mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-22 00:40:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,692 Commits 172 Branches 263 Tags
Commit Graph

13304 Commits

Author SHA1 Message Date
Dave Rodgman
693fb4f0b2 roll up chi loop for gcc -Os 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-14 13:56:53 +00:00
Dave Rodgman
1cf3585ee4 pacify check-names 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-14 12:11:47 +00:00
Dave Rodgman
865480279c roll-up chi loop on clang 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-14 12:02:18 +00:00
Tom Cosgrove
1c0b1bffee
Merge pull request #8779 from gilles-peskine-arm/rsa-bitlen-fix 
Fix mbedtls_pk_get_bitlen for a key size that is not a multiple of 8
 2024-02-14 11:18:25 +00:00
Dave Rodgman
aaba623fb4 pacify check-names 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-14 10:52:54 +00:00
Dave Rodgman
a111c0c894 Improve docs; pacify check-names 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-14 09:36:33 +00:00
Tom Cosgrove
d26df72256
Merge pull request #8820 from gilles-peskine-arm/sha3-compressed-rc 
SHA3: Pack the iota round constants
 2024-02-14 09:33:50 +00:00
Ronald Cron
e273f7203d tls13: client: Improve CCS handling 
Call unconditionally the CCS writing function
when sending a CCS may be necessary in the
course of an handshake. Enforce in the writing
function and only in the writing function that
only one CCS is sent.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-14 10:24:00 +01:00
Valerio Setti
095e1ac71c pem: check data padding in DES/AES decrypted buffers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-14 06:44:07 +01:00
Dave Rodgman
6fd6542e9c Roll/unroll various bits 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-14 01:20:33 +00:00
Manuel Pégourié-Gonnard
e6c80bc6e5
Merge pull request #8755 from ronald-cron-arm/tls13-client-early-data-status 
TLS 1.3: Refine and test client early data status
 2024-02-13 20:36:42 +00:00
Dave Rodgman
418f859579 fix cast warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-13 19:43:49 +00:00
Dave Rodgman
cfb126f1ba Read pi table in 4-byte chunks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-13 19:01:57 +00:00
Dave Rodgman
d407e0df1b Read rho table in 4-byte chunks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-13 19:01:57 +00:00
Dave Rodgman
255a0f5916 Rotate right instead of left 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-13 18:42:20 +00:00
Gilles Peskine
f8b983c855 Pack the iota round constants 
This saves ~160 bytes of code size, at the cost of a bit of localized
complexity in the code. The impact on performance is measurable but small
(<5% observed on x86_64) and can go either way (there's a calculation vs
memory bandwidth compromise).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-13 18:14:58 +01:00
Dave Rodgman
1e23f938cb
Merge pull request #8817 from daverodgman/iar-pk-fix 
Compiler warning fixes
 2024-02-13 16:33:24 +00:00
Tom Cosgrove
8fe2e36de5
Merge pull request #8801 from gilles-peskine-arm/sha3-no-table 
Inline the SHA3 parameters table into a switch
 2024-02-13 14:06:44 +00:00
Dave Rodgman
b4cb8bef42 Fix remaining warnings from -Wshorten-64-to-32 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-13 13:41:16 +00:00
Dave Rodgman
aa74165948 Fix IAR cast warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-02-13 13:40:26 +00:00
Gilles Peskine
1d33876d37 Fix some preprocessor guards 
Fix the build in some configurations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 19:07:45 +01:00
Gilles Peskine
fc3d866ad2 mbedtls_pk_import_into_psa: implement and test 
Implement mbedtls_pk_import_into_psa for all PK types except RSA_ALT.
This covers importing a key pair, importing a public key and importing
the public part of a key pair.

