mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-04 04:13:40 +00:00

Author	SHA1	Message	Date
Daniel Otte	39f361466b	avoid errorneous computation of RSA_PRV_DER_MAX_BYTES if MBEDTLS_MPI_MAX_SIZE is odd. if MBEDTLS_MPI_MAX_SIZE is odd then RSA_PRV_DER_MAX_BYTES will be two less than expected, since the macros are lacking parentheses. Signed-off-by: Daniel Otte <d.otte@wut.de>	2021-02-01 14:23:30 +01:00
Ronald Cron	21b5616ea3	psa: Move PSA client code Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-02-01 13:17:06 +01:00
Ronald Cron	d7906327ca	psa: Add psa_crypto_client.c Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-02-01 13:16:44 +01:00
Ronald Cron	3768ac12a8	Add MBEDTLS_PSA_CRYPTO_CLIENT configuration option Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-02-01 13:16:01 +01:00
Gilles Peskine	53943ca434	Merge pull request #3992 from stevew817/feature/ecp_no_fallback Add a flag for disabling software fallback in ecp.c	2021-01-29 16:08:51 +01:00
Janos Follath	a209f34faf	Merge pull request #3996 from stevew817/feature/allow_reading_external_keys Allow loading external wrapped keys	2021-01-29 13:34:11 +00:00
Janos Follath	594d7afa00	Merge pull request #3994 from stevew817/feature/cmac_self_test_skip_unsupported Allow CMAC self test to skip tests for unsupported primitives	2021-01-29 13:17:17 +00:00
paul-elliott-arm	a14d1642f4	Merge pull request #4008 from stevew817/bugfix/fix_dependencies Fix warnings and dependencies when using _ALT in test	2021-01-29 12:24:54 +00:00
Steven Cooreman	c7da6a48dd	Update comment to only apply to AES-192 Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-01-29 11:09:50 +01:00
Ronald Cron	318515b384	Merge pull request #3984 from gabor-mezei-arm/3268_update_macros_for_ouput_buffer_size_renames Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0	2021-01-29 09:31:59 +01:00
Steven Cooreman	7dadf14e7b	Minor language correction after review Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-01-28 19:46:52 +01:00
David Carlier	2b8c2657e4	Implements getrandom's wrapper for handful of BSD. Signed-off-by: David Carlier <devnexen@gmail.com>	2021-01-26 17:03:51 +00:00
Steven Cooreman	d80e8a4112	Check for existence of key material on store/load Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-01-26 14:28:48 +01:00
gabor-mezei-arm	86326a9131	Fix possible error codes in the documentation Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-01-26 13:48:26 +01:00
Steven Cooreman	107409f470	Apply review feedback Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-01-26 12:01:22 +01:00
Janos Follath	b034683a70	Merge pull request #4007 from stevew817/feature/alt_implementation_is_not_deterministic Don't self-test ECJPAKE ALT implementations against known entropy	2021-01-25 12:39:03 +00:00
Steven Cooreman	64f2773eab	Skip tests requiring known entropy for ECJPAKE ALT implementations These implementations don't necessarily consume entropy the same way the mbed TLS internal software implementation does, and the 'reference handshake' test vectors can thus not be applied to an ALT implementation. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-01-22 14:23:08 +01:00
Steven Cooreman	7eb2aa0dc1	Reworked NO_FALLBACK logic according to review feedback Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-01-22 09:43:59 +01:00
gabor-mezei-arm	cbcec21684	Rename output buffer size macros Rename existing support macros for output buffer sizes for PSA Crypto API 1.0.0 Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-01-21 13:17:25 +01:00
Gilles Peskine	43f958b24d	Rename unnamespaced identifiers Rename the enum constants TLS12_PRF_xxx, which are declared in a public header but not intended for use in application code, to start with MBEDTLS_PSA_. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-20 17:42:25 +01:00
Steven Cooreman	03f40849c5	Apply suggestions from code review Code style changes. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com> Co-authored-by: Chris Jones <70633990+chris-jones-arm@users.noreply.github.com>	2021-01-19 13:34:56 +01:00
Dave Rodgman	6fbff5b557	Merge pull request #3698 from darrenkrahn/development Mark basic constraints critical as appropriate.	2021-01-17 18:06:18 +00:00
Steven Cooreman	ac3434fc19	Apply review feedback Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-01-15 20:43:23 +01:00
Steven Cooreman	b2f3e6ca35	Restrict test skipping to AES-192 specifically Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-01-15 16:49:55 +01:00
paul-elliott-arm	94ca18733a	Merge pull request #3809 from AndrzejKurek/refactor-variable-buffers Refactor variable I/O buffers feature to reduce code duplication	2021-01-14 14:25:56 +00:00
Steven Cooreman	fa6641b806	Avoid unreferenced item warnings in ECDSA when ALT is in use Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-01-11 17:11:39 +01:00
Andrzej Kurek	069fa96cd7	Use size_t instead of uint32_t for ssl I/O buffer lengths Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2021-01-11 09:13:58 -05:00
Andrzej Kurek	4a0637981b	Refactor the variable I/O buffer size feature Reduce code duplication to simplify the feature and reduce code size. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2021-01-11 09:12:53 -05:00
