1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-10 10:40:59 +03:00
Commit Graph

13540 Commits

Author SHA1 Message Date
b62732e1d6 tls13: cli: Add mbedtls_ssl_write_early_data() API
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
447bbce8b4 rsa: remove unnecessary check in priv/pub key parsing
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-07 08:02:03 +01:00
f45589b492 Merge pull request #8198 from silabs-Kusumit/kdf_incorrect_initial_capacity
KDF incorrect initial capacity
2024-02-06 17:29:43 +00:00
137e0c1a02 Merge pull request #8761 from valeriosetti/issue4681
Re-introduce enum-like checks from CHECK_PARAMS
2024-02-06 17:29:38 +00:00
fb7001f15b Merge pull request #8738 from gilles-peskine-arm/pk_import_into_psa-use_usage
Implement mbedtls_pk_get_psa_attributes
2024-02-06 17:28:54 +00:00
a76a0011ab Remove mutex calls in psa_wipe_all_key_slots
Code size and code style improvement, these calls aren't needed.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-02-06 16:45:54 +00:00
bb76f80218 pk_wrap: use proper raw buffer length in ecdsa_sign_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:57:23 +01:00
cf81f69977 psa_util: smarter raw length check in mbedtls_ecdsa_raw_to_der()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:57:12 +01:00
6269f3baf4 Revert "psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()"
This reverts commit d4fc5d9d1c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 16:55:18 +01:00
90e223364c tls13: cli: Refine early data status
The main purpose of the change is to
know from the status, at any point in
the handshake, if early data can be
sent or not and why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
fe59ff794d tls13: Send dummy CCS only once
Fix cases where the client was sending
two CCS, no harm but better to send only one.

Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
e093281a8b Pacify check-names
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 15:00:58 +00:00
d09f96b829 Improve docs
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:51:58 +00:00
18dc032fb4 Prevent unused warnings in psa_aead_set_nonce()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-06 13:39:02 +00:00
e000a0aedf Add buffer copying to psa_aead_verify()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-06 13:39:02 +00:00
6db0e73dc4 Add buffer copying to psa_aead_finish()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-06 13:39:02 +00:00
2914fac28a Add buffer copying to psa_aead_update()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-06 13:39:02 +00:00
25dac6edc1 Add buffer copying to psa_aead_update_ad()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-06 13:39:02 +00:00
fed23777f3 Refactor: Use wrapper around internal set_nonce()
* Rename psa_aead_set_nonce() to psa_aead_set_nonce_internal()
* Recreate psa_aead_set_nonce() as a wrapper that copies buffers before
  calling the internal function.

This is because psa_aead_set_nonce() is currently called by
psa_aead_generate_nonce(). Refactoring this to call the static internal
function avoids an extra set of buffer copies as well as simplifying
future memory poisoning testing.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-06 13:39:02 +00:00
8f0ef519d4 Add buffer copying to psa_aead_set_nonce()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-06 13:39:02 +00:00
d3cad8b017 Add buffer copying to psa_aead_generate_nonce()
Note that this is not strictly necessary as this function only copies to
the output buffer at the end. However, it simplifies testing for the
time being.

Future optimisation work could consider removing this copying.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-06 13:39:02 +00:00
7f2e040a9b Add buffer copying to psa_aead_decrypt()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-06 13:39:00 +00:00
9d09a020c9 Copy buffers in psa_aead_encrypt()
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2024-02-06 13:38:20 +00:00
22b934e6d2 Use struct not union
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:16:13 +00:00
f4e8234f93 Improve docs
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:16:13 +00:00
5c9cc0b30f Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected
TLS 1.3: SRV: Ignore early data when rejected
2024-02-06 13:16:03 +00:00
ec9936d122 Improve gcc guards
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 13:04:09 +00:00
b327a1e706 Change unaligned access method for old gcc
gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94662 shows
that __attribute__ aligned may be ignored.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-06 11:32:01 +00:00
4e9683e818 Reduce many unnecessary static memory consumption
.data section of ssl_client1 becomes 320 bytes smaller on AMD64.

Signed-off-by: Chien Wong <m@xv97.com>
2024-02-06 17:50:44 +08:00
8a85673a39 Merge remote-tracking branch 'development' into pk_import_into_psa-use_usage 2024-02-06 10:14:17 +01:00
d4fc5d9d1c psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()
The only real contraint on the raw buffer is that it is large
enough to contain 2 coordinates. Larger buffers are therefore
allowed and the extra data will simply be ignored.

Note = trying to impose a strict sizing on the raw buffer causes
       several failures in test suites. This suggests that it is
       quite common to use larger buffer to store raw signatures.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 08:42:42 +01:00
fe329cea3f rsa: handle buffer length similarly in private and public key parsing
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-06 08:00:18 +01:00
71c6e65d83 tls13: ssl_msg.c: Improve/add comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-05 16:54:37 +01:00
31e2d83eee tls13: srv: Improve coding
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-05 16:45:57 +01:00
091bdc416d psa_util: enhance checks on leading zeros in convert_der_to_raw_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 16:18:04 +01:00
32c28cebb4 Merge pull request #8715 from valeriosetti/issue7964
Remove all internal functions from public headers
2024-02-05 15:09:15 +00:00
05c256fb36 psa_util: minor performance improvement in mbedtls_ecdsa_der_to_raw()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 16:02:11 +01:00
bec1d842ac psa_util: convert_der_to_raw_single_int() accepts also all zero integers
These values are not mathematically valid as signature, but as
for what it concerns with ECDSA conversion functions, 0 values
in DER format should be translated to 0 values in raw format.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 15:50:02 +01:00
8334d00772 psa_util: improve check of raw_len in mbedtls_ecdsa_raw_to_der()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 15:35:26 +01:00
2bd0ecdf45 psa_util: improve documentation for convert_raw_to_der_single_int()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 15:25:15 +01:00
747bedb0b0 Merge pull request #8733 from ivq/gcm_ad_len_check
Add back restriction on AD length of GCM
2024-02-05 13:33:58 +00:00
954ef4bbd5 psa_util: improve convert_raw_to_der_single_int()
Allow the function to support DER buffers than what it is nominally
required by the provided coordinates. In other words let's ignore
padding zeros in the raw number.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 12:06:46 +01:00
315e4afc0a psa_util: change parameters order in ECDSA conversion functions
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 10:09:15 +01:00
13ab693c49 rsa_internal: fix documentation for mbedtls_rsa_parse_key()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-05 08:48:39 +01:00
e883870cc7 Merge branch 'development-restricted' into update-development-r
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-02-02 18:03:29 +00:00
f57d14bed4 Ignore early data app msg before 2nd client hello
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
263dbf7167 tls13: srv: Do not allow early data indication in 2nd ClientHello
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
1483dc3bde tls13: cli: Indicate early data only in first ClientHello
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
2995d35ac3 tls13: srv: Deprotect and discard early data records
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
4caf3ca08c tls13: srv: Add discard_early_data_record SSL field
Add discard_early_data_record in SSL context for
the record layer to know if it has to discard
some potential early data record and how.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00