mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-13 15:40:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
23,199 Commits 170 Branches 263 Tags
Commit Graph

10237 Commits

Author SHA1 Message Date
Dave Rodgman
e8734d8a55
Apply suggestions from code review 
Two spelling fixes (changelog & a comment)

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-31 14:30:24 +00:00
Dave Rodgman
55fd0b9fc1
Merge pull request #6121 from daverodgman/pr277 
cert_write - add a way to set extended key usages - rebase
 2022-10-31 13:27:49 +00:00
Janos Follath
e50f2f1a8e Add mbedtls_mpi_core_ct_uint_table_lookup 
This will be needed for extracting modular exponentiation from the
prototype. The function signature is kept aligned to the prototype, but
the implementation is new. (The implementation of this function in the
prototype has further optimisations which are out of scope for now.)

The function is not reused in the bignum counterpart as it will become
redundant soon.

This function is meant to be static, but doesn't have the qualifier as
it is not used yet and would cause compiler warnings. The
MBEDTLS_STATIC_TESTABLE macro will be added in a later commit.

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2022-10-31 11:32:55 +00:00
Janos Follath
2dc2757cca
Merge pull request #6457 from minosgalanakis/minos/6017_update_modulus_lifecycle 
Bignum: Updated the modulus lifecyle
 2022-10-31 11:28:37 +00:00
Dave Rodgman
1a22bef116
Merge pull request #6190 from daverodgman/invalid-ecdsa-pubkey 
Improve ECDSA verify validation
 2022-10-31 09:37:26 +00:00
Jerry Yu
7a485c1fdf Add ext id and utilities 
- Remove `MBEDTLS_SSL_EXT_*`
- Add macros and functions for translating iana identifer.
- Add internal identity for extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
c4bf5d658e fix various issues 
- Signature of
  - mbedtls_tls13_set_hs_sent_ext_mask
  - check_received_extension and issues
- Also fix comment issue.
- improve readablity.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
03112ae022 change input extension_type 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
0c354a211b introduce sent/recv extensions field 
And remove `extensions_present`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
ffa1582793 move get_extension mask 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
9872eb2d69 change return type for unexpected extension 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
43ff252688 Remove unnecessary checks. 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
d15992d3ce fix wrong setting of unrecognized ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
6ba9f1c959 Add extension check for NewSessionTicket 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
2c5363e58b Add extension check for ServerHello and HRR 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
2eaa76044b Add extension check for Certificate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
c55a6af9eb Add extensions check for CertificateRequest 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
cbd082f396 Add extension check for EncryptedExtensions 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
e18dc7eb9a Add forbidden extensions check for ClientHello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
471dee5a12 Add debug helpers to track extensions 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
def7ae4404 Add auth mode check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-30 17:57:06 +08:00
Nick Child
5f39767495 pkcs7: Fix imports 
Respond to feedback about duplicate imports[1] and new import style [2].

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r991355485
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#pullrequestreview-1138745361
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-10-28 12:38:41 -05:00
Nick Child
bb82ab764f pkcs7: Respond to feeback on parsing logic 
After recieving review on the pkcs7 parsing functions, attempt
to use better API's, increase consisitency and use better
documentation. The changes are in response to the following
comments:
 - use mbedtls_x509_crt_parse_der instead of mbedtls_x509_crt_parse [1]
 - make lack of support for authenticatedAttributes more clear [2]
 - increment pointer in pkcs7_get_content_info_type rather than after [3]
 - rename `start` to `p` for consistency in mbedtls_pkcs7_parse_der [4]

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992509630
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992562450
[3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992741877
[4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992754103

Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-10-28 12:28:54 -05:00
Glenn Strauss
7db3124c00 Skip asn1 zeroize if freeing shallow pointers 
This skips zeroizing additional pointers to data.
(Note: actual sensitive data should still be zeroized when freed.)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-10-28 12:51:35 -04:00
Glenn Strauss
a4b4041219 Shared code to free x509 structs 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-10-28 12:51:35 -04:00
Nick Child
73621ef0f0 pkcs7: Improve verify logic and rebuild test data 
Various responses to feedback regarding the
pkcs7_verify_signed_data/hash functions. Mainly, merge these two
functions into one to reduce redudant logic [1]. As a result, an
identified bug about skipping over a signer is patched [2].

Additionally, add a conditional in the verify logic that checks if
the given x509 validity period is expired [3]. During testing of this
conditional, it turned out that all of the testing data was expired.
So, rebuild all of the pkcs7 testing data to refresh timestamps.

