mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-09 01:13:42 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
17,619 Commits 174 Branches 263 Tags
Commit Graph

7568 Commits

Author SHA1 Message Date
Paul Elliott
60116aee9e Invert logic on nonce length tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-29 14:40:16 +01:00
Paul Elliott
355f59edbe Fix formatting issues 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-29 14:40:16 +01:00
Paul Elliott
e716e6c00b Switch cipher enabled macros 
Switch from using MBEDTLS_PSA_BUILTIN_ macros over to using PSA_WANT_
macros, as code was moved from the internal drivers to the PSA Core.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-29 14:40:16 +01:00
Przemyslaw Stekiel
80c6a8e1a6 Add PSA support for MBEDTLS_CIPHER_AES_128_ECB 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-09-29 12:39:21 +02:00
Gilles Peskine
bfe3d87f24
Merge pull request #4842 from gilles-peskine-arm/public_fields-3.0-info 
Make some structure fields public: key info, ASN.1 and X.509 parsing, socket fd
 2021-09-29 12:37:09 +02:00
Jerry Yu
d96a5c2d86 Fix wrong usage of counter len macro 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-29 17:46:51 +08:00
Manuel Pégourié-Gonnard
1869377146
Merge pull request #4942 from yuhaoth/pr/add-tls13-client-dummy-state-handlers 
add tls13 client dummy state handlers and improve dispatch test
 2021-09-29 10:45:16 +02:00
Paul Elliott
baff51c8b7 Make sure nonce length checks use base algorithm 
Nonce length checks are now being used in the oneshot AEAD code as well,
which passes variant algorithms, not the base version, so need to
convert to base if necessary.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-28 17:47:24 +01:00
Paul Elliott
814f0c5fb1 Remove check for lack of supported ciphers 
Add comment explaining (currently) empty function.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-28 14:42:36 +01:00
Paul Elliott
946c920475 Add safety for nonce length to internal driver 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-28 14:42:36 +01:00
Jerry Yu
d9a94fe3d0 Add counter length macro 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-28 20:10:26 +08:00
Jerry Yu
6ca7c7fd6b Remove useless variables 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-28 18:51:40 +08:00
Paul Elliott
bb0f9e1740 Move all nonce length checks to PSA Core 
Remove duplicated code from oneshot API

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-28 11:16:27 +01:00
Paul Elliott
dff6c5d963 Restore internal driver for aead_set_lengths 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-28 11:16:27 +01:00
Jerry Yu
ad8d0bad10 Keep consistency order. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-28 17:58:26 +08:00
Jerry Yu
d52398d31f fix double underscore fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-28 16:13:44 +08:00
Paul Elliott
4ed1ed18d2 Move nonce size checking to PSA Core 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-27 18:24:11 +01:00
Paul Elliott
325d374e3d Move set lengths checking to PSA Core 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-27 18:24:11 +01:00
Paul Elliott
c78833abc7 Add reminder of assumption to documentation 
Key size is not verified by this function, but by the level above it.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-27 16:00:40 +01:00
Gilles Peskine
7820a574f1 Catch failures of AES or DES operations 
Declare all AES and DES functions that return int as needing to have
their result checked, and do check the result in our code.

A DES or AES block operation can fail in alternative implementations of
mbedtls_internal_aes_encrypt() (under MBEDTLS_AES_ENCRYPT_ALT),
mbedtls_internal_aes_decrypt() (under MBEDTLS_AES_DECRYPT_ALT),
mbedtls_des_crypt_ecb() (under MBEDTLS_DES_CRYPT_ECB_ALT),
mbedtls_des3_crypt_ecb() (under MBEDTLS_DES3_CRYPT_ECB_ALT).
A failure can happen if the accelerator peripheral is in a bad state.
Several block modes were not catching the error.

This commit does the following code changes, grouped together to avoid
having an intermediate commit where the build fails:

* Add MBEDTLS_CHECK_RETURN to all functions returning int in aes.h and des.h.
* Fix all places where this causes a GCC warning, indicating that our code
  was not properly checking the result of an AES operation:
    * In library code: on failure, goto exit and return ret.
    * In pkey programs: goto exit.
    * In the benchmark program: exit (not ideal since there's no error
      message, but it's what the code currently does for failures).
    * In test code: TEST_ASSERT.
* Changelog entry.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-09-27 16:22:08 +02:00
Jerry Yu
148165cc6f Remove psa version of get_handshake_transcript 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
957f0fa1f7 Add length macro for in_ctr 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
e06f4532ef remove useless code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
4836952f9d fix tls1_3 prefix issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
92c1ca221f fix likely typos error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
b65eb2f3cf Revert "tls13: add generate handshake keys" 
This reverts commit f02ca4158674b974ae103849c43e0c92efc40e8c.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
5243142476 Add macro for length of input counter 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
e3131ef7f3 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
a63de352dc Revert "tls13: add ecdh_read_public" 
This reverts commit 6a9d2ee4df88028e352e50d4f48687ce5b0f26ac.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
000f976070 Rename get_handshake_transcript 
- Remove tls13 prefix
- Remove TLS1_3 macro wrap

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
c7875b5f11 add set in/out transform utils 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
d3f73349a7 tls13: add ecdh_read_public 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
7bea4bac96 tls13: add checksum of handshake message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
4925ef5da1 tls13: add generate handshake keys 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
89ea321d96 tls13: add key_schedule_stage_early_data 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
24c0ec31f9 tls13: add get_handshake_transcript 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
3bf1f97a0e fix various issue on pending send alert 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:25:38 +08:00
Jerry Yu
bbd5a3fded fix pending_alert issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:25:38 +08:00
Jerry Yu
394ece6cdd Add function for set pending alert flag 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:25:38 +08:00
Jerry Yu
e7047819ee add pend fatal alert 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:25:38 +08:00
Jerry Yu
e86cd65754 fix unused-variable fail without MBEDTLS_DEBUG_C 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:25:05 +08:00
Jerry Yu
860b4ee42e Rename *_read_* to *_process_* 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:25:05 +08:00
Jerry Yu
6e81b27003 Add client state number check 
It is temporary check. If any change on `mbedtls_ssl_states`, please
double check those tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:25:05 +08:00
Jerry Yu
435756ffc0 Keep consistent order in dummy functions 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:25:05 +08:00
Jerry Yu
6c983524a8 Move msvc compatible fix to common.h 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:25:05 +08:00
Jerry Yu
687101b2e6 tls13: add dummy state machine handler 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:25:05 +08:00
Gilles Peskine
aafb21f320
Merge pull request #4968 from davidhorstmann-arm/fix-aarch64-asm-constraints 
Fix aarch64 assembly for bignum multiplication
 2021-09-27 09:01:15 +02:00
Paul Elliott
71b0567c87 Merge remote-tracking branch 'upstream/development' into psa-m-aead-merge 
Also fiixed the following merge problems:

crypto_struct.h   : Added MBEDTLS_PRIVATE to psa_aead_operation_s
                    members (merge conflict)
psa_crypto_aead.c : Added ciphertext_length to mbedtls_gcm_finish
                    call (change of API during development)

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-24 11:18:13 +01:00
Ronald Cron
f2cb19f921
Merge pull request #4891 from yuhaoth/pr/enable-key-exchange-in-client-hello 
TLS1.3: Client Hello : Add  extensions and test case.
 2021-09-23 18:45:01 +02:00
Paul Elliott
90fdc117dd Make NULL tag check more explicit 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-22 22:34:17 +01:00