5e48cad7f0
Fix codestyle issues in pkcs12.h & pkparse.c
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-09-20 19:29:02 +01:00
d527896b7e
Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
...
Switch pkparse to use new mbedtls_pkcs12_pbe_ext function
and deprecate mbedtls_pkcs12_pbe function.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-09-20 19:29:02 +01:00
c9f4040f7f
Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function
...
Switch pkparse to use new mbedtls_pkcs5_pbes2_ext function
and deprecate mbedtls_pkcs5_pbes2 function.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-09-20 19:28:28 +01:00
1cf181fd46
Reinstate more robust return value handling
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-20 19:10:17 +01:00
c43a0a4adb
rename dont_ignore to in_padding
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-20 19:09:51 +01:00
e834d6c9f2
Move declaration for robustness against future edits
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-20 19:09:51 +01:00
c62f7fcce9
Use more meaningful variable name in mbedtls_rsa_rsaes_oaep_decrypt
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-20 19:09:51 +01:00
e94cd0b99b
Correct use of mbedtls_ct_mpi_uint_if_else_0
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-20 19:09:51 +01:00
eda1b1f744
Merge pull request #7921 from valeriosetti/issue7613
...
TLS: Clean up ECDSA dependencies
2023-09-20 12:47:55 +00:00
ee5464fab9
Simplify unnecessarily complex error code handling
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-20 09:13:12 +01:00
fd96579ecd
Use properly typed versions of mbedtls_ct_xxx_if
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 21:52:13 +01:00
143f5f7c68
Add mbedtls_ct_bool_if and mbedtls_ct_bool_if_else_0
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 21:52:13 +01:00
437500c5b1
Fix MSVC type complaint
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 21:52:13 +01:00
814d096420
Fix error in handling of return value from mbedtls_nist_kw_unwrap
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 20:48:51 +01:00
6be4bcff16
code style
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 19:47:51 +01:00
4fc14cc4ae
Fix error in handling of return value from mbedtls_nist_kw_unwrap
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 19:45:54 +01:00
f8182d91a7
Simplify add_zeros_padding
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 18:39:33 +01:00
d8c68a948a
Use CT interface in get_zeros_padding
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 18:39:33 +01:00
1cfc43c77b
Rename mbedtls_ct_bool_xor to mbedtls_ct_bool_ne
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 18:39:33 +01:00
89a9bd5887
Use CT interface in get_one_and_zeros_padding
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 18:39:33 +01:00
6cec41c3bb
use CT interface in add_zeros_and_len_padding()
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 18:34:06 +01:00
6b7e2a5809
Use CT interface in get_pkcs_padding
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 18:34:06 +01:00
b4e6b41aa0
Use const-time interface throughout mbedtls_rsa_rsaes_oaep_decrypt
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 18:34:06 +01:00
51c15309f2
Make padlen check const-time
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 17:22:18 +01:00
c2630fac52
Simplify mbedtls_ct_memcmp_partial
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 17:21:50 +01:00
66d6ac92e6
Use mbedtls_ct_memcmp in mbedtls_rsa_rsaes_oaep_decrypt
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 09:10:59 +01:00
d337bd9bfe
Improve const-timeness of mbedtls_nist_kw_unwrap
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 09:10:59 +01:00
9c14007ac3
Add mbedtls_ct_memcmp_partial
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-19 09:10:59 +01:00
d26a3d6da7
Eliminate duplicate ct memcmp
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-18 19:09:45 +01:00
faf0b8604a
mbedtls_ssl_decrypt_buf(): fix buffer overread with stream cipher
...
With stream ciphers, add a check that there's enough room to read a MAC in
the record. Without this check, subtracting the MAC length from the data
length resulted in an integer underflow, causing the MAC calculation to try
reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-09-18 19:07:50 +02:00
bd50d5baec
Merge pull request #8177 from gilles-peskine-arm/generated-files-off-in-release
...
Generated files off in release
2023-09-18 14:11:58 +00:00
25c271a035
Merge pull request #8182 from daverodgman/asn1write-size
...
Reduce code size in mbedtls_asn1_write_len
2023-09-18 10:27:23 +00:00
275afe187f
Fix preset shared between 1.2 and 1.3
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-09-18 11:19:20 +02:00
67c86e626b
Merge pull request #7961 from gilles-peskine-arm/psa_crypto_config-in-full
...
Enable MBEDTLS_PSA_CRYPTO_CONFIG in the full config
2023-09-18 08:13:12 +00:00
0c9516ea89
code style
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-15 18:30:09 +01:00
127f35d5e5
Merge remote-tracking branch 'origin/development' into asn1write-size
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-15 18:02:59 +01:00
ecdfc1c94f
Fix poorly named function
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-15 18:00:37 +01:00
8a7fb2d799
Merge pull request #1055 from waleed-elmelegy-arm/add-new-pkcs12-pbe2-ext-fun
...
Add new pkcs12 pbe2 ext fun
2023-09-15 18:43:03 +02:00
170be457bd
Merge pull request #8207 from mcagriaksoy/branch_old_try
...
Fixes log level for got supported group message
2023-09-15 05:53:00 +00:00
a11eac4292
code style
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-14 16:16:04 +01:00
e99b24dd9f
Fix some clang-18 warnings
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-14 15:52:02 +01:00
7732ced037
cipher_wrap: remove 192- and 256-bit for AES_ONLY_128_BIT_KEY_LENGTH
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-09-14 14:35:44 +08:00
d9f22804ea
Fixes log level for got supported group message
...
Signed-off-by: mcagriaksoy <mcagriaksoy@yandex.com >
2023-09-13 22:43:38 +02:00
0ddffb6de2
Merge pull request #7210 from sergio-nsk/patch-2
...
Fix llvm error: variable 'default_iv_length' and other may be used uninitialized
2023-09-13 16:38:55 +02:00
9b5d7d7801
Merge pull request #8195 from daverodgman/improve_sslmsg
...
Improve use of ct interface in mbedtls_ssl_decrypt_buf
2023-09-13 12:32:12 +00:00
3cea3efc25
Merge pull request #8025 from AgathiyanB/accept-numericoid-hexstring-x509
...
Accept numericoid hexstring x509
2023-09-13 08:54:33 +00:00
f22999e99f
Merge pull request #8093 from yuhaoth/pr/add-target-architecture-macros
...
Add architecture detection macros
2023-09-13 08:53:47 +00:00
da0bb9fae8
Merge pull request #8034 from gilles-peskine-arm/bump_version-doc_mainpage
...
Update capitalization of "Mbed" and fix bump_version.sh
2023-09-13 08:41:20 +00:00
7d52f2a0d9
Improve use of ct interface in mbedtls_ssl_decrypt_buf
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-09-13 09:30:03 +01:00
e820c0abc8
Update spelling "mbed TLS" to "Mbed TLS"
...
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":
```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```
Justification for the omissions:
* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
occurrences are significant names in certificates and such. Changing
the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
updates.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-09-12 19:18:17 +02:00