[1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r999652525
[2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r997090215
[3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967238206
Signed-off-by: Nick Child <nick.child@ibm.com>
 2022-10-28 11:24:25 -05:00
Ronald Cron
04e2133f45
Merge pull request #6482 from ronald-cron-arm/tls13-misc 
TLS 1.3: Update documentation for the coming release and misc
 2022-10-28 11:09:03 +02:00
Gilles Peskine
75c4eaf1f8
Merge pull request #5841 from aurel32/ecp_mul_mxz-timing-leak 
Fix a timing leak in ecp_mul_mxz()
 2022-10-27 19:46:48 +02:00
Minos Galanakis
4d4c98b1b9 bignum_mod: mbedtls_mpi_mod_modulus_setup() refactoring. 
This patch addresses more review comments, and fixes
a circular depedency in the `mbedtls_mpi_mod_modulus_setup()`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 17:47:26 +01:00
Minos Galanakis
771c47055f bignum_mod: Style changes 
This patch addresses review comments with regards to style of
`mbedtls_mpi_mod_modulus_setup/free()`.

It also removes a test check which was triggering a use-after-free.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 12:36:24 +01:00
Minos Galanakis
8b33363315 bignum_mod: Updated modulus lifecycle with mm and rr. 
This patch updates the `mbedtls_mpi_mod_modulus_setup/free()`
methods to precalculate mm and rr(Montgomery const squared) during
setup and zeroize it during free.

A static `set_mont_const_square()` is added to manage the memory allocation
and parameter checking before invoking the
`mbedtls_mpi_core_get_mont_r2_unsafe()`

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 11:43:54 +01:00
Minos Galanakis
760f5d6b6b bignum_mod: Updated mbedtls_mpi_mod_modulus_setup/free with new fields 
At the current state, those fields are initialised to 0, NULL.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 11:43:54 +01:00
Hanno Becker
cd860dfe02 bignum_mod: Added Montgomery constants 
This patch adds the Montgomery constants to the `mbedtls_mpi_mont_struct`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-27 11:43:54 +01:00
Gilles Peskine
9603daddaa
Merge pull request #6230 from tom-cosgrove-arm/issue-6223-core-add 
Bignum: extract core_add from the prototype
 2022-10-27 11:25:27 +02:00
Ronald Cron
77e15e8a2c
Merge pull request #6460 from xkqian/tls13_add_early_data_preparatory 
Internal and Open CI merge job ran successfully. Good to go.
 2022-10-27 10:40:56 +02:00
Gilles Peskine
88f5fd9099
Merge pull request #6479 from AndrzejKurek/depends-py-no-psa 
Enable running depends.py in a configuration without MBEDTLS_USE_PSA_CRYPTO and remove perl dependency scripts
 2022-10-26 20:02:57 +02:00
Gilles Peskine
d4d080b41b
Merge pull request #6407 from minosgalanakis/minos/6017_add_montgomery_constant_squared 
Bignum: Added pre-calculation of Montgomery constants
 2022-10-26 14:28:16 +02:00
Ronald Cron
4f7feca0dc
Merge pull request #6391 from davidhorstmann-arm/fix-x509-get-name-cleanup 
The Open CI ran successfully thus I think we can ignore the internal CI.
 2022-10-26 14:27:54 +02:00
Xiaokang Qian
72dbfef6e4 Improve coding styles 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-26 06:33:57 +00:00
Ronald Cron
eac00ad2a6 tls13: server: Note down client not being authenticated in SSL context 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-25 20:02:03 +02:00
Gilles Peskine
744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0 
Fix unusual macros
 2022-10-25 19:55:29 +02:00
Ronald Cron
a709a0f2c6 tls13: Declare PSK ephemeral key exchange mode first 
In the PSK exchange modes extension declare first
PSK ephemeral if we support both PSK ephemeral
and PSK. This is aligned with our implementation
giving precedence to PSK ephemeral over pure PSK
and improve compatibility with GnuTLS.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-25 19:05:26 +02:00
Tom Cosgrove
6469fdfb0a Fix whitespace issue spotted in review 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-10-25 16:29:58 +01:00
Tom Cosgrove
82f131063a Update documentation following review comment 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-10-25 16:29:58 +01:00
Tom Cosgrove
af7d44b4d2 Tidy up, remove MPI_CORE(), apply the naming convention, and use the new mbedtls_mpi_core_add() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-10-25 16:29:58 +01:00
Hanno Becker
c98871339d Extract MPI_CORE(add) from the prototype 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-10-25 16:29:58 +01:00
Minos Galanakis
a081c51cd3 Renamed mpi_core_get_mont_R2_unsafe_neg -> mpi_core_get_mont_r2_unsafe_neg 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:12:38 +01:00
Minos Galanakis
51d638baf6 bignum_core: Style update 
'mbedtls_mpi_core_get_mont_R2_unsafe' aligns const
keyword to match the style of the rest of the module.

Documentation is also updated to remove
`MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED`.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:12:38 +01:00
Minos Galanakis
ae4fb671b4 mbedtls_mpi_core_get_mont_R2_unsafe: Removed NULL input checking 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:12:38 +01:00
Minos Galanakis
b85506e250 bignum_core.h: Comment update for mbedtls_mpi_core_get_mont_R2_unsafe 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2022-10-25 15:12:23 +01:00