mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-07 13:22:46 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
31,119 Commits 172 Branches 267 Tags
Commit Graph

151 Commits

Author SHA1 Message Date
Elena Uziunaite
2fbe012f03 Replace MBEDTLS_MD_CAN_SHA3_256 with PSA_WANT_ALG_SHA3_256 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-04 19:41:02 +01:00
Ronald Cron
cd906958df
Merge pull request #9214 from eleuzi01/replace-mbedtls-md-can-sha3-512 
Replace MBEDTLS_MD_CAN_SHA3_512 with PSA_WANT_ALG_SHA3_512
 2024-07-04 13:31:47 +00:00
Elena Uziunaite
e8cd45ca65 Replace MBEDTLS_MD_CAN_SHA3_512 with PSA_WANT_ALG_SHA3_512 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-04 11:39:46 +01:00
Ronald Cron
2cf41a273e
Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384 
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
 2024-07-04 08:56:52 +00:00
Ronald Cron
45aa4d50de
Merge pull request #9125 from eleuzi01/replace-mbedtls-md-can-ripemd160 
Replace MBEDTLS_MD_CAN_RIPEMD160 with PSA_WANT_ALG_RIPEMD160
 2024-07-04 08:38:40 +00:00
Elena Uziunaite
b476d4bf21 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-03 10:20:41 +01:00
Elena Uziunaite
fcc9afaf9d Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-02 11:08:04 +01:00
Elena Uziunaite
1b6fb219e9 Replace MBEDTLS_MD_CAN_RIPEMD160 with PSA_WANT_ALG_RIPEMD160 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-06-20 16:35:29 +01:00
Ryan Everett
791fc2e24c Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-08 14:26:29 +00:00
Valerio Setti
e581e140cc oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C 
This commit also updates test_suite_pkparse.data file adding
MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-29 16:35:58 +01:00
Dave Rodgman
e4a6f5a7ec Use size_t cast for pointer subtractions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-21 17:09:46 +00:00
Dave Rodgman
16799db69a update headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 19:47:20 +00:00
Ryan Everett
1a91309324 Restore array formatting 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2023-10-12 12:00:01 +01:00
Maciej Zwoliński
720c638717 Add AES encrypted keys support for PKCS5 PBES2 
Signed-off-by: Maciej Zwoliński <mac.zwolinski@gmail.com>
 2023-10-12 12:00:01 +01:00
Valerio Setti
db6b4db7a0 Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
6d809cc969 lib/test: use new internal helpers in library's code and tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
f250ada3ab tls/oid: add PSA_WANT_ECC_xxx guards together with existing MBEDTLS_ECP_DP_xxx 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:40 +02:00
Dave Rodgman
f2e3eb8bd9 Add OID for HMAC-RIPEMD160 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-27 15:46:05 +01:00
Dave Rodgman
5cc67a3ee2 Add OIDs for HMAC-SHA3 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-27 14:44:35 +01:00
Dave Rodgman
a2cdc840de Fix pre-existing missing closing #endif comment 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-27 14:44:13 +01:00
Dave Rodgman
527f48f14d Add OID definitions for SHA3 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-07-05 18:57:30 +01:00
Valerio Setti
81d75127ba library: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-19 19:24:05 +02:00
Gilles Peskine
d598eaf212
Merge pull request #7106 from davidhorstmann-arm/parse-oid-from-string 
Parse an OID from a string
 2023-06-06 20:57:17 +02:00
David Horstmann
62e7fae109 Fix bug in calculation of maximum possible bytes 
Each DER-encoded OID byte can only store 7 bits of actual data, so take
account of that.

