1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-26 00:37:41 +03:00
Commit Graph

7653 Commits

Author SHA1 Message Date
Paul Elliott
4086bdbe37 Better fix for empty password / salt
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-18 22:39:16 +00:00
Paul Elliott
853c0da8de Fix for pkcs12 with NULL or zero length password
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-11-11 19:26:37 +00:00
Tom Cosgrove
0eedd36557 Serialise builds of the .a files on Windows
This is a workaround for an issue with mkstemp() in older MinGW releases that
causes simultaneous creation of .a files in the same directory to fail.

Fixes #5146

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2021-11-10 11:15:46 +00:00
Manuel Pégourié-Gonnard
087f04783d Merge pull request #5076 from mstarzyk-mobica/psa_ccm_no_tag
PSA CCM*-no-tag
2021-11-10 10:18:55 +01:00
Ronald Cron
91fe315c69 Merge pull request #5134 from xffbai/add-hostname-ext
TLS1.3 Add hostname extension
2021-11-09 12:28:14 +01:00
Xiaofei Bai
f36e1677b1 Fix alignment
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-09 09:28:25 +00:00
Xiaofei Bai
6f435f07d2 Fix compile error
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-09 04:08:32 +00:00
Xiaofei Bai
58afdba887 Fix typo and remove wrapper
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-09 03:10:05 +00:00
Ronald Cron
260f5d9413 Merge pull request #4953 from yuhaoth/pr/add-tls13-read-certificate-verfify
TLS1.3: CertificateVerify:add tls13 read certificate verfify
2021-11-08 09:36:35 +01:00
Gilles Peskine
c756b5f9fa Merge pull request #5126 from haampie/fix/DT_NEEDED_for_shared_libraries
DT_NEEDED for shared builds in makefile
2021-11-05 12:04:29 +01:00
Xiaofei Bai
15a56813a2 TLS1.3 Add hostname extention
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-05 10:52:12 +00:00
Manuel Pégourié-Gonnard
8a232d231a Merge pull request #4966 from gilles-peskine-arm/missing-psa-macros
Add missing PSA macros
2021-11-05 10:08:58 +01:00
Jerry Yu
5398c10b89 Add return value check for cerificate verify
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-05 13:32:38 +08:00
Harmen Stoppels
fcb4fb71e3 Reorder linker flags
Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>
2021-11-04 17:34:27 +01:00
Harmen Stoppels
70842950fd Restore the whitespace
Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>
2021-11-04 13:09:02 +01:00
Gilles Peskine
f4ecf305fe Fix copypasta in #endif comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 18:27:22 +01:00
Gilles Peskine
f7b4137e69 Untangle PSA_ALG_IS_HASH_AND_SIGN and PSA_ALG_IS_SIGN_HASH
The current definition of PSA_ALG_IS_HASH_AND_SIGN includes
PSA_ALG_RSA_PKCS1V15_SIGN_RAW and PSA_ALG_ECDSA_ANY, which don't strictly
follow the hash-and-sign paradigm: the algorithm does not encode a hash
algorithm that is applied prior to the signature step. The definition in
fact encompasses what can be used with psa_sign_hash/psa_verify_hash, so
it's the correct definition for PSA_ALG_IS_SIGN_HASH. Therefore this commit
moves definition of PSA_ALG_IS_HASH_AND_SIGN to PSA_ALG_IS_SIGN_HASH, and
replace the definition of PSA_ALG_IS_HASH_AND_SIGN by a correct one (based
on PSA_ALG_IS_SIGN_HASH, excluding the algorithms where the pre-signature
step isn't to apply the hash encoded in the algorithm).

In the definition of PSA_ALG_SIGN_GET_HASH, keep the condition for a nonzero
output to be PSA_ALG_IS_HASH_AND_SIGN.

