Gilles Peskine
f45a5a0ddd
Merge pull request #7700 from silabs-Kusumit/PBKDF2_output_bytes
...
PBKDF2: Output bytes
2023-06-16 10:08:02 +02:00
Gilles Peskine
637c049349
Move mbedtls_ecp_modulus_type out of the public headers
...
This is an internal detail of the ECC arithmetic implementation, only
exposed for the sake of the unit tests
Mbed TLS 3.4.0 was released with the type mbedtls_ecp_modulus_type defined
in a public header, but without Doxygen documentation, and without any
public function or data structure using it. So removing it is not an API
break.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-06-15 19:07:41 +02:00
Przemek Stekiel
ce05f54283
Properly disable ECDH in only (psk) ephemeral ffdh key exchange components
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-15 16:44:08 +02:00
Andrzej Kurek
c6beb3a741
Rename NUL to null in x509 IP parsing description
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-15 09:54:37 -04:00
Tom Cosgrove
6edf8b8c7b
Merge pull request #7451 from yanrayw/7376_aes_128bit_only
...
Introduce config option of 128-bit key only in AES calculation
2023-06-15 10:35:32 +01:00
Yanray Wang
55ef22c2cb
mbedtls_config.h: add description for CTR_DRBG about AES-128 only
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-06-15 10:05:27 +08:00
Przemek Stekiel
7d42c0d0e5
Code cleanup #2
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 12:30:40 +02:00
Przemek Stekiel
75a5a9c205
Code cleanup
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 09:57:23 +02:00
Dave Rodgman
f956312174
Fix typo in MBEDTLS_MD_CAN macros
...
Signed-off-by: Dave Rodgman <dave.rodgman@gmail.com>
2023-06-11 16:04:29 +01:00
Glenn Strauss
61d99304da
mbedtls_x509_time_gmtime() to fill struct w/ time
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-06-09 17:01:03 +01:00
Glenn Strauss
416dc03467
mbedtls_x509_time_cmp() compare mbedtls_x509_time
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2023-06-09 17:01:03 +01:00
Dave Rodgman
0442e1b561
Fix definition of MBEDTLS_MD_MAX_SIZE and MBEDTLS_MD_MAX_BLOCK_SIZE
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-08 16:03:33 +01:00
Manuel Pégourié-Gonnard
1f6d2e352d
Simplify implementation of MD<->PSA translation
...
Also, add tests and comments due from previous commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-08 12:09:20 +02:00
Manuel Pégourié-Gonnard
9b76318138
Change values of md_type enum
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-08 11:48:53 +02:00
Dave Rodgman
9304186ae9
Restore accidentally removed comment
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-08 10:13:22 +01:00
Dave Rodgman
ff45d44c02
Replace MBEDTLS_MD_CAN_SHA3 with MBEDTLS_MD_CAN_SHA3_xxx
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-08 10:11:34 +01:00
Dave Rodgman
b61cd1042a
Correct minor merge mistakes
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 18:14:45 +01:00
Dave Rodgman
05d71ffe5b
Merge remote-tracking branch 'origin/development' into sha3-updated
2023-06-07 18:02:04 +01:00
Dave Rodgman
f9d8f4cd68
Remove reference to SHAKE
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 17:08:29 +01:00
Dave Rodgman
a35551ef01
Use MBEDTLS_PRIVATE
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 17:08:19 +01:00
Dave Rodgman
cf4d2bdc09
Spell as SHA-3 not SHA3
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 17:08:09 +01:00
Dave Rodgman
c3048b3eea
Tidy-up definition of mbedtls_sha3_context
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 16:50:15 +01:00
Dave Rodgman
9d7fa93e6c
move mbedtls_sha3_family_functions out of public interface
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 16:50:15 +01:00
Dave Rodgman
e627bef2f8
Use faster type for state index
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 16:50:15 +01:00
Dave Rodgman
1789d84282
remove not-needed fields from SHA-3 context
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-06-07 16:50:15 +01:00
Andrzej Kurek
5d9aeba899
Fix param documentation for mbedtls_x509_crt_parse_cn_inet_pton
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-07 08:54:35 -04:00
Andrzej Kurek
cd17ecfe85
Use better IP parsing in x509 programs
...
