mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-05 09:40:32 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
20,721 Commits 170 Branches 263 Tags
Commit Graph

5305 Commits

Author SHA1 Message Date
Werner Lewis
dd76ef359d Refactor AES context to be shallow-copyable 
Replace RK pointer in AES context with a buffer offset, to allow
shallow copying. Fixes #2147.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-29 16:17:50 +01:00
Gilles Peskine
955993c4b5 For status values, the macro expansions must not change either 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-29 14:37:17 +02:00
Ronald Cron
7898fd456a
Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server 
TLS 1.3 server: Send dummy change_cipher_spec records

The internal CI PR-merge job ran successfully thus good to go.
 2022-06-29 09:47:49 +02:00
Gilles Peskine
7d14c19730
Merge pull request #5905 from gilles-peskine-arm/changelog-improvements-20220609-development 
Changelog improvements before the 3.2 release
 2022-06-28 21:00:10 +02:00
Glenn Strauss
999ef70b27 Add accessors to config DN hints for cert request 
mbedtls_ssl_conf_dn_hints()
mbedtls_ssl_set_hs_dn_hints()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-06-28 12:43:59 -04:00
Neil Armstrong
9f4606e6d2 Rename mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX in mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-28 18:12:17 +02:00
Neil Armstrong
0c9c10a401 Introduce mbedtls_ssl_get_ciphersuite_sig_pk_ext_alg() and use it in ssl_pick_cert() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-28 18:10:48 +02:00
Gabor Mezei
f7044eaec8
Fix name 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-28 16:01:49 +02:00
Summer Qin
9f2596f387 Add MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C 
MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C are needed
when PSA_WANT_ALG_CHACHA20_POLY1305 is defined

Signed-off-by: Summer Qin <summer.qin@arm.com>
 2022-06-28 17:56:27 +08:00
Glenn Strauss
01d2f52a32 Inline mbedtls_x509_dn_get_next() in x509.h 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-06-27 14:20:07 -04:00
Przemek Stekiel
18399d8d53 Add comment to config_psa.h about enabling PSA_HKDF/PSA_HKDF_EXRACT/PSA_HKDF_EXPAND algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-27 15:36:06 +02:00
Manuel Pégourié-Gonnard
93a7f7d7f8
Merge pull request #5954 from wernerlewis/x509_next_merged 
Add mbedtls_x509_dn_get_next function
 2022-06-24 09:59:22 +02:00
Manuel Pégourié-Gonnard
4cfaae5b6b Save code size by calling get_type only once 
This is an external function, so in the absence of link-time
optimisation (LTO) the compiler can't know anything about it and has to
call it the number of times it's called in the source code.

This only matters for pk_ec, but change pk_rsa as well for the sake of
uniformity.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-23 09:43:39 +02:00
Gabor Mezei
7b39bf178e
Send dummy change_cipher_spec records from TLS 1.3 server 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-22 17:07:21 +02:00
Przemek Stekiel
b33bd19197 Enable HKDF EXTRACT/EXPAND algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-21 09:58:51 +02:00
Manuel Pégourié-Gonnard
22e84de971 Improve contract of mbedtls_pk_ec/rsa() 
Trusting the caller to perform the appropriate check is both risky, and
a bit user-unfriendly. Returning NULL on error seems both safer
(dereferencing a NULL pointer is more likely to result in a clean crash,
while mis-casting a pointer might have deeper, less predictable
consequences) and friendlier (the caller can just check the return
value for NULL, which is a common idiom).

Only add that as an additional way of using the function, for the sake
of backwards compatibility. Calls where we know the type of the context
for sure (for example because we just set it up) were legal and safe, so
they should remain legal without checking the result for NULL, which
would be redundant.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard
1c91b0c434 Clarify warning about mbedtls_pk_ec/rsa() 
The previous wording "ensure it holds an XXX" context did not mean
anything without looking at the source.

