mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-17 18:21:00 +03:00

Author	SHA1	Message	Date
Valerio Setti	520c0384e7	pkparse: fix return value Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-07 11:38:09 +02:00
Valerio Setti	1df94f841b	pk: fix return codes' precedence and code style Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-07 11:04:32 +02:00
Manuel Pégourié-Gonnard	f740767c00	Merge pull request #7391 from valeriosetti/issue7387 PK: don't use mbedtls_ecp_check_pub_priv() when USE_PSA is enabled	2023-04-07 10:17:18 +02:00
Valerio Setti	9d65f0ef12	pk_wrap: simplify prototype of eckey_check_pair_psa() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-07 08:53:17 +02:00
Valerio Setti	aad6306212	pkparse: fix guards position Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-07 08:45:34 +02:00
Valerio Setti	4bf73ad83f	pkparse: use proper sizing for buffer Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-07 08:45:34 +02:00
Valerio Setti	34f6755b34	pkparse: add new function for deriving public key from private using PSA Instead of using the legacy mbedtls_ecp_mul() function which makes use of ECP's math, this commit adds a new function named pk_derive_public_key() which implements the same behavior using PSA functions. The flow is simple: - import the private key into PSA - export its public part Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-07 08:45:34 +02:00
Valerio Setti	f286664069	pk_wrap: minor code optimizations Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-07 08:37:46 +02:00
Dave Rodgman	0b3de6fcec	Merge pull request #7288 from ronald-cron-arm/tls13-server-version-negotiation TLS: TLS 1.2 / 1.3 version negotiation on server side	2023-04-06 16:26:19 +01:00
Janos Follath	3615be65f8	Merge pull request #7342 from gabor-mezei-arm/6679_prevent_mpi_mod_write_from_corrupting_the_input Prevent mpi_mod_write from corrupting the input	2023-04-06 15:56:28 +01:00
Janos Follath	44c6694be7	Merge pull request #7351 from gabor-mezei-arm/7109_ecp_fast_reduction_testing Test unlikely cases of ECC modular reduction	2023-04-06 15:55:19 +01:00
Kusumit Ghoderao	50e0e11213	Add key_derivation_input_integer function Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2023-04-06 17:47:25 +05:30
Ronald Cron	dad02b2bec	tls13: srv: Fix comment Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:32:05 +02:00
Ronald Cron	fe01ec2d57	tls12: srv: Use sizeof() instead of constant Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:32:05 +02:00
Ronald Cron	c564938180	Add downgrade protection mechanism Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:32:05 +02:00
Ronald Cron	e45afd760d	Use specific pointer to loop over proposed cipher suites Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:32:01 +02:00
Ronald Cron	eff5673e09	Improve and align variable names for supported versions data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	3bd2b02486	Check for TLS 1.3 version first Check for TLS 1.3 version first when parsing the supported versions extension as it is the most likely version. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	b828c7d3de	Fix, improve and add comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	097ba146e7	tls: srv: Set hybrid TLS 1.2/1.3 as default configuration Set hybrid TLS 1.2/1.3 as default server configuration if both TLS 1.2 and TLS 1.3 are enabled at build time. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	3b35455a69	tls: srv: Allow server hybrid TLS 1.2 and 1.3 configuration Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	6291b23080	tls: Add logic in handshake step to enable server version negotiation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	8a12aeec93	tls: Initialize SSL context tls_version in mbedtls_ssl_setup() Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	5af4c7f0e2	tls13: srv: Add detection to negotiate TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	8c527d0be8	tls13: srv: Parse supported versions extension early Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	2f16b4ec66	tls13: srv: Postpone cipher suite selection Postpone TLS 1.3 cipher suite selection when we are sure we negotiate the version 1.3 of the protocol. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	cada410365	tls13: srv: Postpone legacy session id copy To avoid doing it twice in case we eventually negotiate the version 1.2 of the protocol, postpone the copy of the legacy session id. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	d540d995b2	tls13: srv: Postpone client random copy To avoid doing it twice in case we eventually negotiate the version 1.2 of the protocol, postpone the copy of the client random bytes. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	6458239b36	tls13: srv: Move TLS version setting When parsing the ClientHello message, move the setting of the TLS version to TLS 1.3 after the computation of the end of the list of cipher suites. At that point we are able to compute the address and end address of the list of extensions and thus able to search and parse the supported_versions extension to select which version of the TLS protocol we are going to negotiate. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	47dce630f4	tls13: Add function to search for a supported_versions extension Move in a dedicated function the search for the supported_versions extension in a list of extensions, to be able to use it on server side as well. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:17 +02:00
Minos Galanakis	00bd8925a7	bignum: Removed merge scaffolding. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-04-05 16:13:11 +01:00
Przemek Stekiel	725688b143	Fix code style Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 22:49:44 +02:00
Przemek Stekiel	294ec1274d	Remove redundant memory relase for authorityCertIssuer Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	21903ec860	Fix after rebase Handle manually functions that have been moved to different locations. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	4f3e7b934e	Fix parsing of authorityCertIssuer Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	75653b1df0	Add indication of extension error while parsing authority/subject key id Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	6ec839a1f9	x509_get_authority_key_id: add length check + test Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	3520fe6fda	Use MBEDTLS_ERROR_ADD() and tag macros Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	8a13866f65	Remove parsing of rfc822Name Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	a2939e8728	Remove duplicated function Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	9a511c5bdf	Rename back mbedtls_x509_parse_general_name->mbedtls_x509_parse_subject_alt_name Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	db323aa241	Fix Subject Key Identifier, Authority Key Identifier entries in oid_x509_ext Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
Przemek Stekiel	62d8f84be2	Adapt mbedtls_x509_crt_free after rebase Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-04-04 17:48:28 +02:00
toth92g	9232e0ad84	Adding some comments for easier understand Signed-off-by: toth92g <toth92g@gmail.com>	2023-04-04 17:48:28 +02:00
toth92g	8d435a0c8b	Renaming x509_get_subject_alt_name to x509_get_general_names and mbedtls_x509_parse_subject_alt_name to mbedtls_x509_parse_general_name so they can be used not only to collect subject alt name, but the V3 authority cert issuer that is also GeneralName type. Also updated the x509_get_general_names function to be able to parse rfc822Names Test are also updated according these changes. Signed-off-by: toth92g <toth92g@gmail.com>	2023-04-04 17:48:28 +02:00
toth92g	d96027acd2	Correcting documentation issues: - Changelog entry is Feature instead of API Change - Correcting whitespaces around braces - Also adding defensive mechanism to x509_get_subject_key_id to avoid malfunction in case of trailing garbage Signed-off-by: toth92g <toth92g@gmail.com>	2023-04-04 17:48:27 +02:00
toth92g	a41954d0cf	Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions. Updating mbedtls_x509_crt_free function to also free the new dynamic elements (issuer field of AuthorityKeyId). A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags. Signed-off-by: toth92g <toth92g@gmail.com>	2023-04-04 17:48:27 +02:00
Janos Follath	13c73de6de	Merge pull request #6233 from tom-cosgrove-arm/issue-6226-core-mul Bignum: extract core_mul from the prototype	2023-04-04 13:36:22 +01:00
Ronald Cron	219f978097	Merge pull request #7059 from ronald-cron-arm/psa-crypto-misc PSA cryptography miscellaneous	2023-04-04 10:54:03 +02:00
Valerio Setti	98680fc2ed	ecp: revert changes to ECP module and test suite Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-04-04 10:22:59 +02:00

... 53 54 55 56 57 ...

13540 Commits