mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-29 21:33:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
23,521 Commits 170 Branches 263 Tags
Commit Graph

10391 Commits

Author SHA1 Message Date
Gabor Mezei
b1c62caa1f
Add documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-15 18:13:48 +01:00
Gabor Mezei
2cb630edee
Change the ecp_mod_p521_raw to be testable 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-15 18:05:22 +01:00
Gabor Mezei
8450ab9c60
Fix Secp521r1 reduction 
The prototype calculated with wrong limb size and not taken into account
the overflow in the shared limb.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-15 18:03:03 +01:00
Gabor Mezei
42df16c84b
Extract Secp521r1 from the prototype 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-15 18:02:57 +01:00
Gilles Peskine
e2a9f86755
Merge pull request #6971 from gabor-mezei-arm/6026_Secp192r1_fast_reduction 
Extract Secp192r1 fast reduction from the prototype
 2023-02-15 16:22:36 +01:00
Paul Elliott
9fe12f666b PSA level initial implementation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 12:13:17 +00:00
Paul Elliott
2d247923e5 Initial empty driver wrapper implementation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 12:13:17 +00:00
Gilles Peskine
edc6ae9578
Merge pull request #7090 from paul-elliott-arm/fix_iar_warnings_dev 
Fix IAR Warnings
 2023-02-14 20:01:00 +01:00
Gabor Mezei
0b4b8e3c5e
Update documentation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-14 16:36:38 +01:00
Dave Rodgman
319a5675db
Merge pull request #7084 from daverodgman/sizemax-uintmax 
Assume SIZE_MAX >= INT_MAX, UINT_MAX
 2023-02-14 10:06:22 +00:00
Ronald Cron
70341c17b7
Merge pull request #6773 from yanrayw/6675-change-early_secrets-to-local 
TLS 1.3: Key Generation: Change tls13_early_secrets to local variable
 2023-02-14 09:03:32 +01:00
Paul Elliott
1748de160a Fix IAR Warnings 
IAR was warning that conditional execution could bypass initialisation of
variables, although those same variables were not used uninitialised.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-13 15:35:35 +00:00
Gabor Mezei
a264831cff
Update documentation and add comments 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2023-02-13 16:29:05 +01:00
Andrzej Kurek
7a05fab716 Added the uniformResourceIdentifier subtype for the subjectAltName. 
Co-authored-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-13 10:03:07 -05:00
Manuel Pégourié-Gonnard
d3d8c852a0
Merge pull request #6997 from valeriosetti/issue6858 
driver-only ECDSA: get testing parity in X.509
 2023-02-13 15:30:06 +01:00
Valerio Setti
178b5bdddf pk: move MBEDTLS_PK_CAN_ECDSA_SOME macro to pk.h and fix tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-13 11:15:06 +01:00
Dave Rodgman
ab1f3c153a
Merge pull request #7081 from tom-cosgrove-arm/dont-use-lstrlenW 2023-02-10 20:50:07 +00:00
Dave Rodgman
4a5c9ee7f2 Remove redundant SIZE_MAX guards 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-10 16:03:44 +00:00
Gilles Peskine
b8531c4b0b
Merge pull request #6882 from AndrzejKurek/x509_san_parsing_testing-dev 
X.509: Fix bug in SAN parsing and enhance negative testing
 2023-02-10 15:05:32 +01:00
Dave Rodgman
f691268ee9 Add missing initialisers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-10 12:56:10 +00:00
Demi Marie Obenour
35598adb78 pkcs7: Check that hash algs are in digestAlgorithms 
Since only a single hash algorithm is currenlty supported, this avoids
having to perform hashing more than once.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
 2023-02-10 12:56:10 +00:00
Demi Marie Obenour
6cfc469296 pkcs7: reject signatures with internal data 
A CMS signature can have internal data, but mbedTLS does not support
verifying such signatures.  Reject them during parsing.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-10 12:56:10 +00:00
Demi Marie Obenour
e373a254c4 pkcs7: do not store content type OIDs 
They will always be constant.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
 2023-02-10 12:56:10 +00:00
Demi Marie Obenour
55d9df25ef Simple cleanup 
No change in behavior.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
 2023-02-10 12:56:10 +00:00
Demi Marie Obenour
4ec8355795 Check for junk after SignedData 
There must not be any.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
 2023-02-10 12:56:10 +00:00
Demi Marie Obenour
aaf3c0028d pkcs7: do not store content type OID 
Since only one content type (signed data) is supported, storing the
content type just wastes memory.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
 2023-02-10 12:56:10 +00:00
Demi Marie Obenour
512818b1d2 pkcs7: check that content lengths fill whole buffer 
Otherwise invalid data could be accepted.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-10 12:56:10 +00:00
Dave Rodgman
a22749e749
Merge pull request #6816 from nick-child-ibm/pkcs7_coverage 
Pkcs7 coverage
 2023-02-10 12:55:29 +00:00
Tom Cosgrove
b96c309395 Don't use lstrlenW() on Windows 
The lstrlenW() function isn't available to UWP apps, and isn't necessary, since
when given -1, WideCharToMultiByte() will process the terminating null character
itself (and the length returned by the function includes this character).

Resolves #2994

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-02-10 12:52:13 +00:00
Ronald Cron
834e65d47f
Merge pull request #6499 from xkqian/tls13_write_end_of_early_data 
Tls13 write end of early data
 2023-02-10 11:08:22 +01:00
Dave Rodgman
78c6f40736
Fix code-style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-09 09:21:14 +00:00
Nick Child
14f255f332 pkcs7: Remove unnecessary dependencies 
stdio, stdlib and string header files are not
used. Remove them.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-02-08 15:38:48 +00:00
Valerio Setti
ce0caa3384 oid: fix comment in #endif 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti
f972ce8d69 oid: replace ECDSA_C with new macros for ECDSA capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Xiaokang Qian
0de0d863b6 Rebase code to restore reco-delay and fix some style issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 07:41:42 +00:00
Xiaokang Qian
8dc4ce76c7 Fix various coding style and comment issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
6b980011e5 Replace session_negotiate->ciphersuite with handshake->ciphersuite_info->id 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
53c4c27d35 Update the comment of ciphersuite check for early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
64bc9bc33d Add comments to describe the early data behavior-encrypt/rejected... 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
e04afdc44f Refine the condition of whether re-generate early keys 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
eb31cbc791 Share the hash check code between ticket and external psk 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
4ef8ba2938 Assign the ciphersuite in finalize_hrr{server_hello} 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
bb883244aa Remove useless comments of outbound switch 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
02f5e14073 Combine the alert check of selected_id and ciphercuite 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
934ce6f6a9 Rename the finalize_client{server}_hello() 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
ac4c625dea Add hash check of ciphersuite for ticket psk 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
6be8290aba Change to CCS after client hello only if we offer early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
7179f810f1 Restore the empty lines 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
b58462157e Refine the ciphersuite and select id check for early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
44051f6376 Refine the state change after write client hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00