Test mbedtls_pk_import_into_psa() with the output of
mbedtls_pk_get_psa_attributes(). Also unit-test mbedtls_pk_import_into_psa()
on its own to get extra coverage, mostly for negative cases.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 17:32:44 +01:00
Thomas Daubney
6adbb2a351 Implement safe buffer copying in asymm. encryption 
Use local copy buffer macros to implement safe
copy mechanism in asymmetric encryption API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:48:36 +00:00
Ryan Everett
91ce792253 Fix return code error when locking mutex 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-12 12:17:28 +00:00
Thomas Daubney
03f1ea3624 Change condition on wiping tag buffer 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:07:38 +00:00
Thomas Daubney
1ffc5cb4a5 Modify allocation and buffer wiping in sign_finish 
Allocate immediately after declaration and only wipe
tag buffer if allocation didn't fail.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:07:38 +00:00
Thomas Daubney
7480a74cba Fix code style 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:07:38 +00:00
Thomas Daubney
c6705c6cb2 Conditionally include exit label 
... on MAC functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:07:38 +00:00
Thomas Daubney
8db8d1a83e Implement safe buffer copying in MAC API 
Use buffer local copy macros to implement safe
copy mechanism in MAC API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 12:07:02 +00:00
Thomas Daubney
d2411565ce Fix code style 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:43:07 +00:00
Thomas Daubney
dedd1006b6 Conditionally include exit label 
...on hash functions where the label was only added
due to the modifications required by this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:43:07 +00:00
Thomas Daubney
51ffac9f40 Implement buffer copy code in psa_hash_compare 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:34:02 +00:00
Thomas Daubney
31d8c0bdb4 Make new internal function static 
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:34:02 +00:00
Thomas Daubney
1c5118e58c Implement safe buffer copying in hash API 
Use local copy buffer macros to implement safe
copy mechanism in hash API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2024-02-12 11:34:02 +00:00
Gilles Peskine
92fb604139 Fix mbedtls_pk_get_bitlen() for RSA with non-byte-aligned sizes 
Add non-regression tests. Update some test functions to not assume that
byte_length == bit_length / 8.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 11:24:08 +01:00
Gilles Peskine
19f1adfc69 New function mbedtls_rsa_get_bitlen() 
Document, implement and test mbedtls_rsa_get_bitlen().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-12 11:23:05 +01:00
Ryan Everett
e02b63ac89
Merge branch 'Mbed-TLS:development' into threadsafe-key-locking 2024-02-12 10:04:07 +00:00
Janos Follath
f741db3d6e
Merge pull request #8764 from Ryan-Everett-arm/threadsafe-key-wiping 
Make key destruction thread safe
 2024-02-12 09:37:59 +00:00
Manuel Pégourié-Gonnard
2e2af414d0
Merge pull request #7604 from zvolin/feature/pkcs5-aes 
Add AES encrypted keys support for PKCS5 PBES2
 2024-02-10 08:46:18 +00:00
David Horstmann
7175d71328 Remove unnecessary setting of status variable 
The status is guaranteed to be PSA_SUCCESS at these points, so setting
them is redundant.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-09 18:20:05 +00:00
Matthias Schulz
a6ac0f1330 Replaced MBEDTLS_GCM_LARGETABLE by MBEDTLS_GCM_LARGE_TABLE. Removed empty comment line in doc block. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2024-02-09 17:11:54 +01:00
Ryan Everett
ee5920a7d5
Fix error path in psa_key_derivation_output_bytes 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-09 15:09:28 +00:00
Ryan Everett
9dc076b4f4 Fix issue with lock failures returning CORRUPTION_DETECTED 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-09 14:20:09 +00:00
Ryan Everett
7fee4f7318 Fix mutex unlock error handling in psa_destroy_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-09 14:11:27 +00:00
Matthias Schulz
10902c5640
Use NULL for pointer initialization 
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Matthias Schulz <140500342+mschulz-at-hilscher@users.noreply.github.com>
 2024-02-09 11:14:50 +01:00
Ronald Cron
a93e25e749 tls12: Fix documentation of TLS 1.2 session serialized data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-09 10:01:30 +01:00
Valerio Setti
2653e92a57 pem: fix valid data length returned by mbedtls_pem_read_buffer() 
ctx->buflen now returns the amount of valid data in ctx->buf.
Unencrypted buffers were already ok, but encrypted ones were
used to return the length of the encrypted buffer, not the
unencrypted one.
This commit fix this behavior for encrypted buffers.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-09 06:42:18 +01:00
Valerio Setti
b1f6d2ad6f asn1: enable mbedtls_asn1_get_tag() when PEM_PARSE_C is defined 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-09 06:42:18 +01:00
Valerio Setti
9de84bd677 rsa: reject buffers with data outside main SEQUENCE when parsing keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-09 06:42:18 +01:00
Ryan Everett
791fc2e24c Merge remote-tracking branch 'upstream/development' into pkcs5_aes_new 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-02-08 14:26:29 +00:00