Looking at the source, the criterion is:
- for mbedtls_pk_rsa(), that the info structure uses rsa_alloc_wrap;
- for mbedtls_pk_ec(), that it uses eckey_alloc_wrap or
ecdsa_alloc_wrap, since mbedtls_ecdsa_context is a typedef for
mbedtls_ecp_keypair. (Note that our test code uses mbedtls_pk_ec() on
contexts of type MBEDTLS_PK_ECDSA.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-06-20 21:12:29 +02:00
Gilles Peskine
4b873874a3 Backward compatibility: the key store with drivers 
Promise that we will try to keep backward compatibility with basic driver
usage, but not with more experimental aspects.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-20 18:50:09 +02:00
Gilles Peskine
98473c4523 Officially deprecate MBEDTLS_PSA_CRYPTO_SE_C 
This was intended as experimental, and we've been saying for a long time
that it's superseded by the "unified driver interface", but we hadn't
documented that inside the Mbed TLS source code. So announce it as
deprecated.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-20 18:46:22 +02:00
Gilles Peskine
7973399f7b Add compatibility notes regarding values embedded in the key store 
Certain numerical values are written to the key store. Changing those
numerical values would break the backward compatibility of stored keys. Add
a note to the affected types. Add comments near the definitions of affected
values.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-20 18:41:20 +02:00
Gilles Peskine
f070a5e5d5 Document how PSA identifiers are generally constructed 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-20 18:40:45 +02:00
Gilles Peskine
36aeb7f163
Merge pull request #5834 from mprse/HKDF_1 
HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms
 2022-06-20 15:27:46 +02:00
Werner Lewis
2f1d51070c Fix incorrect param in function declaration 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-20 11:48:35 +01:00
Werner Lewis
b3acb053fb Add mbedtls_x509_dn_get_next function 
Allow iteration through relative DNs when X509 name contains multi-
value RDNs.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-17 16:40:55 +01:00
Tuvshinzaya Erdenekhuu
44baacd089 Update documenation of PSA_ALG_RSA_PSS 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-06-17 12:10:35 +01:00
Gilles Peskine
9b3278b263 Doc: the SHA256/SHA512 options also cover SHA224/SHA384 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-09 19:09:38 +02:00
Paul Elliott
5f2bc754d6
Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests 
Pr/add-tls13-moving-state-tests
 2022-06-08 13:39:52 +01:00
Dave Rodgman
4b55a89327
Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor 
Add accessor for x509 certificate extension types
 2022-06-06 21:51:38 +01:00
Thomas Daubney
a5f39e0ec2 Move accessor definition 
Move the definition of the accessor so that it is not defined
within the MBEDTLS_X509_CRT_WRITE_C guards. Thus remove the
dependency from the test and test cases.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-06 15:42:32 +01:00
Przemek Stekiel
3e8249cde0 Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
Przemek Stekiel
73f97d4841 PSA_ALG_HKDF: add salt processing warning 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
Przemek Stekiel
a29b488296 Optimize code by adding PSA_ALG_IS_ANY_HKDF macro 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:09 +02:00
Przemek Stekiel
459ee35062 Fix typo and style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-02 11:16:52 +02:00
Thomas Daubney
979aa49d1c Add accessor for x509 certificate extension types 
Add accessor for x509 certificate extension types

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-01 10:22:14 +01:00
Gilles Peskine
09858ae664
Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa 
Deprecate mbedtls_cipher_setup_psa()
 2022-05-31 10:56:52 +02:00
Janos Follath
07c2e5e6d5
Merge pull request #5860 from superna9999/4745-psa-jpake-api-fixes 
PSA J-PAKE API has missing elements and confusing documentation
 2022-05-31 08:27:32 +01:00
Jerry Yu
4dec0e5329 fix state undeclare error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Neil Armstrong
ccffab38a3 Remove linkage documentation on PAKE cipher-suite helpers 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-30 15:49:21 +02:00
Dave Rodgman
52625b739e
Merge pull request #5876 from tom-cosgrove-arm/fix-typos-220526 
Fix spelling and typographical errors found by cspell
 2022-05-30 11:35:55 +01:00
Janos Follath
1bc0ca4ed3
Merge pull request #5875 from Summer-ARM/mbedtls-psa-crypto-config 
Remove duplicated PSA_WANT_ALG_CMAC in crypto_config.h
 2022-05-30 09:41:48 +01:00
Neil Armstrong
5ed8a0ec73 Overall PSA PAKE API style issues fixes 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-27 09:47:53 +02:00
Neil Armstrong
5892aa69e3 Fix typo in PSA_ALG_JPAKE documentation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-27 09:44:47 +02:00
Tom Cosgrove
1e21144194 Fix spelling and typographical errors found by cspell 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-05-26 11:51:00 +01:00
Summer Qin
f0b4253c68 Remove duplicated PSA_WANT_ALG_CMAC in crypto_config.h 
Signed-off-by: Summer Qin <summer.qin@arm.com>
 2022-05-26 09:38:33 +08:00
XiaokangQian
6b916b1616 Add client certificate parse and certificate verify 
Change-Id: I638db78922a03db6f8bd70c6c5f56fb60365547d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-26 00:40:53 +00:00
Neil Armstrong
ef15751f08 PSA PAKE API typos in documentation fixes 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-25 11:49:45 +02:00
Neil Armstrong
72ab56a1fe Overall PSA PAKE API style issues fixes 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-25 11:48:37 +02:00
Neil Armstrong
eb93a6f1d8 Use PSA_ALG_NONE in PSA_PAKE_OPERATION_INIT to init psa_algorithm_t 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-25 11:41:05 +02:00
Neil Armstrong
2056ce5111 Fix PSA_PAKE_OUTPUT_MAX_SIZE/PSA_PAKE_INPUT_MAX_SIZE commment about parameters to PSA_PAKE_OUTPUT_SIZE/PSA_PAKE_INPUT_SIZE 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-05-25 11:38:15 +02:00
Manuel Pégourié-Gonnard
69e348db85
Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa 
Permissions 1: create `mbedtls_pk_can_do_ext()`
 2022-05-23 10:58:32 +02:00