lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-25 12:41:56 +03:00
Code Activity
16,827 Commits 173 Branches 268 Tags
1f91878281cdb680c98f33a3312d1fce56f45eba
Commit Graph

7192 Commits

Author SHA1 Message Date
Hanno Becker
dfba065d80 Adjust ssl_tls13_keys.c to consolidated CID/1.3 padding granularity 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:03 +01:00
Hanno Becker
c0da10dc3a Remove TLS 1.3 specific code from TLS <= 1.2 transform generator 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:03 +01:00
Hanno Becker
f62a730e80 Add missing semicolon in TLS 1.3 transform generation code 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:03 +01:00
Hanno Becker
edd5bf0a95 Fix and document minimum length of record ciphertext in TLS 1.3 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:03 +01:00
Hanno Becker
7887a77c25 Match parameter check in TLS 1.3 populate transform to 1.2 version 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:54:03 +01:00
Hanno Becker
79e2d1b6f6 Fix AEAD additional data computation for TLS 1.3 
The AEAD additional data (AAD) is computed differently in TLS 1.3
compared to TLS 1.2, but this change hasn't yet been reflected in
the codee, rendering the current implementation of

```
   mbedtls_ssl_{encrypt,decrypt}_buf()
```

not standard compliant.

This commit fixes this by adjusting the AAD extraction function
ssl_extract_add_data_from_record() and its call-sites.

Please see the documentation of the code for an explanation
of how the AAD has changed from TLS 1.2 to TLS 1.3.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:52:49 +01:00
Hanno Becker
c94060c641 Add TLS 1.3 specific key to SSL transform conversion function 
This commit adds the TLS 1.3 specific internal function

```
  mbedtls_ssl_tls13_populate_transform()
```

which creates an instance of the SSL transform structure
`mbedtls_ssl_transform` representing a TLS 1.3 record protection
mechanism.

It is analogous to the existing internal helper function

```
   ssl_tls12_populate_transform()
```

which creates transform structures representing record
protection mechanisms in TLS 1.2 and earlier.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:52:49 +01:00
Hanno Becker
bd25755d2a Rename ssl_populate_transform() -> ssl_tls12_populate_transform() 
In TLS 1.2 specific code, the internal helper functions
ssl_populate_transform() builds an SSL transform structure,
representing a specific record protection mechanism.

In preparation for a subsequent commit which will introduce
a similar helper function specific to TLS 1.3, this commmit
renames ssl_populate_transform() to ssl_tls12_populate_transform().

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 04:52:45 +01:00
Manuel Pégourié-Gonnard
8da9dc05e8 Merge pull request #4748 from TRodziewicz/re-introduce_ext_checks_for_psa_unlock-wipe_key_slot 
Re-introduction of key slot checks
 2021-07-29 13:45:57 +02:00
Manuel Pégourié-Gonnard
b637150dfe Merge pull request #4730 from TRodziewicz/finish_removing_tls_1.0_and_1.1 
Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
 2021-07-27 09:42:53 +02:00
Gilles Peskine
3b9bea0757 Merge pull request #4750 from yutotakano/fix-reserved-identifier-clash 
Replace reserved identifier clashes with suitable replacements
 2021-07-22 16:20:56 +02:00
Yuto Takano
538a0cbcf4 Replace _RR with prec_RR to prevent reserved identifier clashes 
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
 2021-07-14 10:20:09 +01:00
TRodziewicz
c9890e9a8c Rewording comments 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-14 10:16:26 +02:00
TRodziewicz
829fe7038d Correction to callback declaration and usage 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-13 12:23:12 +02:00
TRodziewicz
18cddc08c7 Reverting comments deleted in previous PR 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-13 12:19:15 +02:00
Yuto Takano
36c8ddc4cc Replace _B with B to prevent reserved identifier clashes 
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
 2021-07-12 16:02:07 +01:00
Archana
277572fa2b Fix coding style issue 
Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-07-12 09:00:57 +05:30
Archana
1d2e2bb8cc Add missing Curve448 support for PSA keys 
mbedtls_ecp_read_key and mbedtls_ecp_write_key are updated to include
support for Curve448 as prescribed by RFC 7748 §5.

