lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-12-20 05:22:01 +03:00
Code Activity
22,965 Commits 176 Branches 276 Tags
7a75d222749d08d10699a9bb9c4f97a99557b8cc
Commit Graph

22965 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Przemyslaw Stekiel
004c2181f0 ssl_misc.h: hash guards adaptations 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-14 11:00:57 +02:00
Manuel Pégourié-Gonnard
b2407f2b91 Merge pull request #6261 from mprse/hash_size_macro 
Create MBEDTLS_MAX_HASH_SIZE in hash_info.h
 2022-09-14 10:00:06 +02:00
Jerry Yu
acff823846 Add negative tolerance window 
If `now == session->start` or the timer of
client is faster than server, client age might
be bigger than server.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 14:50:44 +08:00
Jerry Yu
95db17ed5f fix various issues 
- improve obfuscated ticket age generator
- improve psk getter

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-14 10:37:58 +08:00
Przemek Stekiel
ce0aa58fd9 check_config.h: make TLS1.3 requirements verification more readable 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
0852ef8b96 mbedtls_ssl_reset_transcript_for_hrr: remove redundant 'else' statement 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
8a2f2b0bd6 check_config.h: fix TLS 1.3 requirements (add HKDF_EXTRACT/EXPAND) and comments 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
dcec7ac3e8 test_psa_crypto_config_accel_hash_use_psa: enable tls.1.3 at the end and adapt comment 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
9408b70513 check_config.h: revert HKDF requirements 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
9dfbf3a006 ssl_tls13_generic.c: optimize code to save memory 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
153b442cc3 mbedtls_ssl_tls13_sig_alg_is_supported: adapt guards 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
a06787a629 build_info.h: include config_psa.h also when MBEDTLS_PSA_CRYPTO_C 
This is done to have PSA_WANT_xxx symbols available in check_config.h when MBEDTLS_PSA_CRYPTO_C.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
a4af13a46c test_psa_crypto_config_accel_hash_use_psa: enable TLS 1.3 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
cf9d972a9a Fix config for MBEDTLS_SSL_PROTO_TLS1_3 
Remove MBEDTLS_HKDF_C as it is not needed since #5838

Reasoning: we need SHA-256 or SHA-384 via PSA because they're used by HKDF which is now always done via PSA. If in addition to that USE_PSA is enabled, then everything is done via PSA so that's enough. Otherwise, we need the software implementation of SHA-256 or SHA-384, plus MD_C because we're using a VIA_MD_OR_PSA_BASED_ON_USE_PSA as discussed above.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
a9a8816107 ssl.h: adapt guards for MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Przemek Stekiel
47e3cb1875 ssl_tls13_generic.c: adapt guards for MBEDTLS_SHAxxx_C 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 18:08:54 +02:00
Neil Armstrong
fa84962296 Add comment explaining PSA PAKE vs Mbedtls J-PAKE API matching strategy 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-13 15:19:56 +02:00
Neil Armstrong
3d4966a5cb Move possible input/output steps check inside PSA_ALG_JPAKE handling 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-13 15:19:56 +02:00
Neil Armstrong
017db4cdda Drop calls to mbedtls_ecjpake_check() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-13 15:19:56 +02:00
Neil Armstrong
1d0294f6ed Clarify sequence length calculation comment 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-13 15:19:56 +02:00
Neil Armstrong
cb679f23bc Replace 0s with proper defines when possible 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-13 14:43:07 +02:00
Przemek Stekiel
5166954d14 Make more use of MBEDTLS_MAX_HASH_SIZE macro 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-13 12:57:05 +02:00
Dave Rodgman
8cc46aa22c Merge pull request #6275 from daverodgman/fixcopyright 
Correct copyright and license in crypto_spe.h
 2022-09-13 11:23:52 +01:00
Manuel Pégourié-Gonnard
f498910383 Merge pull request #6256 from AndrzejKurek/tls-tests-no-md-ssl-opt 
ssl-opt.sh with PSA-based hashing
 2022-09-13 10:37:48 +02:00
Jerry Yu
4746b10c2e fix various issues 
- Format issues
- Possible memory leak
- Improve naming and comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 15:37:46 +08:00
Jerry Yu
8d4bbbae4f fix ticket age check issues 
- Ticket age and ticket age add, obfuscated age
  use different unit. Align the units to million
  seconds.
- Add maximum ticket age check. Until now,
  ticket_lifetime is not recorded in server side.
  Check it with maximum ticket_lifetime.
- Free session when error found.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 15:37:46 +08:00
Jerry Yu
46bffe0e82 Refine rsumption master secret compute function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 15:09:49 +08:00
Jerry Yu
466dda8553 Rename resumption master secret compute function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 14:28:15 +08:00
Jerry Yu
6cf85a4bb0 update document abourt maximum ticket_age_tolerance 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 14:28:15 +08:00
Jerry Yu
a02841bb8a revert changes on PSK tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 11:07:27 +08:00
Nick Child
9f4fb3e63f pkcs7: Unite function return style 
In response to feedback[1], standardize return variable
management across all pkcs7 functions.

