mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-30 15:32:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,218 Commits 170 Branches 263 Tags
Commit Graph

13149 Commits

Author SHA1 Message Date
Valerio Setti
d45836a1c3 pk_wrap: fix algorithm selection in rsa_opaque_decrypt() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 15:42:55 +01:00
Valerio Setti
4f3262de2d pk_wrap: fix algorithm selection in rsa_opaque_sign_wrap() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Valerio Setti
07500fd874 pk: check PK context type in mbedtls_pk_verify_ext() before trying RSA PSS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-18 16:22:33 +01:00
Paul Elliott
78064ac9e0
Merge pull request #8901 from paul-elliott-arm/make_psa_global_data_safe 
Make PSA global_data thread safe
 2024-03-15 19:50:01 +00:00
Paul Elliott
b24e36d07b Add explanatory comment for init flags 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 16:25:48 +00:00
Paul Elliott
d35dce6e23 Add comments about RNG mutex requirements 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 16:06:20 +00:00
Paul Elliott
0db6a9033a Start subsystem IDs at 1 instead of 0 
Catch potential invalid calls to init.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 16:06:20 +00:00
Paul Elliott
78279962d6 Fix minor style issues 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 13:34:01 +00:00
Waleed Elmelegy
4dfb0e7c90 Add ALPN checking when accepting early data 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-15 12:12:15 +00:00
Waleed Elmelegy
131b2ffd89 Fix bug in ALPN negotiating 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-15 12:12:15 +00:00
Ronald Cron
6bee910dbd
Merge pull request #8858 from waleed-elmelegy-arm/add_alpn_to_session 
Add ALPN information in session tickets
 2024-03-15 09:50:24 +00:00
Gilles Peskine
7b333f1e88
Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime 
TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime
 2024-03-14 15:59:25 +00:00
Gilles Peskine
1c5ebf4352
Merge pull request #8697 from BensonLiou/random_bye_on_hrr 
Do not generate new random number while receiving HRR
 2024-03-14 15:59:21 +00:00
Gilles Peskine
93b305dc8e
tls13: Use a flag not a counter for CCS and HRR handling 
Reconcile with 5fbd27055d15c8ac234a229389ff4e31977487a0 on another branch

