mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-10 06:40:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
29,593 Commits 170 Branches 263 Tags
Commit Graph

12872 Commits

Author SHA1 Message Date
Valerio Setti
fbb1eef5b2 pk: change guard for mbedtls_pk_can_do_ext() to CRYPTO_CLIENT 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-01 07:29:15 +01:00
Valerio Setti
50122b6e40 pk/test_suite_pk: fix guards 
pk: mbedtls_pk_can_do_ext() should be guarded by CRYPTO_CLIENT instead
    of CRYPTO_C.

test: since the functions using opaque keys are now guarded by CRYPTO_C
      and since CRYPTO_CLIENT is automatically enabled as soon as
      CRYPTO_C is, then CRYPTO_CLIENT guards can be removed.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-22 14:45:02 +01:00
Valerio Setti
17033e373c test_suite_pk: replace USE_PSA with CRYPTO_CLIENT in tests with opaque keys 
This commit also resolves upcoming issues found in pk_internal.h and
pkwrite.c.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-21 14:52:21 +01:00
Valerio Setti
9190522b08 pk: guard mbedtls_pk_wrap_as_opaque() with CRYPTO_CLIENT instead of USE_PSA 
Albeit this function is very likely to be deprecated soon (#8848)
it is still used in test suites to generate opaque keys so its
guard must be aligned as well in order to have a better test
coverage of opaque keys.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-20 16:45:06 +01:00
Valerio Setti
b15e54ec26 test_suite_pk: replace USE_PSA with CRYPTO_C in tests using mbedtls_pk_setup_opaque() 
This commit also fix guards for mbedtls_pk_can_do_ext().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-20 15:24:49 +01:00
Valerio Setti
0f8d695c25 psa_util/pk_wrap: remove redundant guards and optimize 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-20 14:40:42 +01:00
Gilles Peskine
a26a1b7acd Switch back to non-PSA paths in PK when MBEDTLS_USE_PSA_CRYPTO is off 
PK should only dispatch non-opaque operations to PSA when
MBEDTLS_USE_PSA_CRYPTO is enabled. When MBEDTLS_USE_PSA_CRYPTO is disabled
but MBEDTLS_PSA_CRYPTO_CLIENT is enabled, MBEDTLS_PK_OPAQUE should be
available but non-opaque operations should still dispatch to the built-in
legacy code. This commit fixes PK dispatch when CLIENT && !USE.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-20 11:43:43 +01:00
Valerio Setti
7986c77bbd pk: guard mbedtls_pk_setup_opaque() with CRYPTO_CLIENT instead of USE_PSA 
This commit also solves related issues in order to have test
components related to CRYPTO_CLIENT passing.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-19 17:41:40 +01:00
Valerio Setti
e5d9a0f3bb all.sh: fix and add test component for CRYPTO_CLIENT 
This also fixes guards in psa_util that were discovered by the
new component_build_full_psa_crypto_client_without_crypto_provider().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-19 12:08:49 +01:00
Tom Cosgrove
1c0b1bffee
Merge pull request #8779 from gilles-peskine-arm/rsa-bitlen-fix 
Fix mbedtls_pk_get_bitlen for a key size that is not a multiple of 8
 2024-02-14 11:18:25 +00:00
Tom Cosgrove
d26df72256
Merge pull request #8820 from gilles-peskine-arm/sha3-compressed-rc 
SHA3: Pack the iota round constants
 2024-02-14 09:33:50 +00:00
Manuel Pégourié-Gonnard
e6c80bc6e5
Merge pull request #8755 from ronald-cron-arm/tls13-client-early-data-status 
TLS 1.3: Refine and test client early data status
 2024-02-13 20:36:42 +00:00
Gilles Peskine
f8b983c855 Pack the iota round constants 
This saves ~160 bytes of code size, at the cost of a bit of localized
complexity in the code. The impact on performance is measurable but small
(<5% observed on x86_64) and can go either way (there's a calculation vs
memory bandwidth compromise).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-13 18:14:58 +01:00
Dave Rodgman
1e23f938cb
Merge pull request #8817 from daverodgman/iar-pk-fix 
Compiler warning fixes
 2024-02-13 16:33:24 +00:00
Tom Cosgrove
8fe2e36de5
Merge pull request #8801 from gilles-peskine-arm/sha3-no-table 
Inline the SHA3 parameters table into a switch
 2024-02-13 14:06:44 +00:00
Dave Rodgman
b4cb8bef42 Fix remaining warnings from -Wshorten-64-to-32 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-13 13:41:16 +00:00
Dave Rodgman
aa74165948 Fix IAR cast warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-13 13:40:26 +00:00
Gilles Peskine
92fb604139 Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes 
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 11:24:08 +01:00
Gilles Peskine
19f1adfc69 New function mbedtls_rsa_get_bitlen() 
Document, implement and test mbedtls_rsa_get_bitlen().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 11:23:05 +01:00
Janos Follath
f741db3d6e
Merge pull request #8764 from Ryan-Everett-arm/threadsafe-key-wiping 
Make key destruction thread safe
 2024-02-12 09:37:59 +00:00
Manuel Pégourié-Gonnard
2e2af414d0
