mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-07 15:40:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
25,251 Commits 170 Branches 263 Tags
Commit Graph

25251 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Przemek Stekiel
a01c24227f Add test components: only PSK ephemeral ffdh, only ephemeral ffdh key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-13 10:46:48 +02:00
Przemek Stekiel
75a5a9c205 Code cleanup 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-13 09:57:23 +02:00
Przemek Stekiel
1051f856dc Re-enable MBEDTLS_DHM_C in tls13_only_psk, tls13_only_psk_ephemeral, tls13_only_psk_all 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-11 20:32:28 +02:00
Przemek Stekiel
ff9fcbcace ssl_client2, ssl_server2: code optimization + guards adaptation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:53:40 +02:00
Przemek Stekiel
a4700fa69d mbedtls_psa_ffdh_export_public_key: allow bigger output buffer 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel
da4fba64b8 Further code optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel
152bb4632b Adapt function names 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel
29c219c285 Combine mbedtls_ssl_tls13_generate_and_write_ecdh/ffdh_key_exchange functions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel
316c19ef93 Adapt guards, dependencies + optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel
e7db09bede Move FFDH helper functions and macros to more suitable locations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel
63706628d0 Adapt guards for FFDH 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel
947ff56c45 Replace deprecated functions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel
5e2f816c39 Fix test configs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel
f0d5df0c88 Add changelog entry (FFDH in TLS 1.3) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel
24e50d3dbd Compile out length check to silent the compiler warning 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel
250b9fde75 ssl-opt.sh: Add FFDH tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel
6d7da5ee1e Add FFDH support in client2, server2 applications 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel
c89f3ea9f2 Add support for FFDH in TLS 1.3 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel
cceb933e30 Add FFDH definitions and translation functions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:07 +02:00
Przemek Stekiel
060012c5fd ssl_write_supported_groups_ext(): add support for ffdh keys 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:07 +02:00
Przemek Stekiel
383f471bf4 Add the DHE groups to the default list of supported groups 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:07 +02:00
Gilles Peskine
265ce7c1da
Merge pull request #5451 from gilles-peskine-arm/psa-driver-kdf-spec 
PSA drivers: specification for key derivation
 2023-06-06 11:37:28 +02:00
Gilles Peskine
d1d08c67dd
Merge pull request #7699 from yuhaoth/bug/fix-file-missing-fail-on-development 
Fix file missing fail on development
 2023-06-06 10:17:24 +02:00
Jerry Yu
abf35d4ca3 Restore rsa_single_san_uri.crt.der 
The file is moved by #7617 and used by #7575. That causes
conflict.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-06-06 14:35:08 +08:00
Gilles Peskine
5c3d6e277c
Merge pull request #7575 from AndrzejKurek/URI-SAN-verification 
Add partial support for URI SubjectAltNames verification
 2023-06-05 16:46:47 +02:00
Gilles Peskine
b21f32eba6
Merge pull request #6257 from Laserdance100/development 
Change macros in mps_common.h
 2023-06-05 15:51:59 +02:00
Gilles Peskine
b47fb4cdd8
Merge pull request #7676 from valeriosetti/issue7485 
PK: add support for check_pair() with "opaque" EC keys
 2023-06-05 15:51:03 +02:00
Gilles Peskine
763c19afcb
Merge pull request #7639 from Taowyoo/yx/fix-time-tls13-client-server 
Fix: correct calling to time function in tls13 client&server
 2023-06-05 15:50:32 +02:00
Gilles Peskine
975d9c0faf
Merge pull request #7530 from AndrzejKurek/misc-subjectaltname-fixes 
Miscellaneous fixes for SubjectAltName code / docs
 2023-06-05 15:38:53 +02:00
Gilles Peskine
84b547b5ee
Merge pull request #7400 from AndrzejKurek/cert-write-sans 
Add a possibility to generate certificates with a Subject Alternative Name
 2023-06-05 15:38:38 +02:00
Gilles Peskine
f4ba0013e2 Clarify when key derivation entry points are mandatory/permitted 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-05 14:24:14 +02:00
Gilles Peskine
8dd1e623e1 Copyediting 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-05 14:14:41 +02:00
Valerio Setti
ede0c4676e pk_internal: minor rearrangement in mbedtls_pk_get_group_id() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-05 11:08:28 +02:00
valerio
6c666c6c8d test: add key pair check verification for opaque EC keys 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-06-05 11:05:40 +02:00
valerio
8cbef4d55e pk: allow key pair checking for opaque keys 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-06-05 11:05:40 +02:00
valerio
eab9a85f4c pk_wrap: add support for key pair check for EC opaque keys 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-06-05 11:05:40 +02:00
Manuel Pégourié-Gonnard
f37b94b5bf
Merge pull request #7533 from valeriosetti/issue7484 
PK: add support for private key writing with "opaque" EC keys
 2023-06-05 10:53:53 +02:00
Dave Rodgman
e0bd2c2375
Merge branch 'development' into development 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-04 14:57:19 -04:00
Gilles Peskine
7df8ba6a10 Rework the description of key derivation output/verify key 
Some of the fallback mechanisms between the entry points were not described
corrrectly.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-02 18:16:02 +02:00
Gilles Peskine
dcaf104eef Note that we may want to rename derive_key 
... if we think of a better name

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-02 18:02:41 +02:00
Gilles Peskine
f96a18edc7 Probably resolve concern about the input size for derive_key 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-02 18:02:15 +02:00
Gilles Peskine
1414bc34b9 Minor copyediting 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-02 17:54:32 +02:00
Andrzej Kurek
e773978e68 Remove unnecessary addition to buffer size estimation 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-02 09:42:44 -04:00
Tom Cosgrove
32b06f50df
Merge pull request #7650 from yanrayw/7360-code-size-tfm-medium 
code size measurement support for tfm-medium
 2023-06-02 13:25:26 +01:00
Tom Cosgrove
9dc219ff9b
Merge pull request #7668 from tom-daubney-arm/code_size_md_light 
Remove certain null pointer checks when only MD_LIGHT enabled
 2023-06-02 13:09:00 +01:00
Thomas Daubney
5903e9c428 Modify tests in response to review comments. 
Address the way the tests have been modified in
response to review comments.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-06-02 10:43:08 +01:00
Andrzej Kurek
f994bc51ad Refactor code in cert_write.c 
This way is more robust.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-02 05:10:17 -04:00
Andrzej Kurek
7c86974d6d Fix overflow checks in x509write_crt 
Previous ones could still overflow.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-02 05:02:41 -04:00
Andrzej Kurek
154a605ae8 Change the name of the temporary san variable 
Explain why it is used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-01 18:20:26 +01:00
Andrzej Kurek
1747304a7a Update the descriptions of SANs 
All of them are listed, so the previous description was wrong.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-01 18:20:24 +01:00