mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-25 18:39:54 +00:00

Author	SHA1	Message	Date
Demi Marie Obenour	512818b1d2	pkcs7: check that content lengths fill whole buffer Otherwise invalid data could be accepted. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-10 12:56:10 +00:00
Dave Rodgman	a22749e749	Merge pull request #6816 from nick-child-ibm/pkcs7_coverage Pkcs7 coverage	2023-02-10 12:55:29 +00:00
Tom Cosgrove	b96c309395	Don't use lstrlenW() on Windows The lstrlenW() function isn't available to UWP apps, and isn't necessary, since when given -1, WideCharToMultiByte() will process the terminating null character itself (and the length returned by the function includes this character). Resolves #2994 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-02-10 12:52:13 +00:00
Ronald Cron	834e65d47f	Merge pull request #6499 from xkqian/tls13_write_end_of_early_data Tls13 write end of early data	2023-02-10 11:08:22 +01:00
Dave Rodgman	78c6f40736	Fix code-style Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-09 09:21:14 +00:00
Nick Child	14f255f332	pkcs7: Remove unnecessary dependencies stdio, stdlib and string header files are not used. Remove them. Signed-off-by: Nick Child <nick.child@ibm.com>	2023-02-08 15:38:48 +00:00
Valerio Setti	ce0caa3384	oid: fix comment in #endif Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:52:31 +01:00
Valerio Setti	f972ce8d69	oid: replace ECDSA_C with new macros for ECDSA capabilities Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:52:31 +01:00
Valerio Setti	80d0798ae8	pk_wrap: use new macros for ECDSA capabilities Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:49:17 +01:00
Valerio Setti	5c032b5e1b	pk_wrap: fix comment in ecdsa_verify_wrap Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:39:10 +01:00
Valerio Setti	b761b15f06	fix code style Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:39:10 +01:00
Valerio Setti	1337a4f334	pk_wrap: use specific lengths for EC's private key and key-pair Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:39:10 +01:00
Valerio Setti	5bc52248ef	pk_wrap: fix for DETERMINISTIC_ECDSA case in ecdsa_sign_wrap() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:39:10 +01:00
Gilles Peskine	8a6022e948	Clean up header inclusions in pk_wrap.c To better reflect what the code relies on, limit the headers that are included when MBEDTLS_USE_PSA_CRYPTO is disabled. Also stop including "pkwrite.h" when it is no longer needed. Include "mbedlts/platform_util.h" unconditionally. It was only included for RSA ALT but was also used for MBEDTLS_USE_PSA_CRYPTO (the code worked because other headers include "mbedtls/platform_util.h"). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-08 13:39:10 +01:00
Gilles Peskine	13caa94746	Don't use pk_write in ecdsa_sign_wrap with USE_PSA_CRYPTO Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_sign_wrap() was calling mbedtls_pk_write_key_der() to write a private key in SEC1 format, only to then extract the part that represents the private value which is what psa_import_key() actually wants. Instead, call an mpi function to directly get the private key in the desired format. This slightly reduces the code size and stack usage, and removes a dependency on pk_write. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-08 13:39:10 +01:00
Gilles Peskine	b4a87b07f8	Don't use pk_write in ecdsa_verify_wrap with USE_PSA_CRYPTO Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_verify_wrap() was calling mbedtls_pk_write_pubkey() to write a public key in the form of a subjectPublicKey, only to then extract the part that represents the EC point which psa_import_key() actually wants. Instead, call an ecp function to directly get the public key in the desired format (just the point). This slightly reduces the code size and stack usage, and removes a dependency on pk_write. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-08 13:39:10 +01:00
Xiaokang Qian	0de0d863b6	Rebase code to restore reco-delay and fix some style issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 07:41:42 +00:00
Xiaokang Qian	8dc4ce76c7	Fix various coding style and comment issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	6b980011e5	Replace session_negotiate->ciphersuite with handshake->ciphersuite_info->id Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	53c4c27d35	Update the comment of ciphersuite check for early data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	64bc9bc33d	Add comments to describe the early data behavior-encrypt/rejected... Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	e04afdc44f	Refine the condition of whether re-generate early keys Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	eb31cbc791	Share the hash check code between ticket and external psk Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	4ef8ba2938	Assign the ciphersuite in finalize_hrr{server_hello} Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	bb883244aa	Remove useless comments of outbound switch Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	02f5e14073	Combine the alert check of selected_id and ciphercuite Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	934ce6f6a9	Rename the finalize_client{server}_hello() Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	ac4c625dea	Add hash check of ciphersuite for ticket psk Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	6be8290aba	Change to CCS after client hello only if we offer early data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	7179f810f1	Restore the empty lines Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	b58462157e	Refine the ciphersuite and select id check for early data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	44051f6376	Refine the state change after write client hello Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	7892b6caad	Refine the comment about generating early secrects in post server hello Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	bd0ab06d50	Skip CCS once we proposed early data even it is rejected Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	f6d8fd3d6b	Improve the coding style of new lines Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Xiaokang Qian	79f77528f5	Move state change to finalize client hello Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	3f616c2493	Move selected_identity zero check to post_server_hello Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	1d8e86ce00	Get hash_alg by mbedtls_psa_translate_md Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	ea28a78384	Revert new field and check ciphersuite match when resume by exist info_id Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	4224244883	Improve coding styles and add comments Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	33ff868dca	Fix various errors Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	43a83f247c	Move the place where call set_outbound_transform to switch handshake key Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	907461319a	Fix compile error and warnings Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	f10f474981	Check server selected cipher suite indicating a Hash associated with the PSK Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	592021aceb	Add CCS after client hello in case of early data and comp mode Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	303f82c5b9	Skip generating early secrets in some cases Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	b46275c7ec	Add TLS1_3 guard to finalize_write_client_hello() to fix compile issue Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:43 +00:00
Xiaokang Qian	2a674937dd	Pend a illeagal allert when selected_identity isn't 0 Handshake should abort will illeagal parameter allert when receiving early data extentions but the selected_identity parsed from pre-share key isn't equal to 0. Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:46:48 +00:00
Xiaokang Qian	126929f825	Move early keys generation into mbedtls_ssl_tls13_finalize_write_client_hello Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:46:45 +00:00
Xiaokang Qian	19d4416a45	Refine code to remove finalize_write_end_of_early_data() Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:44:00 +00:00

... 4 5 6 7 8 ...

10578 Commits