Everywhere else in the code base (definition of PSA_ALG_IS_SIGN_MESSAGE, and
every use of PSA_ALG_IS_HASH_AND_SIGN outside of crypto_values.h), we meant
PSA_ALG_IS_SIGN_HASH where we wrote PSA_ALG_IS_HASH_AND_SIGN, so do a
global replacement.
```
git grep -l IS_HASH_AND_SIGN ':!include/psa/crypto_values.h' | xargs perl -i -pe 's/ALG_IS_HASH_AND_SIGN/ALG_IS_SIGN_HASH/g'
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 15:48:15 +01:00
Gilles Peskine
e7be73d579 Use the new macro PSA_HASH_BLOCK_LENGTH
Replace an equivalent internal function.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-11-03 15:47:03 +01:00
Mateusz Starzyk
e6d3edaf32 Add missing PSA_ALG_IS_SIGN_HASH macro.
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-11-03 15:47:03 +01:00
Harmen Stoppels
01ef723bba DT_NEEDED for shared builds in makefile
The makefile build specifies -L. -lmbedx509 -lmbedcrypto flags first,
and only then object files referencing symbols from those libraries.

In this order the linker will not add the linked libraries to the
DT_NEEDED section because they are not referenced yet (at least that
happens for me on ubuntu 20.04 with the default gnu compiler tools).

By first specifying the object files and then the linked libraries, we
do end up with libmbedx509 and libmbedcrypto in the DT_NEEDED sections.

This way running dlopen(...) on libmedtls.so just works.

Note that the CMake build does this by default.

Signed-off-by: Harmen Stoppels <harmenstoppels@gmail.com>
2021-11-03 01:06:11 +01:00
Manuel Pégourié-Gonnard
0dbe1dfa1c Merge pull request #4859 from brett-warren-arm/supported_groups
Add mbedtls_ssl_conf_groups to API
2021-11-02 10:49:09 +01:00
Manuel Pégourié-Gonnard
4313d3ac87 Merge pull request #5010 from gilles-peskine-arm/psa-rsa-pss_any_salt
PSA: fix salt length for PSS verification
2021-10-29 16:36:36 +02:00
Brett Warren
14efd33a6c Convert TLS1.3 functions to get_supported_groups
Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-29 15:13:48 +01:00
Brett Warren
01f3dae3f3 Refactor elliptic curve extension for NamedGroups
The refactoring is needed for the group api to work
properly. Code is modified to use mbedtls_get_supported_groups
instead of direct access so that both deprecated and new api
are useable.

Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-29 14:07:46 +01:00
Jerry Yu
6f87f2521c Refactor ssl_tls13_parse_certificate_verify
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 20:15:03 +08:00
Jerry Yu
d0fc585b7e fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 19:57:55 +08:00
Jerry Yu
0b32c502a4 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 19:57:55 +08:00
Jerry Yu
da8cdf2fa9 Remove certificate_verify_coordinate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 19:57:55 +08:00
Jerry Yu
982d9e5db2 Add ssl_tls13_sig_alg_is_offered
To keep consistent with cipher_suite check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 19:57:55 +08:00
Jerry Yu
133690ccef Refactor hash computation
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 19:57:55 +08:00
Jerry Yu
26c2d11802 Fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 19:57:55 +08:00
Jerry Yu
30b071cb66 tls13:Add certificate verify
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 19:57:55 +08:00
Jerry Yu
0bbb39786d tls13: add labels
add client and server cv magic words

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 19:57:55 +08:00
Brett Warren
e0edc8407b Add mbedtls_ssl_conf_groups to API
mbedtls_ssl_conf_groups allows supported groups for key
sharing to be configured via their IANA NamedGroup ID.

This is added in anticipation of PQC and Hybrid key
sharing algorithms being integrated into Mbed TLS.

mbedtls_ssl_conf_curves is deprecated in favor of
mbedtls_ssl_conf_groups. handshake_init has been
modified to translate and copy curves configured
via conf_curves into a heap allocatied array of
NamedGroup IDs. This allows the refactoring of code
interacting with conf_curve related variables (such
as curve_list) to use NamedGroup IDs while retaining
the deprecated API.

Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-29 11:27:00 +01:00
Ronald Cron
f660c7c923 Merge pull request #4993 from xffbai/add-tls13-read-certificate
TLS1.3: add tls1_3 read certificate
2021-10-29 12:25:44 +02:00
Manuel Pégourié-Gonnard
136819fe6e Merge pull request #4959 from gilles-peskine-arm/psa-add-aria
Add ARIA to the PSA API
2021-10-29 09:38:06 +02:00
Xiaofei Bai
f93cbd2674 fix some format issues
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-10-29 02:39:30 +00:00
Jerry Yu
d2674314a3 Restore certificate_request state
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 10:14:29 +08:00
Jerry Yu
b640bf6c15 fix CI build fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-29 10:05:32 +08:00
Jerry Yu
83bb13101a fix format warning
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-28 22:16:33 +08:00
Jerry Yu
7aa7186022 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-28 21:41:30 +08:00
Jerry Yu
a93ac116c8 Remove certificate_request state
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-28 21:36:03 +08:00
Xiaofei Bai
ff45602c74 Add local variable verify_result
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-10-28 21:28:08 +08:00
Xiaofei Bai
10aeec0685 Fix a build error
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-10-28 21:28:08 +08:00
Xiaofei Bai
79595acf3f Update based on review comments.
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-10-28 21:28:08 +08:00
Xiaofei Bai
947571efff add tls1_3 read certificate
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-10-28 21:28:08 +08:00
Ronald Cron
7cd24ded48 Merge pull request #5114 from yuhaoth/pr/add-get-uint24
Add GET/PUT_UINT24_BE/LE
2021-10-28 13:57:57 +02:00
Ronald Cron
cf1f376b24 Merge pull request #4937 from xkqian/add_tls13_encrypted_extension
The rebase after the two approvals was simple enough to need only one reviewer.
2021-10-28 09:34:56 +02:00
Manuel Pégourié-Gonnard
4c9313fcd9 Merge pull request #4514 from mpg/generated-files-cmake
Generated files cmake
2021-10-28 09:23:41 +02:00
Jerry Yu
29287a46d2 fix wrong para name in doxygen comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-28 10:26:13 +08:00