mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-22 13:20:50 +00:00

Author	SHA1	Message	Date
Gilles Peskine	7b333f1e88	Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime	2024-03-14 15:59:25 +00:00
Gilles Peskine	1c5ebf4352	Merge pull request #8697 from BensonLiou/random_bye_on_hrr Do not generate new random number while receiving HRR	2024-03-14 15:59:21 +00:00
Gilles Peskine	93b305dc8e	tls13: Use a flag not a counter for CCS and HRR handling Reconcile with 5fbd27055d15c8ac234a229389ff4e31977487a0 on another branch Signed-off-by: Gilles Peskine <gilles.peskine@arm.com>	2024-03-14 15:05:09 +01:00
Manuel Pégourié-Gonnard	93071cfeec	Merge pull request #8920 from valeriosetti/issue8919 Generalize some PK functions from MBEDTLS_PSA_CRYPTO_C to MBEDTLS_PSA_CRYPTO_CLIENT	2024-03-14 11:32:23 +00:00
BensonLiou	368debd384	Merge branch 'development' of https://github.com/Mbed-TLS/mbedtls into random_bye_on_hrr	2024-03-14 11:42:25 +08:00
Dave Rodgman	775c7768ee	Merge pull request #8877 from gilles-peskine-arm/split-minimal-3.6 Create a minimal framework submodule	2024-03-13 14:30:09 +00:00
Ronald Cron	40043d03a5	Merge pull request #8884 from ronald-cron-arm/improve-early-data-status TLS 1.3: CLI: Split early data user status and internal state	2024-03-13 11:59:49 +00:00
Dave Rodgman	e95bf79754	Merge pull request #8922 from daverodgman/gcc-o3 Fix gcc -O3 warnings	2024-03-13 11:47:14 +00:00
Dave Rodgman	386c39f2d5	Check gcc version Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-13 09:55:33 +00:00
Paul Elliott	4de4cc4a29	Merge pull request #8891 from Ryan-Everett-arm/document-SE_C-not-threadsafe Officially document non thread-safety of MBEDTLS_PSA_CRYPTO_SE_C	2024-03-13 09:42:49 +00:00
Valerio Setti	864a50b7c8	pk: uniformly guard set/get enrollment algorithm calls with CRYPTO_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-13 09:52:36 +01:00
Valerio Setti	c4c1d3af34	pk: use CRYPTO_CLIENT as guard for PK-PSA bridge functions instead of CRYPTO_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-13 09:52:36 +01:00
Ronald Cron	840de7ff2f	tls13: cli: Rename STATUS_NOT_SENT to STATUS_NOT_INDICATED Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	fd4c0c8b3d	tls13: cli: Fix comment Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	aa3593141b	tls13: cli: Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz from ssl.h(public) to ssl_misc.h(private) even if that means we cannot use the enum type for early_data_state in ssl.h. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	3641df2980	tls13: cli: Rename STATE_SENT to STATE_IND_SENT Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	3c5a68339b	tls13: cli: Rename STATE_NOT_SENT to STATE_NO_IND_SENT Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	0c80dc1ed5	tls13: cli: Rename STATUS_NOT_SENT to STATUS_NO_IND_SENT Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	05d7cfbd9c	tls13: cli: Rename STATE_UNKNOWN to STATE_IDLE Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	d2884662c1	tls13: cli: Split early data user status and internal state Do not use the return values of mbedtls_ssl_get_early_data_status() (MBEDTLS_SSL_EARLY_DATA_STATUS_ macros) for the state of the negotiation and transfer of early data during the handshake. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:15 +01:00
Dave Rodgman	4faa34dc86	Fix gcc -O3 warnings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-12 16:34:43 +00:00
Gilles Peskine	0dc79a754d	Fix and test pk_copy_from_psa with an unsupported algorithm Fix mbedtls_pk_copy_from_psa() and mbedtls_pk_copy_public_from_psa() to still work when the algorithm in the key policy is not an RSA algorithm (typically PSA_ALG_NONE). Add a dedicated test case and adjust the test code. Fixes the test case "Copy from PSA: non-exportable -> public, RSA" when MBEDTLS_PKCS1_V15 is disabled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 15:06:47 +01:00
Gilles Peskine	bf69f2e682	New function mbedtls_pk_copy_public_from_psa Document and implement mbedtls_pk_copy_public_from_psa() to export the public key of a PSA key into PK. Unit-test it alongside mbedtls_pk_copy_from_psa(). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-12 15:06:45 +01:00
Manuel Pégourié-Gonnard	d7e7f48323	Merge pull request #8774 from valeriosetti/issue8709 Implement mbedtls_pk_copy_from_psa	2024-03-12 13:45:27 +00:00
Ronald Cron	ec4ed8eae4	Merge pull request #8857 from ronald-cron-arm/tls13-cli-max-early-data-size TLS 1.3: Enforce max_early_data_size on client	2024-03-12 13:31:20 +00:00
Dave Rodgman	e0ffb1d2e9	Merge pull request #8908 from daverodgman/cmac-perf CMAC size and perf	2024-03-12 13:17:00 +00:00
Dave Rodgman	a7f3c4e1d0	Merge pull request #8822 from daverodgman/sha3-perf SHA-3 performance & code size	2024-03-12 13:14:40 +00:00
