mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-11 00:40:05 +00:00

Author	SHA1	Message	Date
Paul Elliott	1c8de15490	Update documentation to tally with recent changes Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-06-22 16:31:09 +01:00
Paul Elliott	bc94978d8c	Add missing unused arguments No algorithm defined case generally doesn't use the operation. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-06-22 16:31:09 +01:00
Paul Elliott	40ef3a9454	Fix state logic and return codes Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-06-01 17:17:58 +01:00
Paul Elliott	83f09ef056	Proper multipart AEAD GCM Implementation Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-06-01 17:17:47 +01:00
Paul Elliott	b2ce2ed6d8	Merge remote-tracking branch 'upstream/development' into psa-m-aead Conflicts: * None	2021-06-01 17:13:19 +01:00
Gilles Peskine	9f5c34cc88	Merge pull request #4596 from gilles-peskine-arm/nist_kw-null_dereference-3.0 Fix null pointer arithmetic in NIST_KW	2021-06-01 16:40:19 +02:00
Gilles Peskine	89ee599092	Fix null pointer arithmetic in error case When mbedtls_nist_kw_wrap was called with output=NULL and out_size=0, it performed arithmetic on the null pointer before detecting that the output buffer is too small and returning an error code. This was unlikely to have consequences on real-world hardware today, but it is undefined behavior and UBSan with Clang 10 flagged it. So fix it (fix #4025). Fix a similar-looking pattern in unwrap, though I haven't verified that it's reachable there. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-01 11:22:56 +02:00
Manuel Pégourié-Gonnard	6d84e917bb	Merge pull request #4568 from creiter32/to_upstream/csr_critical_extensions Expose flag for critical extensions	2021-05-31 12:46:59 +02:00
Ronald Cron	ea62d2f391	Merge pull request #4369 from hanno-arm/relax_psk_config Implement relaxed semantics for static PSK configuration in Mbed TLS 3.0	2021-05-31 10:03:56 +02:00
Ronald Cron	f1eb425782	Merge pull request #4469 from xiaoxiang781216/padlock aes: Check aes_padlock_ace > 0 before calling padlock	2021-05-28 11:06:40 +02:00
Ronald Cron	c44a1d522a	Merge pull request #4507 from Venafi/userid-oid Add OID for User ID	2021-05-28 10:43:41 +02:00
Christoph Reiter	95273f4b07	Expose flag for critical extensions Enables creating X.509 CSRs with critical extensions. Signed-off-by: Christoph Reiter <christoph.reiter@infineon.com>	2021-05-27 14:27:43 +02:00
Ronald Cron	142c205ffc	Merge pull request #4513 from Patater/psa-without-genprime-fix psa: Support RSA signature without MBEDTLS_GENPRIME	2021-05-27 14:19:24 +02:00
TRodziewicz	46cccb8f39	_SSL_DTLS_BADMAC_LIMIT config.h option removed Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-26 13:36:21 +02:00
Gilles Peskine	b7abba28e3	Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2 Remove rsa mode params part 2	2021-05-25 20:36:33 +02:00
Gilles Peskine	8a5304d446	Merge pull request #4553 from gilles-peskine-arm/aria_alt-3.0 Fix ARIA_ALT header and self-test and CAMELLIA_ALT self-test	2021-05-25 20:32:40 +02:00
Gilles Peskine	c537aa83f4	CAMELLIA: add missing context init/free This fixes the self-test with alternative implementations. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-05-25 09:23:10 +02:00
Gilles Peskine	be89fea1a7	ARIA: add missing context init/free This fixes the self-test with alternative implementations. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-05-25 09:23:10 +02:00
TRodziewicz	4ca18aae38	Corrections after the code review Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-24 13:38:00 +02:00
TRodziewicz	6370dbeb1d	Remove the _SSL_FALLBACK_ parts Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-24 12:49:59 +02:00
TRodziewicz	2d8800e227	Small corrections in the comments Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-24 12:49:24 +02:00
TRodziewicz	b5850c5216	Correction of too restrictive ssl cli minor check Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-24 12:49:15 +02:00
TRodziewicz	ef73f01927	Removing strayed dtls1 after doing tests Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-24 12:49:04 +02:00
TRodziewicz	28126050f2	Removal of constants and functions and a new ChangeLog file Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-24 12:48:12 +02:00
TRodziewicz	0f82ec6740	Remove the TLS 1.0 and 1.1 support Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-24 12:45:20 +02:00
Paul Elliott	3a16e014f2	Ensure tag lengths match in verification Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-21 18:05:04 +01:00
Paul Elliott	f47b0957ab	Set tag to 'impossible' value on failure to encrypt Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-21 18:05:04 +01:00
Paul Elliott	6eb959854b	Improve state logic Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-21 18:05:04 +01:00