Test suites have been updated to validate curve448 under Montgomery
curves.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-07-12 08:02:54 +05:30
TRodziewicz
299510e889 Correction to comments and changelog removed 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-09 16:55:11 +02:00
TRodziewicz
7871c2e736 Adding new macro for tests failing 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-09 14:27:04 +02:00
David Horstmann
44f6390c32 Remove redundant hash len check 
Remove a check in rsa_rsassa_pkcs1_v15_encode() that
is not needed because the same check is performed
earlier. This check was added in #4707.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-07-08 12:46:26 +01:00
TRodziewicz
458280e67c Correction to outdated comment 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-07 11:33:06 +02:00
Dave Rodgman
45419c1ee5 Revert "Add auto-generated files" 
This reverts commit 3e84187132.
 2021-07-06 20:44:59 +01:00
TRodziewicz
345165c1f7 Reverting deleted macros 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-06 13:42:11 +02:00
TRodziewicz
302ed2bf7d Reverting the TLS 1.3 compatibility 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-05 16:55:27 +02:00
TRodziewicz
d9be65277d Corrections to the new functions names and error message wording 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-05 15:16:00 +02:00
TRodziewicz
053b99b90b Re-introduction of key slot chekcs 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-05 12:06:03 +02:00
Dave Rodgman
527b82a34c Bump .so version numbers to stay ahead of 2.x 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-07-02 15:19:38 +01:00
Dave Rodgman
3e84187132 Add auto-generated files 
Add files generated by running make generated_files

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-07-01 09:45:38 +01:00
Dave Rodgman
7601657418 Bump library version numbers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 23:09:51 +01:00
Dave Rodgman
34d8cd2892 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.0.0rc0-pr 2021-06-30 22:51:02 +01:00
Dave Rodgman
9f5774f56d Merge pull request #4739 from gabor-mezei-arm/3258_fp30_implement_one-shot_MAC_and_cipher 
Implement one-shot cipher
 2021-06-30 17:04:23 +01:00
Dave Rodgman
0a7ff4a4e2 Merge pull request #4741 from gabor-mezei-arm/3267_fp30_sign_verify_key_policies 
Key policy extension for PSA_KEY_USAGE_SIGN/VERIFY_HASH
 2021-06-30 14:50:57 +01:00
gabor-mezei-arm
5ce25d7806 Remove obsolete comment 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-30 10:46:00 +02:00
Dave Rodgman
dc1a3b2d70 Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0 
Cleanup SSL error code space
 2021-06-30 09:02:55 +01:00
gabor-mezei-arm
00e54f1133 Fix minor issues 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:55:25 +02:00
gabor-mezei-arm
6158e283cc Check the return status of the functions first 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:55:24 +02:00
gabor-mezei-arm
58c1727775 Add buffer overflow check 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:55:24 +02:00
gabor-mezei-arm
3f860e4c18 Remove invalid buffer overflow check 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:55:24 +02:00
gabor-mezei-arm
47a8e14bb7 Typo 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:01 +02:00
gabor-mezei-arm
0a93b665f7 Fix possible unreachable code 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:01 +02:00
gabor-mezei-arm
90fceea268 Update documentation 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:01 +02:00
gabor-mezei-arm
258ae07fb0 Add checks for buffer size 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
e5ff8f430c Use local variable instead of an ouput parameter 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
6f4e5bbe37 Initialize output buffer length to 0 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
0dfeaaf5c9 Remove confising comments 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
9951b50b8a Remove comments 
These comment cannot bring more information than the code does.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
42cdb2a90b Fix struct initialization 
Fix initialization of mbedtls_psa_cipher_operation_t by not initializing the mbedtls_cipher_context_t typed field completely.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
a9449a0b07 Dispatch cipher functions through the driver interface 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:48:59 +02:00
gabor-mezei-arm
ba0fa75eae Implement one-shot cipher 
Implement one-shot cipher APIs, psa_cipher_encrypt and psa_cipher_decrypt, introduced in PSA Crypto API 1.0.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:14:34 +02:00