Dave Rodgman	d282e264cd	Fix IAR warning Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-11 15:28:48 +00:00
Dave Rodgman	9cc01ccbf8	Merge pull request #8831 from yanesca/switch_to_new_exp Use mpi_core_exp_mod in bignum	2024-03-11 13:40:46 +00:00
Paul Elliott	a09b01b5a8	Merge pull request #8912 from Ryan-Everett-arm/double-destroy-key-bugfix Fix threading bug when multiple destroy_key calls run on the same key	2024-03-11 12:04:04 +00:00
Janos Follath	23dc8b5fd8	Fix code style Co-authored-by: Dave Rodgman <dave.rodgman@arm.com> Signed-off-by: Janos Follath <janos.follath@arm.com>	2024-03-11 10:39:57 +00:00
Valerio Setti	e095a67bb2	pk: improve mbedtls_pk_copy_from_psa() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-11 11:34:58 +01:00
Valerio Setti	e700d8086e	rsa: rsa_rsassa_pss_sign() to check MD alg both in parameters and RSA context This helps fixing a disparity between the legacy and the USE_PSA case for rsa_sign_wrap() in pk_wrap.c. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-11 11:34:58 +01:00
Valerio Setti	a657ae388a	pk: pk_copy_from_psa() performs the conversion even if the algorithm doesn't match This commit also: - fixes existing tests and add new ones - updates documentation. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-11 11:34:58 +01:00
Valerio Setti	aeeefef64e	pk_wrap: use correct PSA alg in rsa_encrypt_wrap() when USE_PSA This bugfix was due in PR #8826, but we didn't catch that. This commit also add proper testing in test_suite_pk that was not implemented in #8826. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-11 11:34:58 +01:00
Valerio Setti	5ac511b45a	pk: let psa_export_key() check if the key is exportable or not Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-11 11:34:58 +01:00
Valerio Setti	3a815cbd2f	all.sh: keep RSA_C enabled in component_full_no_pkparse_pkwrite() This is possible because after #8740 RSA_C no longer depends on PK to parse and write private/public keys. This commit also solves related issues that arose after this change in "pk.c" and "test_suite_pk". In particular now we can use rsa's module functions for parsing and writing keys without need to rely on pk_parse and pk_write functions. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-11 11:34:53 +01:00
Janos Follath	adb9d2d822	Remove volatile from declaration Use of volatile is more an internal implementation detail (ensuring const-time) than part of the contract (the caller doesn't care about volatile as such). Signed-off-by: Janos Follath <janos.follath@arm.com>	2024-03-11 10:03:05 +00:00
Janos Follath	d6df0a5dac	Fix use of volatile We need the pointer, A, to be volatile, to ensure the reads happen. bits does not need to be volatile. Signed-off-by: Janos Follath <janos.follath@arm.com>	2024-03-11 09:40:03 +00:00
Janos Follath	b888bc0be6	Fix typo Signed-off-by: Janos Follath <janos.follath@arm.com>	2024-03-11 09:29:53 +00:00
Valerio Setti	1346075cfd	pk_ecc: fix documentation Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-11 09:48:40 +01:00
Valerio Setti	01ba66d56e	pk: replace CRYPTO_CLIENT guards with CRYPTO_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-11 09:48:40 +01:00
Valerio Setti	851f190da7	pk: move ECC setters to a separate file - These functions are used both in pkparse.c for key parsing as well as pk.c for managing copy_from_psa(). As as consequence they should belong to pk.c, but that would make that module messier, so that's why a new separate module is added. - Their guard can be changed from PKPARSE_C to PK_C. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-11 09:48:40 +01:00
Valerio Setti	070d95e958	pk: add mbedtls_pk_copy_from_psa() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-11 09:47:27 +01:00
Valerio Setti	3bfad3a8dc	pkparse: make EC/RSA setup functions internally available Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-11 09:37:33 +01:00
Manuel Pégourié-Gonnard	af3e574f5f	Merge pull request #8862 from valeriosetti/issue8825 Improve support of mbedtls_psa_get_random in client-only builds	2024-03-10 20:06:27 +00:00
Ronald Cron	61fd13c6a5	Merge remote-tracking branch 'mbedtls/development' into tls13-cli-max-early-data-size	2024-03-10 18:09:47 +01:00
Ronald Cron	9422725aba	tls13: cli: Discard ticket with zero lifetime Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-10 17:48:26 +01:00
Jerry Yu	ce79488dd5	tls13: srv: Fail connection if ticket lifetime exceed 7 days Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-10 17:42:43 +01:00
Ronald Cron	7e1f9f290f	Merge pull request #8854 from ronald-cron-arm/tls13-srv-max-early-data-size TLS 1.3: Enforce max_early_data_size on server	2024-03-09 00:16:07 +00:00

1 2 3 4 5 ...

13122 Commits