Merge pull request #7604 from zvolin/feature/pkcs5-aes 
Add AES encrypted keys support for PKCS5 PBES2
 2024-02-10 08:46:18 +00:00
Ryan Everett
9dc076b4f4 Fix issue with lock failures returning CORRUPTION_DETECTED 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-09 14:20:09 +00:00
Ryan Everett
7fee4f7318 Fix mutex unlock error handling in psa_destroy_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-09 14:11:27 +00:00
Ryan Everett
791fc2e24c Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-08 14:26:29 +00:00
Janos Follath
7a28738205
Merge pull request #8636 from paul-elliott-arm/new_test_thread_interface 
New test thread interface
 2024-02-08 12:35:40 +00:00
Gilles Peskine
a3172d1e96 Inline the SHA3 parameters table into a switch 
This saves a few bytes of code size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-08 10:47:08 +01:00
Manuel Pégourié-Gonnard
b7307630bb
Merge pull request #8703 from valeriosetti/issue7765-guards-in-asn1 
Conversion function between raw and DER ECDSA signatures (guards in ASN1)
 2024-02-08 08:45:30 +00:00
Manuel Pégourié-Gonnard
7bf1e98f44
Merge pull request #8740 from valeriosetti/issue8647 
Move RSA basic key parsing/writing to rsa.c
 2024-02-08 08:35:42 +00:00
Tom Cosgrove
c8de362202
Merge pull request #8665 from ivq/reduce_static_mem 
Reduce many unnecessary static memory consumption
 2024-02-07 23:26:27 +00:00
Valerio Setti
1910390b4a psa_util: improve leading zeros check in convert_der_to_raw_single_int() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-07 16:16:58 +01:00
Manuel Pégourié-Gonnard
1d7bc1ecdf
Merge pull request #8717 from valeriosetti/issue8030 
PSA FFDH: feature macros for parameters
 2024-02-07 10:06:03 +00:00
Dave Rodgman
57a0957938
Merge pull request #8788 from daverodgman/old-gcc-alignment-bug 
Change unaligned access method for old gcc
 2024-02-07 09:31:45 +00:00
Valerio Setti
447bbce8b4 rsa: remove unnecessary check in priv/pub key parsing 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-07 08:02:03 +01:00
Gilles Peskine
f45589b492
Merge pull request #8198 from silabs-Kusumit/kdf_incorrect_initial_capacity 
KDF incorrect initial capacity
 2024-02-06 17:29:43 +00:00
Gilles Peskine
137e0c1a02
Merge pull request #8761 from valeriosetti/issue4681 
Re-introduce enum-like checks from CHECK_PARAMS
 2024-02-06 17:29:38 +00:00
Gilles Peskine
fb7001f15b
Merge pull request #8738 from gilles-peskine-arm/pk_import_into_psa-use_usage 
Implement mbedtls_pk_get_psa_attributes
 2024-02-06 17:28:54 +00:00
Ryan Everett
a76a0011ab Remove mutex calls in psa_wipe_all_key_slots 
Code size and code style improvement, these calls aren't needed.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-06 16:45:54 +00:00
Valerio Setti
bb76f80218 pk_wrap: use proper raw buffer length in ecdsa_sign_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-06 16:57:23 +01:00
Valerio Setti
cf81f69977 psa_util: smarter raw length check in mbedtls_ecdsa_raw_to_der() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-06 16:57:12 +01:00
Valerio Setti
6269f3baf4 Revert "psa_util: allow larger raw buffers in mbedtls_ecdsa_raw_to_der()" 
This reverts commit d4fc5d9d1c76a6cb978ceb4cc74ec62b111b0007.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-06 16:55:18 +01:00
Ronald Cron
90e223364c tls13: cli: Refine early data status 
The main purpose of the change is to
know from the status, at any point in
the handshake, if early data can be
sent or not and why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Ronald Cron
fe59ff794d tls13: Send dummy CCS only once 
Fix cases where the client was sending
two CCS, no harm but better to send only one.

Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Dave Rodgman
e093281a8b Pacify check-names 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-06 15:00:58 +00:00
Dave Rodgman
d09f96b829 Improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-06 13:51:58 +00:00
Dave Rodgman
22b934e6d2 Use struct not union 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-06 13:16:13 +00:00
Dave Rodgman
f4e8234f93 Improve docs 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-06 13:16:13 +00:00
Manuel Pégourié-Gonnard
5c9cc0b30f
Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected 
TLS 1.3: SRV: Ignore early data when rejected
 2024-02-06 13:16:03 +00:00
Dave Rodgman
ec9936d122 Improve gcc guards 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-06 13:04:09 +00:00
Dave Rodgman
b327a1e706 Change unaligned access method for old gcc 
gcc bug https://gcc.gnu.org/bugzilla/show_bug.cgi?id=94662 shows
that __attribute__ aligned may be ignored.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-06 11:32:01 +00:00
Chien Wong
4e9683e818
Reduce many unnecessary static memory consumption 
.data section of ssl_client1 becomes 320 bytes smaller on AMD64.

Signed-off-by: Chien Wong <m@xv97.com>
 2024-02-06 17:50:44 +08:00