Signed-off-by: Gilles Peskine <gilles.peskine@arm.com>
 2024-03-14 15:05:09 +01:00
Manuel Pégourié-Gonnard
93071cfeec
Merge pull request #8920 from valeriosetti/issue8919 
Generalize some PK functions from MBEDTLS_PSA_CRYPTO_C to MBEDTLS_PSA_CRYPTO_CLIENT
 2024-03-14 11:32:23 +00:00
BensonLiou
368debd384 Merge branch 'development' of https://github.com/Mbed-TLS/mbedtls into random_bye_on_hrr 2024-03-14 11:42:25 +08:00
Waleed Elmelegy
b28ab0a45a Fix code style in ssl_tls.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
daa4da781a Increase ALPN length in saved session to 2 bytes 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
5bc5263b2c Add code improvments and refactoring in dealing with ALPN 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
7dfba34475 Fix possible overflow in ALPN length when saving session 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
75e33fa12e Fix code style in ssl_tls.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
fe9ae085e3 Update serialized session description with ALPN information 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
1102563685 Add ALPN bit flag to session header 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
883f77cb08 Add mbedtls_ssl_session_set_alpn() function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
2824a209bc Add ALPN information in session tickets 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Dave Rodgman
775c7768ee
Merge pull request #8877 from gilles-peskine-arm/split-minimal-3.6 
Create a minimal framework submodule
 2024-03-13 14:30:09 +00:00
Paul Elliott
838886da64 Protect the key slot management initialised flag 
Use the global data mutex, as the key slot mutex has to be held in some
of the functions where we are testing the flag, and we already hold the
global data mutex when calling the functions where the flag is set.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-13 12:39:02 +00:00
Paul Elliott
47cee8e2ee Add mbedtls_psa_crypto_init_subsystem() 
Internal only for now, but can be made external with some more
work. Break up psa_crypto_init into chunks to prevent deadlocks when
initialising RNG, likewise break up mbedtls_crypto_free() to stop having
to hold more than one mutex at a time.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-13 12:39:02 +00:00
Ronald Cron
40043d03a5
Merge pull request #8884 from ronald-cron-arm/improve-early-data-status 
TLS 1.3: CLI: Split early data user status and internal state
 2024-03-13 11:59:49 +00:00
Dave Rodgman
e95bf79754
Merge pull request #8922 from daverodgman/gcc-o3 
Fix gcc -O3 warnings
 2024-03-13 11:47:14 +00:00
Dave Rodgman
386c39f2d5 Check gcc version 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-13 09:55:33 +00:00
Paul Elliott
4de4cc4a29
Merge pull request #8891 from Ryan-Everett-arm/document-SE_C-not-threadsafe 
Officially document non thread-safety of MBEDTLS_PSA_CRYPTO_SE_C
 2024-03-13 09:42:49 +00:00
Valerio Setti
864a50b7c8 pk: uniformly guard set/get enrollment algorithm calls with CRYPTO_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-13 09:52:36 +01:00
Valerio Setti
c4c1d3af34 pk: use CRYPTO_CLIENT as guard for PK-PSA bridge functions instead of CRYPTO_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-13 09:52:36 +01:00
Ronald Cron
840de7ff2f tls13: cli: Rename STATUS_NOT_SENT to STATUS_NOT_INDICATED 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
fd4c0c8b3d tls13: cli: Fix comment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
aa3593141b tls13: cli: Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz 
Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
from ssl.h(public) to ssl_misc.h(private) even if
that means we cannot use the enum type for
early_data_state in ssl.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
3641df2980 tls13: cli: Rename STATE_SENT to STATE_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
3c5a68339b tls13: cli: Rename STATE_NOT_SENT to STATE_NO_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
0c80dc1ed5 tls13: cli: Rename STATUS_NOT_SENT to STATUS_NO_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
05d7cfbd9c tls13: cli: Rename STATE_UNKNOWN to STATE_IDLE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
d2884662c1 tls13: cli: Split early data user status and internal state 
Do not use the return values of
mbedtls_ssl_get_early_data_status()
(MBEDTLS_SSL_EARLY_DATA_STATUS_ macros)
for the state of the negotiation and
transfer of early data during the
handshake.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:15 +01:00
Dave Rodgman
4faa34dc86 Fix gcc -O3 warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-12 16:34:43 +00:00
Paul Elliott
358165246b Protect PSA drivers_initialized with mutex 
Writes to this in psa_crypto_init() were again already covered.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-12 15:36:57 +00:00
Paul Elliott
8e15153637 Protect PSA global rng data with mutex. 
Reads and writes of rng_state in psa_crypto_init() and psa_crypto_free()
were already covered by mutex.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-12 15:36:57 +00:00
Paul Elliott
600472b443 Protect PSA global initialized flag with mutex. 
Unfortunately this requires holding the mutex for the entire
psa_crypto_init() function, as calling psa_crypto_free() from another
thread should block until init has ended, then run.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-12 15:36:57 +00:00
Paul Elliott
b8e38e0e27 Add new mutex for PSA global rng data 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-12 15:36:57 +00:00
Paul Elliott
077fd87748 Add new global mutex for PSA global_data 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-12 15:36:57 +00:00
Gilles Peskine
0dc79a754d Fix and test pk_copy_from_psa with an unsupported algorithm 
Fix mbedtls_pk_copy_from_psa() and mbedtls_pk_copy_public_from_psa() to
still work when the algorithm in the key policy is not an RSA
algorithm (typically PSA_ALG_NONE). Add a dedicated test case and adjust the
test code. Fixes the test case "Copy from PSA: non-exportable -> public, RSA"
when MBEDTLS_PKCS1_V15 is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
bf69f2e682 New function mbedtls_pk_copy_public_from_psa 
Document and implement mbedtls_pk_copy_public_from_psa() to export the
public key of a PSA key into PK.

Unit-test it alongside mbedtls_pk_copy_from_psa().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:45 +01:00