Paul Elliott	6981fbcf10	Remove unneccessary guard for key unlock Also make sure failure is not hidden by key unlock failure Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-21 18:05:04 +01:00
Paul Elliott	e95259f833	Remove some CCM leftovers Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-21 18:05:04 +01:00
Thomas Daubney	d58ed587fd	Restores erroneously removed checks Some padding checks in rsa.c were erroneously removed in a previous commit and are restored in this commit. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-05-21 11:50:39 +01:00
Janos Follath	7fc487c4d6	Merge pull request #4347 from hanno-arm/ssl_session_cache_3_0 Add session ID as an explicit parameter to SSL session cache API	2021-05-21 09:28:55 +01:00
Ronald Cron	ca72287583	Merge pull request #4304 from mstarzyk-mobica/convert_NO_SHA384_to_positive Modify config option for SHA384.	2021-05-21 08:04:33 +02:00
Paul Elliott	60aa203e30	Remove temporary AEAD CCM implementation Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-20 22:44:32 +01:00
Paul Elliott	e715f88d9d	Fix key slot being used uninitialised on error Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-20 21:55:39 +01:00
Paul Elliott	1a98acac1c	Properly handle GCM's range of nonce sizes Add comment to the effect that we cannot really check nonce size as the GCM spec allows almost arbitrarily large nonces. As a result of this, change the operation nonce over to an allocated buffer to avoid overflow situations. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-20 18:39:58 +01:00
Paul Elliott	ee4ffe0079	Move AEAD length checks to PSA core Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-20 18:39:58 +01:00
Paul Elliott	b91da71db1	Remove unrequired initialisation Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-20 18:39:58 +01:00
Paul Elliott	ac1b3fd5b6	Ensure that key gets unlocked in case of error Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-20 18:39:58 +01:00
Paul Elliott	cee785cd72	Seperate id checks from other state checks Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-20 18:39:58 +01:00
Paul Elliott	bb8bf6649e	Change function signature indentation Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-20 18:39:58 +01:00
Paul Elliott	e9eeea3290	Formatting fixes Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-20 18:39:58 +01:00
Paul Elliott	5c656cbf99	Fix missed incorrect include guard Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-20 18:39:58 +01:00
Paul Elliott	b91f331fce	Correct potential return values in documentation Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-20 18:39:58 +01:00
Paul Elliott	498d3503c4	Misc documentation fixes. Misnamed function calls, typos and missed changes. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-20 18:39:58 +01:00
Paul Elliott	9622c9aae0	Fix updated size macros in documentation Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-20 18:39:58 +01:00
Jaeden Amero	424fa93efd	psa: Support RSA signature without MBEDTLS_GENPRIME On space-constrained platforms, it is a useful configuration to be able to import/export and perform RSA key pair operations, but to exclude RSA key generation, potentially saving flash space. It is not possible to express this with the PSA_WANT_ configuration system at the present time. However, in previous versions of Mbed TLS (v2.24.0 and earlier) it was possible to configure a software PSA implementation which was capable of making RSA signatures but not capable of generating RSA keys. To do this, one unset MBEDTLS_GENPRIME. Since the addition of MBEDTLS_PSA_BUILTIN_KEY_TYPE_RSA_KEY_PAIR, this expressivity was lost. Expressing that you wanted to work with RSA key pairs forced you to include the ability to generate key pairs as well. Change psa_crypto_rsa.c to only call mbedtls_rsa_gen_key() if MBEDTLS_GENPRIME is also set. This restores the configuration behavior present in Mbed TLS v2.24.0 and earlier versions. It left as a future exercise to add the ability to PSA to be able to express a desire for a software or accelerator configuration that includes RSA key pair operations, like signature, but excludes key pair generation. Without this change, linker errors will occur when attempts to call, which doesn't exist when MBEDTLS_GENPRIME is unset. psa_crypto_rsa.c.obj: in function `rsa_generate_key': psa_crypto_rsa.c:320: undefined reference to `mbedtls_rsa_gen_key' Fixes #4512 Signed-off-by: Jaeden Amero <jaeden.amero@arm.com>	2021-05-20 17:08:59 +01:00
Gilles Peskine	e913174c8a	Merge pull request #4543 from gilles-peskine-arm/undefined-reference-3.0 Fix missing compilation guard around psa_crypto_driver_wrappers.c	2021-05-20 17:20:31 +02:00
Gilles Peskine	3248be4b3a	Merge pull request #4462 from netfoundry/gcc11.fixes build with gcc11	2021-05-20 15:54:23 +02:00
Gilles Peskine	f4c1d58607	Merge pull request #4453 from facchinm/crt_in_filesystem_mbed_os mbed-os: allow storing certificates in filesystem	2021-05-20 15:53:47 +02:00

1 2 3 4 5 ...

6958 Commits