mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-08 17:42:09 +03:00

Author	SHA1	Message	Date
Pengyu Lv	2bd56de3f4	ssl: replace MBEDTLS_SSL_HAVE_*_CBC with two seperate macros MBEDTLS_SSL_HAVE_<block_cipher>_CBC equals MBEDTLS_SSL_HAVE_<block_cipher> and MBEDTLS_SSL_HAVE_CBC. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 14:21:19 +08:00
Pengyu Lv	65458fa969	ssl: MBEDTLS_SSL_HAVE_* in ssl_misc.h Done by commands: ``` sed -i "300,$ s/MBEDTLS_$AES\\|CAMELLIA\\|ARIA\\|CHACHAPOLY$_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h sed -i "300,$ s/MBEDTLS_$GCM\\|CCM$_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h sed -i "300,$ s/MBEDTLS_CIPHER_MODE_$CBC$/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 12:16:29 +08:00
Pengyu Lv	829dd2048a	ssl: use MBEDTLS_SSL_HAVE_* in ssl_ciphersuites.c Mainly done by the commands, with some manual adjust. ``` sed -i "s/MBEDTLS_$AES\\|CAMELLIA\\|ARIA\\|CHACHAPOLY$_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c sed -i "s/MBEDTLS_$GCM\\|CCM$_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c sed -i "s/MBEDTLS_CIPHER_MODE_$CBC$/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 12:01:26 +08:00
Pengyu Lv	f1b86b088f	ssl: add macro to indicate CBC mode is available Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 11:28:42 +08:00
Pengyu Lv	e870cc8c86	ssl: add macro for available key types Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 11:28:36 +08:00
Tom Cosgrove	53199b1c0a	Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed TLS 1.3: EarlyData SRV: Write early data extension in EncryptedExtension	2023-11-07 13:59:13 +00:00
Yanray Wang	4995e0c31b	cipher.c: return error for ECB-decrypt under BLOCK_CIPHER_NO_DECRYPT - fix remaining dependency in test_suite_psa_crypto.data Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-07 17:51:32 +08:00
Tom Cosgrove	4122c16abd	Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption	2023-11-07 09:26:21 +00:00
Jerry Yu	7cca7f6820	move ext print to the end of write client hello pre_shared_key extension is done at the end. The information should be print after that Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-07 15:19:13 +08:00
Jerry Yu	1ccd6108e8	Revert "fix miss sent extensions mask" This reverts commit `06b364fdfd`. It has been set in write_binders Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-07 14:57:44 +08:00
Jerry Yu	7ef9fd8989	fix various issues - Debug message - Improve comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-07 14:31:37 +08:00
Jerry Yu	2bea94ce2e	check the ticket version unconditional Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-07 14:18:17 +08:00
Yanray Wang	0751761b49	max_early_data_size: rename configuration function Rename mbedtls_ssl_tls13_conf_max_early_data_size as mbedtls_ssl_conf_max_early_data_size since in the future this may not be specific to TLS 1.3. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-07 11:49:34 +08:00
Yanray Wang	d5ed36ff24	early data: rename configuration function Rename mbedtls_ssl_tls13_conf_early_data as mbedtls_ssl_conf_early_data since in the future this may not be specific to TLS 1.3. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-07 11:49:24 +08:00
Pengyu Lv	44670c6eda	Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption" This reverts commit `dadeb20383`. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-07 09:58:53 +08:00
David Horstmann	6fd4c7cff2	Add prototypes for psa_crypto_input_copy API This includes: * The psa_crypto_input_copy_t struct * psa_crypto_input_copy_alloc() * psa_crypto_input_copy_free() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-11-06 17:45:09 +00:00
David Horstmann	b3de69493c	Remove psa_crypto_alloc_and_copy() API This tied input and output buffers together in awkward pairs, which made the API more difficult to use. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-11-06 17:45:09 +00:00
Dave Rodgman	4b67ac8adf	Merge pull request #8444 from Mbed-TLS/cvv-code-size code size for mbedtls_cipher_validate_values	2023-11-06 12:50:37 +00:00
Yanray Wang	0d76b6ef76	Return an error if asking for decrypt under BLOCK_CIPHER_NO_DECRYPT If MBEDTLS_BLOCK_CIPHER_NO_DECRYPT is enabled, but decryption is still requested in some incompatible modes, we return an error of FEATURE_UNAVAILABLE as additional indication. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-06 10:02:10 +08:00
Yanray Wang	de0e2599ad	cipher_wrap.c: remove unnecessary NO_DECRYPT guard for DES Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-06 10:02:10 +08:00
Gilles Peskine	8b6b41f6cd	Merge pull request #8434 from valeriosetti/issue8407 [G2] Make TLS work without Cipher	2023-11-04 15:05:00 +00:00