Steven Cooreman	655b012b6c	Unconditionally include platform.h in CMAC As is the case for aes.c et al Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-01-11 14:34:51 +01:00
Steven Cooreman	98435ddf84	Allow loading wrapped keys even when SE support is compiled in Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-01-11 11:33:10 +01:00
Steven Cooreman	830d5af2f3	Allow CMAC self test to skip tests for unsupported primitives Same type of skipping as in AES and GCM self test routines. Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-01-08 18:01:46 +01:00
Steven Cooreman	97b4984657	Add a flag for disabling fallback in ecp.c Signed-off-by: Steven Cooreman <steven.cooreman@silabs.com>	2021-01-08 16:43:43 +01:00
Gilles Peskine	dbf6896c82	mbedtls_to_psa_error: prefer dispatching on the low-level error When an Mbed TLS error code combines a low-level error and a high-level error, the low-level error is usually closer to the root cause (for example HW_ACCEL_FAILED or ENTROPY_SOURCE_FAILED is more informative than RSA_PRIVATE_FAILED). So prioritize the low-level code when converting to a PSA error code, rather than the high-level code as was (rather arbitrarily) done before. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-06 20:04:23 +01:00
Gilles Peskine	ae3741e8a4	Fix an incorrect error code if RSA private operation glitched mbedtls_rsa_private() could return the sum of two RSA error codes instead of a valid error code in some rare circumstances: * If rsa_prepare_blinding() returned MBEDTLS_ERR_RSA_RNG_FAILED (indicating a misbehaving or misconfigured RNG). * If the comparison with the public value failed (typically indicating a glitch attack). Make sure not to add two high-level error codes. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-06 18:22:40 +01:00
Gilles Peskine	40d8160c8e	mbedtls_to_psa_error: fix a copypasta and a missing translation Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-06 18:22:40 +01:00
Gilles Peskine	a51e1dbe76	Merge pull request #3895 from gilles-peskine-arm/psa-external-random Alternative random generator support for PSA	2021-01-06 17:09:11 +01:00
Manuel Pégourié-Gonnard	75fdd0640f	Merge pull request #3973 from stroebeljc/development Fixed seed variable concatenation pointer.	2021-01-06 10:07:52 +01:00
Gilles Peskine	73d783244f	Merge pull request #3969 from frestr/bugfix/psa_close_key_leak PSA Crypto: Don't skip key data removal when SE driver is not in use	2021-01-05 16:55:52 +01:00
Gilles Peskine	9c3e060253	Explain the design of mbedtls_psa_get_random better Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-05 16:03:55 +01:00
Gilles Peskine	0c59ba88cb	Fix the error detection in psa_generate_random If a call to mbedtls_psa_get_random other than the last one failed, this went undetected. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-05 14:10:59 +01:00
stroebeljc	d4de1b5d4e	Updated per comments from @gilles-peskine-arm. Signed-off-by: stroebeljc <stroebeljc1@gmail.com>	2021-01-04 18:14:32 -06:00
Gilles Peskine	71ddab9154	Simplify the chunk loop in psa_generate_random Make the code slightly more readable and slightly smaller. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-04 21:01:07 +01:00
Gilles Peskine	88fa5c463e	Minor documentation improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-01-04 21:00:53 +01:00
$ENT\stroej1$ ENT\stroej1	70f63d0883	Added references to the NIST test data used in the self-test function. Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>	2020-12-28 08:50:23 -06:00
$ENT\stroej1$ ENT\stroej1	df307002cf	Updated self test to use NIST test vectors and produce proper result. Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>	2020-12-26 12:41:04 -06:00
$ENT\stroej1$ ENT\stroej1	a0deec0509	Extended test vectors to accomodate addition of nonce to test input array and updated results. Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>	2020-12-24 15:26:27 -06:00
$ENT\stroej1$ ENT\stroej1	1446211e5e	Update self-test vectors to include nonce and test it as part of reseeding. Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>	2020-12-24 12:24:35 -06:00
$ENT\stroej1$ ENT\stroej1	4b91986a76	Fixed seed variable concatenation pointer. Signed-off-by: ENT\stroej1 <john.stroebel@medtronic.com>	2020-12-23 19:23:05 -06:00
Fredrik Strupe	462aa575a4	PSA Crypto: Don't skip key data removal when SE driver is not in use Closing a wrapped key with the new SE driver interface while MBEDTLS_PSA_CRYPTO_SE_C is also enabled leads to the key material not being freed, even though an old SE driver is not in use, leading to a memory leak. This is because a wrapped key is also considered external. This commit extends the check for skipping by checking whether an old-style SE driver is registered with the provided slot, in addition to checking whether the key is external. Signed-off-by: Fredrik Strupe <fredrik.strupe@silabs.com>	2020-12-17 11:05:36 +01:00
Gilles Peskine	b3cd9633f4	Pacify check-names.sh Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2020-12-14 19:54:24 +01:00

... 2 3 4 5 6 ...

6430 Commits