Calculate the number of bytes required as:

number_of_bytes = ceil(subidentifier_size * 8 / 7)

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-02 15:51:28 +01:00
David Horstmann
02127ab022 Allow subidentifiers of size UINT_MAX 
Make overflow check more accurate and add testcases

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-02 15:51:17 +01:00
David Horstmann
45d5e2dc1a Rename minimum_mem to resized_mem 
This new name is clearer about its purpose.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-01 15:10:33 +01:00
David Horstmann
5d074168f3 Rearrange declarations for readability 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-01 15:09:27 +01:00
David Horstmann
017139751a Change behaviour away from NUL-terminated strings 
Instead, require the length of the string to be passed. This is more
useful for our use-case, as it is likely we will parse OIDs from the
middle of strings.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-01 15:04:20 +01:00
David Horstmann
6883358c16 Hoist variable declarations to before goto 
This should appease IAR, which does not like declarations in the middle
of goto sequences.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-05-31 17:27:28 +01:00
David Horstmann
25d65e8527 Refactor while loop for simplicity 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-05-31 14:53:07 +01:00
David Horstmann
ada7d72447 Improve line spacing after variable declarations 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-05-31 14:49:56 +01:00
Gilles Peskine
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids 
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
 2023-05-08 20:38:29 +02:00
Jethro Beekman
0167244be4 Read and write X25519 and X448 private keys 
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
 2023-05-04 13:01:47 +02:00
David Horstmann
9643575d92 Limit OIDs to 128 components 
The longest OID known by oid-info.com is 34 components[1], so 128
should be plenty and will limit the potential for attacks.

[1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-04-26 11:50:14 +01:00
David Horstmann
861e5d2742 Change to using an alloc-realloc strategy 
Allocate enough memory to guarantee we can store the OID, encode into
the buffer, then realloc and copy into a buffer of exactly the right
size.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-04-19 18:37:45 +01:00
Valerio Setti
d4a5d461de library: add remaining changes for the new ECP_LIGHT symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Przemek Stekiel
db323aa241 Fix Subject Key Identifier, Authority Key Identifier entries in oid_x509_ext 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-04 17:48:28 +02:00
toth92g
a41954d0cf Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions. Updating mbedtls_x509_crt_free function to also free the new dynamic elements (issuer field of AuthorityKeyId). 
A few tests are also added which test the feature with a correct certificate and multiple ones with erroneous ASN1 tags.

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
Manuel Pégourié-Gonnard
7224086ebc Remove legacy_or_psa.h 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
ebef58d301 OID + misc crypto: use MD_CAN and fix failures 
After this, only PK, X.509 and TLS remain to be done.

Deterministic uses HMAC-DRBG which uses MD, so it needs crypto_init()
when using a driver-only hash.

Also, remove a special-purpose macro that's no longer needed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:28:00 +01:00
Demi Marie Obenour
889534a4d2 Fix segfault in mbedtls_oid_get_numeric_string 
When passed an empty OID, mbedtls_oid_get_numeric_string would read one
byte from the zero-sized buffer and return an error code that depends on
its value.  This is demonstrated by the test suite changes, which
check that an OID with length zero and an invalid buffer pointer does
not cause Mbed TLS to segfault.

Also check that second and subsequent subidentifiers are terminated, and
add a test case for that.  Furthermore, stop relying on integer division
by 40, use the same loop for both the first and subsequent
subidentifiers, and add additional tests.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
 2023-03-16 01:06:41 -04:00
David Horstmann
ce16474d91 Correct INT_MAX overflow check to UINT_MAX 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-23 13:50:48 +00:00
David Horstmann
376e8df9d6 Clarify structure of parsing with comments: 
1. Parse through to get the required buffer length.
2. Having allocated a buffer, parse into the buffer.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 18:27:59 +00:00
David Horstmann
89d67bd472 Remove superfluous sizeof(unsigned char) 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 18:27:59 +00:00
David Horstmann
7cdfda12da Fixup: Correct signedness of val local variable 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 18:27:59 +00:00
David Horstmann
0f4ee418d8 Use return for errors only in oid_parse_number() 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 18:27:59 +00:00
David Horstmann
59400ffed5 Improve header docs and rename parameter 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 18:27:59 +00:00
David Horstmann
03329970de Correct error in processing of second component 
Root nodes 0 and 1 may have up to 40 children (0 - 39), not 39 children
(0 - 38) as previously thought.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 18:27:59 +00:00
David Horstmann
18ec9d7da1 Change some error codes to be more accurate 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 18:27:59 +00:00
David Horstmann
92337c0e62 Add function to parse an OID from a string 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-02-22 16:34:26 +00:00