mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-05 18:40:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
16,033 Commits 171 Branches 263 Tags
Commit Graph

6974 Commits

Author SHA1 Message Date
Paul Elliott
96b0173cec Add common nonce checking to oneshot encrypt 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-21 18:51:23 +01:00
Paul Elliott
a561444561 Add missing space 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-21 18:51:23 +01:00
Paul Elliott
ed68d7464d Move buffer size checks up to psa_crypto layer 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-24 20:40:47 +01:00
Paul Elliott
c2b7144da0 Simplify logic and factor out initial checks 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-24 20:40:47 +01:00
Paul Elliott
7f429b747b Remove code duplication and fix formatting 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-24 20:40:47 +01:00
Paul Elliott
a8940ed876 Fix documented error codes 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-24 20:40:47 +01:00
Paul Elliott
cf2d66e022 Remove permitting of 8 byte nonce with PolyChaCha 
Also unify nonce length checking

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-23 18:50:59 +01:00
Paul Elliott
95271f10c3 Call set_nonce direct rather than by wrapper 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-23 18:30:20 +01:00
Paul Elliott
d7ab9f1260 Move the setting of id in driver wrappers 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-23 09:58:05 +01:00
Paul Elliott
ad53dcc975 Move common final checks to function 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-23 08:51:29 +01:00
Paul Elliott
534d0b4484 Finish / Verify state checks 
Ensure finish only called when encrypting and verify only called for
decrypting, and add tests to ensure this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 22:14:48 +01:00
Paul Elliott
f88a565f18 Better tag size default for m-aead finish 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 22:14:48 +01:00
Paul Elliott
d89304ebb7 Fix formatting issues 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 22:14:48 +01:00
Paul Elliott
e4030f2cd1 Replace function with macro that already exists 
I wrote a function to determine the base algorithm given a variant,
however this is already implemented by
PSA_ALG_AEAD_WITH_DEFAULT_LENGTH_TAG

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 22:14:48 +01:00
Paul Elliott
7220cae93c Ensure generate nonce unavailable in decrypt 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 22:14:47 +01:00
Paul Elliott
8eb9dafda1 Add generate nonce test 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 16:31:09 +01:00
Paul Elliott
1c8de15490 Update documentation to tally with recent changes 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 16:31:09 +01:00
Paul Elliott
bc94978d8c Add missing unused arguments 
No algorithm defined case generally doesn't use the operation.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-22 16:31:09 +01:00
Paul Elliott
40ef3a9454 Fix state logic and return codes 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-01 17:17:58 +01:00
Paul Elliott
83f09ef056 Proper multipart AEAD GCM Implementation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-06-01 17:17:47 +01:00
Paul Elliott
b2ce2ed6d8 Merge remote-tracking branch 'upstream/development' into psa-m-aead 
Conflicts:
* None
 2021-06-01 17:13:19 +01:00
Gilles Peskine
9f5c34cc88
Merge pull request #4596 from gilles-peskine-arm/nist_kw-null_dereference-3.0 
Fix null pointer arithmetic in NIST_KW
 2021-06-01 16:40:19 +02:00
Gilles Peskine
89ee599092 Fix null pointer arithmetic in error case 
When mbedtls_nist_kw_wrap was called with output=NULL and out_size=0, it
performed arithmetic on the null pointer before detecting that the output
buffer is too small and returning an error code. This was unlikely to have
consequences on real-world hardware today, but it is undefined behavior and
UBSan with Clang 10 flagged it. So fix it (fix #4025).

Fix a similar-looking pattern in unwrap, though I haven't verified that it's
reachable there.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-01 11:22:56 +02:00
Manuel Pégourié-Gonnard
6d84e917bb
Merge pull request #4568 from creiter32/to_upstream/csr_critical_extensions 
Expose flag for critical extensions
 2021-05-31 12:46:59 +02:00
Ronald Cron
ea62d2f391
Merge pull request #4369 from hanno-arm/relax_psk_config 
Implement relaxed semantics for static PSK configuration in Mbed TLS 3.0
 2021-05-31 10:03:56 +02:00
Ronald Cron
f1eb425782
Merge pull request #4469 from xiaoxiang781216/padlock 
aes: Check aes_padlock_ace > 0 before calling padlock
 2021-05-28 11:06:40 +02:00
Ronald Cron
c44a1d522a
Merge pull request #4507 from Venafi/userid-oid 
Add OID for User ID
 2021-05-28 10:43:41 +02:00
Christoph Reiter
95273f4b07 Expose flag for critical extensions 
Enables creating X.509 CSRs with critical extensions.

Signed-off-by: Christoph Reiter <christoph.reiter@infineon.com>
 2021-05-27 14:27:43 +02:00
Ronald Cron
142c205ffc
Merge pull request #4513 from Patater/psa-without-genprime-fix 
psa: Support RSA signature without MBEDTLS_GENPRIME
 2021-05-27 14:19:24 +02:00
TRodziewicz
46cccb8f39 _SSL_DTLS_BADMAC_LIMIT config.h option removed 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-26 13:36:21 +02:00
Gilles Peskine
b7abba28e3
Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2 
Remove rsa mode params part 2
 2021-05-25 20:36:33 +02:00
Gilles Peskine
8a5304d446
Merge pull request #4553 from gilles-peskine-arm/aria_alt-3.0 
Fix ARIA_ALT header and self-test and CAMELLIA_ALT self-test
 2021-05-25 20:32:40 +02:00
Gilles Peskine
c537aa83f4 CAMELLIA: add missing context init/free 
This fixes the self-test with alternative implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-25 09:23:10 +02:00
Gilles Peskine
be89fea1a7 ARIA: add missing context init/free 
This fixes the self-test with alternative implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-25 09:23:10 +02:00
TRodziewicz
4ca18aae38 Corrections after the code review 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 13:38:00 +02:00
TRodziewicz
6370dbeb1d Remove the _SSL_FALLBACK_ parts 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:49:59 +02:00
TRodziewicz
2d8800e227 Small corrections in the comments 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:49:24 +02:00
TRodziewicz
b5850c5216 Correction of too restrictive ssl cli minor check 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:49:15 +02:00
TRodziewicz
ef73f01927 Removing strayed dtls1 after doing tests 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:49:04 +02:00
TRodziewicz
28126050f2 Removal of constants and functions and a new ChangeLog file 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:48:12 +02:00
TRodziewicz
0f82ec6740 Remove the TLS 1.0 and 1.1 support 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:45:20 +02:00
Paul Elliott
3a16e014f2 Ensure tag lengths match in verification 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Paul Elliott
f47b0957ab Set tag to 'impossible' value on failure to encrypt 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Paul Elliott
6eb959854b Improve state logic 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Paul Elliott
6981fbcf10 Remove unneccessary guard for key unlock 
Also make sure failure is not hidden by key unlock failure

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Paul Elliott
e95259f833 Remove some CCM leftovers 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Thomas Daubney
d58ed587fd Restores erroneously removed checks 
Some padding checks in rsa.c were
erroneously removed in a previous
commit and are restored in this
commit.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-05-21 11:50:39 +01:00
Janos Follath
7fc487c4d6
Merge pull request #4347 from hanno-arm/ssl_session_cache_3_0 
Add session ID as an explicit parameter to SSL session cache API
 2021-05-21 09:28:55 +01:00
Ronald Cron
ca72287583
Merge pull request #4304 from mstarzyk-mobica/convert_NO_SHA384_to_positive 
Modify config option for SHA384.
 2021-05-21 08:04:33 +02:00
Paul Elliott
60aa203e30 Remove temporary AEAD CCM implementation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-20 22:44:32 +01:00