Additionally, when adding return codes from two error values,
use `MBEDTLS_ERROR_ADD` as recommended [2].

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953634781
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r953635128

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-09-12 16:32:36 -05:00
Dave Rodgman
53a18f23ac Correct copyright and license in crypto_spe.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-12 17:57:32 +01:00
Werner Lewis
3dc45198e6 Replace L/R inputs with A/B 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-12 17:35:27 +01:00
Werner Lewis
1fade8adb6 Move symbol definition out of __init__ 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-09-12 17:34:15 +01:00
Andrzej Kurek
0bc834b27f Enable signature algorithms in ssl programs with PSA based hashes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:37:46 -04:00
Andrzej Kurek
d681746a51 Split some ssl-opt.sh test cases into two 
There's a slightly different behaviour without MBEDTLS_SSL_ASYNC_PRIVATE
that has to be handled.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:37:46 -04:00
Andrzej Kurek
07e3570f8c Add an ssl-opt.sh run to all.sh for the accel_hash_use_psa config 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:37:46 -04:00
Andrzej Kurek
934e9cd47f Switch to the new version of hash algorithm checking in ssl-opt.sh 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:34:23 -04:00
Andrzej Kurek
9c061a2d19 Add a posibility to check for the availability of hash algs to ssl-opt 
The new function now dispatches a check for either an MBEDTLS
or PSA define to check for SHA_XXX.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:34:23 -04:00
Manuel Pégourié-Gonnard
f6a6a2d815 Merge pull request #6216 from AndrzejKurek/tls-tests-no-md-compat 
TLS without MD - compat.sh addition to all.sh hash acceleration tests
 2022-09-12 10:23:49 +02:00
Dave Rodgman
1577c548d1 Use NULL instead of 0 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-09 10:22:15 +01:00
Neil Armstrong
fb3093a9cb Use PSA_PAKE_ROLE_NONE in PSA_PAKE_OPERATION_INIT macro instead of 0 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-08 14:59:32 +02:00
Neil Armstrong
7cd4eacbd4 Fix typo in mbedtls_ecjpake_write_shared_key() comment 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-08 14:57:55 +02:00
Neil Armstrong
ecb221b1ff Move operation buffer in operation struct and remove dynamic allocation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-08 11:21:07 +02:00
Hannes Tschofenig
fd6cca4448 CID update to RFC 9146 
The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
 2022-09-07 17:15:05 +02:00
Przemek Stekiel
40afdd2791 Make use of MBEDTLS_MAX_HASH_SIZE macro 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-06 14:18:45 +02:00
Przemek Stekiel
c3f2767c25 hash_info.h: add MBEDTLS_MAX_HASH_SIZE macro 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-06 14:18:39 +02:00
Neil Armstrong
9720b881f5 Remove doxygen markup outside doxygen block in psa_pake_sequence comment 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-06 11:39:21 +02:00
Neil Armstrong
b39833cff2 Fix typo in psa_pake_sequence comment 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-06 11:36:02 +02:00
Neil Armstrong
2a73f21878 Fixup expected status handling in ecjpake_setup() and add more coverage for psa_pake_set_password_key() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-09-06 11:34:54 +02:00