1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-10 10:40:59 +03:00
Commit Graph

13540 Commits

Author SHA1 Message Date
1e23f938cb Merge pull request #8817 from daverodgman/iar-pk-fix
Compiler warning fixes
2024-02-13 16:33:24 +00:00
8fe2e36de5 Merge pull request #8801 from gilles-peskine-arm/sha3-no-table
Inline the SHA3 parameters table into a switch
2024-02-13 14:06:44 +00:00
b4cb8bef42 Fix remaining warnings from -Wshorten-64-to-32
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-13 13:41:16 +00:00
aa74165948 Fix IAR cast warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-13 13:40:26 +00:00
1d33876d37 Fix some preprocessor guards
Fix the build in some configurations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 19:07:45 +01:00
fc3d866ad2 mbedtls_pk_import_into_psa: implement and test
Implement mbedtls_pk_import_into_psa for all PK types except RSA_ALT.
This covers importing a key pair, importing a public key and importing
the public part of a key pair.

Test mbedtls_pk_import_into_psa() with the output of
mbedtls_pk_get_psa_attributes(). Also unit-test mbedtls_pk_import_into_psa()
on its own to get extra coverage, mostly for negative cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 17:32:44 +01:00
6adbb2a351 Implement safe buffer copying in asymm. encryption
Use local copy buffer macros to implement safe
copy mechanism in asymmetric encryption API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 12:48:36 +00:00
91ce792253 Fix return code error when locking mutex
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-12 12:17:28 +00:00
03f1ea3624 Change condition on wiping tag buffer
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 12:07:38 +00:00
1ffc5cb4a5 Modify allocation and buffer wiping in sign_finish
Allocate immediately after declaration and only wipe
tag buffer if allocation didn't fail.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 12:07:38 +00:00
7480a74cba Fix code style
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 12:07:38 +00:00
c6705c6cb2 Conditionally include exit label
... on MAC functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 12:07:38 +00:00
8db8d1a83e Implement safe buffer copying in MAC API
Use buffer local copy macros to implement safe
copy mechanism in MAC API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 12:07:02 +00:00
d2411565ce Fix code style
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 11:43:07 +00:00
dedd1006b6 Conditionally include exit label
...on hash functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 11:43:07 +00:00
51ffac9f40 Implement buffer copy code in psa_hash_compare
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 11:34:02 +00:00
31d8c0bdb4 Make new internal function static
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 11:34:02 +00:00
1c5118e58c Implement safe buffer copying in hash API
Use local copy buffer macros to implement safe
copy mechanism in hash API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2024-02-12 11:34:02 +00:00
92fb604139 Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 11:24:08 +01:00
19f1adfc69 New function mbedtls_rsa_get_bitlen()
Document, implement and test mbedtls_rsa_get_bitlen().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-12 11:23:05 +01:00
e02b63ac89 Merge branch 'Mbed-TLS:development' into threadsafe-key-locking 2024-02-12 10:04:07 +00:00
f741db3d6e Merge pull request #8764 from Ryan-Everett-arm/threadsafe-key-wiping
Make key destruction thread safe
2024-02-12 09:37:59 +00:00
2e2af414d0 Merge pull request #7604 from zvolin/feature/pkcs5-aes
Add AES encrypted keys support for PKCS5 PBES2
2024-02-10 08:46:18 +00:00
7175d71328 Remove unnecessary setting of status variable
The status is guaranteed to be PSA_SUCCESS at these points, so setting
them is redundant.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-09 18:20:05 +00:00
a6ac0f1330 Replaced MBEDTLS_GCM_LARGETABLE by MBEDTLS_GCM_LARGE_TABLE. Removed empty comment line in doc block.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2024-02-09 17:11:54 +01:00
ee5920a7d5 Fix error path in psa_key_derivation_output_bytes
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-09 15:09:28 +00:00
9dc076b4f4 Fix issue with lock failures returning CORRUPTION_DETECTED
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-09 14:20:09 +00:00
7fee4f7318 Fix mutex unlock error handling in psa_destroy_key
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-09 14:11:27 +00:00
10902c5640 Use NULL for pointer initialization
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com>
2024-02-09 11:14:50 +01:00
a93e25e749 tls12: Fix documentation of TLS 1.2 session serialized data
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-09 10:01:30 +01:00
2653e92a57 pem: fix valid data length returned by mbedtls_pem_read_buffer()
ctx->buflen now returns the amount of valid data in ctx->buf.
Unencrypted buffers were already ok, but encrypted ones were
used to return the length of the encrypted buffer, not the
unencrypted one.
This commit fix this behavior for encrypted buffers.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-09 06:42:18 +01:00
b1f6d2ad6f asn1: enable mbedtls_asn1_get_tag() when PEM_PARSE_C is defined
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-09 06:42:18 +01:00
9de84bd677 rsa: reject buffers with data outside main SEQUENCE when parsing keys
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-09 06:42:18 +01:00
791fc2e24c Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-08 14:26:29 +00:00
782667883a Fix:
- Remove unnecessary tests.
- Update description of MBEDTLS_GCM_LARGETABLE parameter.
- Move acceleration defines from gcm.h to gcm.c.
- Remove unnecessary zero setting after shift.
- Fix implementation for big-endian architectures.

Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2024-02-08 13:59:15 +01:00
7a28738205 Merge pull request #8636 from paul-elliott-arm/new_test_thread_interface
New test thread interface
2024-02-08 12:35:40 +00:00
195c0bc24e tls: Reset TLS maximum negotiable version
When reseting an SSL context with
mbedtls_ssl_session_reset() reset
the TLS maximum negotiable version
as configured.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-08 11:54:55 +01:00
a3172d1e96 Inline the SHA3 parameters table into a switch
This saves a few bytes of code size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2024-02-08 10:47:08 +01:00
b7307630bb Merge pull request #8703 from valeriosetti/issue7765-guards-in-asn1
Conversion function between raw and DER ECDSA signatures (guards in ASN1)
2024-02-08 08:45:30 +00:00
7bf1e98f44 Merge pull request #8740 from valeriosetti/issue8647
Move RSA basic key parsing/writing to rsa.c
2024-02-08 08:35:42 +00:00
c8de362202 Merge pull request #8665 from ivq/reduce_static_mem
Reduce many unnecessary static memory consumption
2024-02-07 23:26:27 +00:00
5d2e82f0ce Guard memcpy so that it won't fail on null input pointer
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-07 17:32:16 +00:00
b41c3c9582 Guard the exit to stop unused label warning
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-07 17:32:16 +00:00
da9227de7c Fix psa_key_derivation_output_bytes
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-07 17:32:16 +00:00
f943e22bb9 Protect key_derivation_output_bytes
If the alloc fails I belive it is okay to preserve the algorithm.
The alloc cannot fail with BAD_STATE, and this setting is only used
to differentiate between a exhausted and blank.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-07 17:32:16 +00:00
d1e398c374 Protect psa_key_derivation_input_bytes
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-07 17:32:16 +00:00
1910390b4a psa_util: improve leading zeros check in convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 16:16:58 +01:00
0767fdadbf Enhance GCM throughput using larger precalculated tables. Also refactored the code for shorter tables and moved the check for available accelerators to the context initialization code.
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2024-02-07 13:17:50 +01:00
1d7bc1ecdf Merge pull request #8717 from valeriosetti/issue8030
PSA FFDH: feature macros for parameters
2024-02-07 10:06:03 +00:00
57a0957938 Merge pull request #8788 from daverodgman/old-gcc-alignment-bug
Change unaligned access method for old gcc
2024-02-07 09:31:45 +00:00