Remove unnecessary duplicated code.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-07 08:50:05 -04:00
Gilles Peskine
13230a4ad3
Merge pull request #7349 from mpg/rm-hash-info
...
Remove `hash_info` module
2023-06-06 21:05:13 +02:00
Gilles Peskine
d598eaf212
Merge pull request #7106 from davidhorstmann-arm/parse-oid-from-string
...
Parse an OID from a string
2023-06-06 20:57:17 +02:00
Przemek Stekiel
ff9fcbcace
ssl_client2, ssl_server2: code optimization + guards adaptation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:53:40 +02:00
Przemek Stekiel
e7db09bede
Move FFDH helper functions and macros to more suitable locations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
Przemek Stekiel
cceb933e30
Add FFDH definitions and translation functions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:07 +02:00
Kusumit Ghoderao
85e6bdb7ad
Add additional members to pbkdf2 struct
...
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
2023-06-06 15:05:39 +05:30
Manuel Pégourié-Gonnard
c9d9829533
Add comment on macros that should be kept in sync
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
f76c2208f6
Remove mbedtls_psa_translate_md().
...
The header clearly states all functions here are internal, so we're free
to remove them at any time.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
45b34517fb
Keep MD and PSA max size in sync
...
Some TLS code is using MD_MAX_SIZE in parts that are common to USE_PSA
and non-USE_PSA, then using PSA_HASH_MAX_SIZE in parts specific to
USE_PSA, and having different values causes trouble.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
725d2e24aa
Fix guard for PSA->MD error conversion
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
1c32e37b0c
Formally deprecate mbedtls_psa_translate_md()
...
The previous informal comment was not enough to prevent it from being
used in several places in the library. This should have more effect,
considering with have builds with DEPRECATED_REMOVED.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
6076f4124a
Remove hash_info.[ch]
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
2d6d993662
Use MD<->PSA functions from MD light
...
As usual, just a search-and-replace plus:
1. Removing things from hash_info.[ch]
2. Adding new auto-enable MD_LIGHT in build-info.h
3. Including md_psa.h where needed
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
9b41eb8533
Replace hash_info_get_type with MD function
...
Mostly a search and replace with just two manual changes:
1. Now PK and TLS need MD light, so auto-enable it.
2. Remove the old function in hash_info.[ch]
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
1ef26e285e
Add convenience inline function to md.h
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-06 10:33:54 +02:00
Gilles Peskine
5c3d6e277c
Merge pull request #7575 from AndrzejKurek/URI-SAN-verification
...
Add partial support for URI SubjectAltNames verification
2023-06-05 16:46:47 +02:00
Gilles Peskine
975d9c0faf
Merge pull request #7530 from AndrzejKurek/misc-subjectaltname-fixes
...
Miscellaneous fixes for SubjectAltName code / docs
2023-06-05 15:38:53 +02:00
Gilles Peskine
84b547b5ee
Merge pull request #7400 from AndrzejKurek/cert-write-sans
...
Add a possibility to generate certificates with a Subject Alternative Name
2023-06-05 15:38:38 +02:00
Manuel Pégourié-Gonnard
f37b94b5bf
Merge pull request #7533 from valeriosetti/issue7484
...
PK: add support for private key writing with "opaque" EC keys
2023-06-05 10:53:53 +02:00
Tom Cosgrove
32b06f50df
Merge pull request #7650 from yanrayw/7360-code-size-tfm-medium
...
code size measurement support for tfm-medium
2023-06-02 13:25:26 +01:00
Andrzej Kurek
1747304a7a
Update the descriptions of SANs
...
All of them are listed, so the previous description was wrong.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-06-01 18:20:24 +01:00
David Horstmann
bf95e9a058
Reword description and change NUL to null
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-01 15:33:15 +01:00
David Horstmann
017139751a
Change behaviour away from NUL-terminated strings
...
Instead, require the length of the string to be passed. This is more
useful for our use-case, as it is likely we will parse OIDs from the
middle of strings.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-06-01 15:04:20 +01:00