methods as static.
Moved some functions under defined to get rid of compiler warnings.
Functions moved under defines:
 - mbedtls_x509_get_alg
 - mbedtls_x509_get_alg_null
 - mbedtls_x509_get_time
 - mbedtls_x509_get_ext
 - mbedtls_x509_sig_alg_gets
 - mbedtls_x509_key_size_helper

Left one function (mbedtls_x509_write_names) as non static as it increased code size.
2019-09-06 10:03:36 +03:00
Teppo Järvelin c3e5716aaf Some minor struct optimizations. 2019-09-06 07:58:36 +03:00
Jaeden Amero 89408672eb Merge remote-tracking branch 'origin/mbedtls-2.16' into mbedtls-2.16-restricted
* origin/mbedtls-2.16:
  Changelog entry
  Check for zero length and NULL buffer pointer
  ssl-opt.sh: wait for proxy to start before running the script further
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
2019-09-05 18:14:55 +01:00
Hanno Becker 7bcf2b5875 Introduce version comparing functions
This zero-cost abstraction allows to change the internal encoding
of TLS/DTLS versions in the future.
2019-09-05 17:37:55 +01:00
Jaeden Amero c3bfb20a41 Merge remote-tracking branch 'origin/pr/2645' into mbedtls-2.16
* origin/pr/2645:
  Adapt ChangeLog
  Fix mpi_bigendian_to_host() on bigendian systems
2019-09-05 17:37:13 +01:00
Jaeden Amero 71db1de226 Merge remote-tracking branch 'origin/pr/2793' into mbedtls-2.16
* origin/pr/2793:
  Changelog entry
  Check for zero length and NULL buffer pointer
2019-09-05 15:57:34 +01:00
Hanno Becker 963d49f79a ssl-opt.sh: Remove now-redundant explicit DTLS dependencies
Dependencies on DTLS are now auto-detected from the command line.
2019-09-05 14:55:56 +01:00
Hanno Becker a43f85c9b2 ssl-opt.sh: Auto-skip tests depending on DTLS 2019-09-05 14:51:20 +01:00
Hanno Becker fcda6ddae1 Fixup: Correct typo in DTLS only component of all.sh 2019-09-05 14:50:00 +01:00
Jaeden Amero f09a120b08 Merge remote-tracking branch 'origin/pr/2817' into mbedtls-2.16
* origin/pr/2817:
  ssl-opt.sh: wait for proxy to start before running the script further
2019-09-05 14:24:39 +01:00
Hanno Becker baac25d2bf Add DTLS-only build + test to all.sh 2019-09-05 13:57:01 +01:00
Hanno Becker 73b72d1890 ssl-opt.sh: Auto-skip tests using TLS if TLS is disabled 2019-09-05 13:57:01 +01:00
Hanno Becker d016e44e3c Baremetal config: Remove deprecated functions
This doesn't make a difference after link time optimization
because they aren't used, but it yields more accurate code-size
figures from baremetal.sh.
2019-09-05 13:37:03 +01:00
Hanno Becker fceba69c25 Baremetal config: Remove MBEDTLS_SSL_TICKETS_C
This doesn't make a difference after link time optimization because
tickets aren't used, but it yields more accurate code-size figures
from baremetal.sh.
2019-09-05 13:36:49 +01:00
Manuel Pégourié-Gonnard 0cfb6efad4 Add work-around for non-C99 compilers 2019-09-05 14:07:01 +02:00
Manuel Pégourié-Gonnard 8bf8f2ebde Improve documentation in config.h 2019-09-05 13:08:21 +02:00
Manuel Pégourié-Gonnard c7abba3796 Use static inline function unconditionally
No need to play tricks with macros and functions depending on whether
SHA256_SMALLER is enabled or not, with a static inline function all common
compilers (tested with arm-gcc, armcc5, arm-clang) will Do The Right Thing
depending on whether we told them to optimize for size or speed.
2019-09-05 12:09:59 +02:00
Teppo Järvelin 30185bb82b struct optimization for mbedtls_record 2019-09-05 08:54:13 +03:00
Teppo Järvelin 22854511bb struct optimization for mbedtls_ssl_transform 2019-09-05 08:54:13 +03:00
Teppo Järvelin d689a67af2 struct optimization for mbedtls_x509_crl 2019-09-05 08:54:13 +03:00
Teppo Järvelin 648fbbad8f struct optimization for mbedtls_ssl_context 2019-09-05 08:54:13 +03:00
Teppo Järvelin 1cd48143c3 struct optimization for mbedtls_ssl_handshake_params 2019-09-05 08:54:13 +03:00
Hanno Becker d601854548 Fixup TinyCrypt Tests: Remove redundant guards 2019-09-04 16:19:49 +01:00
Hanno Becker 683d84a5d7 Fixup TinyCrypt PK parse: Correct function name in comment 2019-09-04 16:19:49 +01:00
Hanno Becker f45d9da878 Fixup certs.c: Remove redundant TinyCrypt guard 2019-09-04 16:19:49 +01:00
Hanno Becker d2929b5626 Fixup TinyCrypt PK wrap: Check TinyCrypt signature return code 2019-09-04 16:19:49 +01:00
Hanno Becker 96d34d57ec TinyCrypt PK Wrap: Remove dependency on ASN.1 writing
The TinyCrypt PK signature wrapper uses ASN.1 writing functions
for length and tag, accounting for the only dependency of the
baremetal build on ASN.1 writing.

Since all lengths to be encoded are below 128 Bytes and are hence
ASN.1 encoded as single Bytes, the dependency on ASN.1 writing can
be removed at low complexity by writing the length and tags directly.
2019-09-04 16:19:49 +01:00
Hanno Becker 1b82685dc9 Fixup debug.h and ssl_internal.h: Add missing include of ecdh.h
Previously, this wasn't necessary because ecdh.h was included
through ssl.h, but now that this is no longer the case (because
ssl.h doesn't use ECDH), we have to include it explicitly.
2019-09-04 16:19:49 +01:00
Hanno Becker 82a7a21982 Fixup: Correct inclusion of legacy ECP headers in ssl.h
Previously, ecp.h was included only if MBEDTLS_ECDH_C was set,
which broke the build in configurations using ECDSA, but not ECDH.
An example of such a config is configs/config-thread.h, which
uses ECJPAKE exclusively.

Moreover, the inclusion of ecdh.h isn't needed, because the header
only uses constants defined in the ECP module.
2019-09-04 16:19:49 +01:00