David Horstmann	49a7276c49	Switch error code to more appropriate value Since we are internal rather than user-facing, PSA_ERROR_CORRUPTION_DETECTED makes more sense than PSA_ERROR_BUFFER_TOO_SMALL. Whilst it really is a buffer that is too small, this error code is intended to indicate that a user-supplied buffer is too small, not an internal one. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-11-03 19:51:40 +00:00
Dave Rodgman	bb5a18344a	Bump version ./scripts/bump_version.sh --version 3.5.1 --so-crypto 15 --so-x509 6 --so-tls 20 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-03 12:31:30 +00:00
Dave Rodgman	a9b6c64a69	Fix some non-standard headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-03 12:24:58 +00:00
Dave Rodgman	e3c05853d6	Header updates Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-03 12:21:36 +00:00
Dave Rodgman	4eb44e4780	Standardise some more headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-03 12:15:12 +00:00
Dave Rodgman	ce38adb731	Fix header in ssl_tls13_keys.c Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-03 10:29:25 +00:00
Dave Rodgman	f8be5f6ade	Fix overlooked files Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 20:43:00 +00:00
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
David Horstmann	72ab8ad44a	Reject zero-lengths in psa_crypto_copy_and_free() Zero-length buffers should be represented in the psa_crypto_buffer_copy_t struct as NULL if it was created in psa_crypto_alloc_and_copy(), so reject non-NULL zero-length buffers. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-11-02 18:39:42 +00:00
David Horstmann	2b79cbaa17	Reject NULL original_output with non-NULL output If we have a copy buffer but no original to copy back to, there is not much sensible we can do. The psa_crypto_buffer_copy_t state is invalid. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-11-02 18:39:42 +00:00
David Horstmann	f4bbb632cd	Add implementation of psa_crypto_copy_and_free() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-11-02 18:39:42 +00:00
David Horstmann	0fee689e57	Simplify zero-length buffers to always be NULL Since it is implementation-dependent whether malloc(0) returns NULL or a pointer, explicitly represent zero-length buffers as NULL in the buffer-copy struct, so as to have a uniform behaviour. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-11-02 18:33:17 +00:00
David Horstmann	83eef383c7	Add implementation of psa_crypto_alloc_and_copy() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-11-02 18:33:17 +00:00
David Horstmann	1d838b27b1	Add buffers struct and prototypes for alloc API Add function prototypes for psa_crypto_alloc_and_copy() and psa_crypto_alloc_and_free(), along with the necessary state struct. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-11-02 18:25:36 +00:00
David Horstmann	8978f5c32a	Add implementation of psa_crypto_copy_output() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-11-02 17:16:36 +00:00
David Horstmann	fde97394a0	Add implementation of psa_crypto_copy_input() Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-11-02 17:15:35 +00:00
Dave Rodgman	e91d7c5d68	Update comment to mention IAR Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 10:36:38 +00:00
Dave Rodgman	b351d60e99	Merge remote-tracking branch 'origin/development' into msft-aarch64	2023-11-01 13:20:53 +00:00
Jerry Yu	960b7ebbcf	move psk check to EE message on client side early_data extension is sent in EE. So it should not be checked in SH message. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-01 10:32:18 +08:00
Jerry Yu	82fd6c11bd	Add selected key and ciphersuite check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-01 10:32:17 +08:00
Jerry Yu	ce3b95e2c9	move ticket version check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-01 10:32:17 +08:00
Jerry Yu	454dda3e25	fix various issues - improve output message - Remove unnecessary checks - Simplify test command Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-01 10:28:43 +08:00
Dave Rodgman	9ba640d318	Simplify use of __has_builtin Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-31 23:34:02 +00:00
Dave Rodgman	90c8ac2205	Add case for MSVC Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-31 23:27:24 +00:00
Dave Rodgman	64bdeb89b9	Use non-empty definition for fallback Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-31 23:27:04 +00:00
Dave Rodgman	52e7052b6c	tidy up comments Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-31 23:26:44 +00:00
Dave Rodgman	3e5cc175e0	Reduce code size in mbedtls_cipher_validate_values Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-31 18:00:01 +00:00
Dave Rodgman	6d2c1b3748	Restructure mbedtls_cipher_validate_values Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-31 18:00:01 +00:00
Dave Rodgman	fb24a8425a	Introduce MBEDTLS_ASSUME Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-31 17:59:56 +00:00

... 22 23 24 25 26 ...

13507 Commits