mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-05 18:40:01 +00:00

Author	SHA1	Message	Date
gabor-mezei-arm	a9449a0b07	Dispatch cipher functions through the driver interface Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-06-29 19:48:59 +02:00
gabor-mezei-arm	ba0fa75eae	Implement one-shot cipher Implement one-shot cipher APIs, psa_cipher_encrypt and psa_cipher_decrypt, introduced in PSA Crypto API 1.0. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-06-29 19:14:34 +02:00
gabor-mezei-arm	95180fe808	Fix comment Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-06-29 17:06:33 +02:00
gabor-mezei-arm	43110b6b2c	Do key usage policy extension when loading keys Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-06-29 17:05:49 +02:00
Dave Rodgman	39bd5a655e	Address review comment Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-29 15:25:21 +01:00
Dave Rodgman	c50b717a19	Update a couple of ssl error codes Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-29 14:40:23 +01:00
Dave Rodgman	bed8927538	Correct some TLS alerts and error codes Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-29 12:06:44 +01:00
Dave Rodgman	bb05cd09b7	Remove MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-29 10:41:06 +01:00
Dave Rodgman	53c8689e88	Introduce new TLS error codes Introduce new codes: * MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION * MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL These are returned when the corresponding alert is raised. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-29 10:02:06 +01:00
Dave Rodgman	096c41111e	Remove MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-29 09:52:06 +01:00
Dave Rodgman	43fcb8d7c1	Address review feedback Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-29 08:57:19 +01:00
Ronald Cron	8682faeb09	Merge pull request #4694 from gilles-peskine-arm/out_size-3.0 Add output size parameter to signature functions	2021-06-29 09:43:17 +02:00
TRodziewicz	2abf03c551	Remove all TLS 1.0 and 1.1 instances and add some compatibility tests Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-28 14:36:37 +02:00
Dave Rodgman	e8dbd53966	Update error code for cert parsing failure Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-28 12:35:08 +01:00
Dave Rodgman	5f8c18b0d0	Update error code from ssl_parse_signature_algorithm Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-28 12:35:08 +01:00
Dave Rodgman	8f127397f8	Update alert message for parsing PSK hint Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	77b4a6592a	Address review feedback Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	2fc9a652bc	Address review feedback Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	90d59dddf5	Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	c3411d4041	Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	9ed1ba5926	Rename MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE New name MBEDTLS_ERR_SSL_BAD_CERTIFICATE Also, replace some instances of MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE by MBEDTLS_ERR_SSL_DECODE_ERROR and MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER as fit. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	5697af0d3d	Remove MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	cbc8f6fd5d	Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE Signed-off-by: Hanno Becker <hanno.becker@arm.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-28 12:35:08 +01:00
Hanno Becker	a0ca87eb68	Remove MBEDTLS_ERR_SSL_BAD_HS_FINISHED Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	d934a2aafc	Remove MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	d3eec78258	Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	666b5b45f7	Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	029cc2f97b	Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	b24e74bff7	Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP error code Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	241c19707b	Remove MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Hanno Becker	bc00044279	Rename MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION New name is MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-28 12:35:07 +01:00
Bence Szépkúti	bb0cfeb2d4	Rename config.h to mbedtls_config.h This commit was generated using the following script: # ======================== #!/bin/sh git ls-files \| grep -v '^ChangeLog' \| xargs sed -b -E -i ' s/((check\|crypto\|full\|mbedtls\|query)_config)\.h/\1\nh/g s/config\.h/mbedtls_config.h/g y/\n/./ ' mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:33 +01:00
Bence Szépkúti	c662b36af2	Replace all inclusions of config.h Also remove preprocessor logic for MBEDTLS_CONFIG_FILE, since build_info.h alreadyy handles it. This commit was generated using the following script: # ======================== #!/bin/sh git ls-files \| grep -v '^include/mbedtls/build_info\.h$' \| xargs sed -b -E -i ' /^#if !?defined$MBEDTLS_CONFIG_FILE$/i#include "mbedtls/build_info.h" //,/^#endif/d ' # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:24:07 +01:00
Dave Rodgman	10bda58b49	Merge pull request #4259 from CJKay/cmake-config Add CMake package config file	2021-06-25 20:32:13 +01:00
Dave Rodgman	63ad854de8	Merge pull request #4712 from daverodgman/psa_cipher_and_mac_abort_on_error Psa cipher and mac abort on error	2021-06-25 15:39:59 +01:00
Janos Follath	83e384da59	Fix unused parameter warning Signed-off-by: Janos Follath <janos.follath@arm.com>	2021-06-25 15:29:56 +01:00
Janos Follath	1107ee4e44	Add prefix to BYTES_TO_T_UINT_* These macros were moved into a header and now check-names.sh is failing. Add an MBEDTL_ prefix to the macro names to make it pass. Signed-off-by: Janos Follath <janos.follath@arm.com>	2021-06-25 12:46:40 +01:00
Dave Rodgman	90d1cb83a0	Use more standard label name Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-25 09:09:02 +01:00
Ronald Cron	3698fa1043	Merge pull request #4673 from gilles-peskine-arm/psa_crypto_spm-from_platform_h Fix and test the MBEDTLS_PSA_CRYPTO_SPM build	2021-06-25 09:01:08 +02:00
Gilles Peskine	f9f1bdfa7b	Translate MBEDTLS_ERR_PK_BUFFER_TOO_SMALL for PSA The error is currently never returned to any function that PSA calls, but keep mbedtls_to_psa_error up to date in case this changes. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-25 00:46:22 +02:00
Gilles Peskine	908982b275	Fix the build with MBEDTLS_ECP_RESTARTABLE enabled Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-25 00:46:22 +02:00
Gilles Peskine	16fe8fcef3	Fix unused variable warning Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-25 00:46:22 +02:00
Gilles Peskine	f00f152444	Add output size parameter to signature functions The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(), mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable() now take an extra parameter indicating the size of the output buffer for the signature. No change to RSA because for RSA, the output size is trivial to calculate. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-25 00:46:22 +02:00
Gilles Peskine	1fed4b8324	Merge pull request #4720 from gilles-peskine-arm/gcm-finish-outlen Add output_length parameter to mbedtls_gcm_finish	2021-06-24 20:02:40 +02:00
Dave Rodgman	8036bddb01	Tidy up logic in psa_mac_sign_finish Simplify the logic in psa_mac_sign_finish. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-24 16:19:08 +01:00
Dave Rodgman	b5dd7c794d	Correct coding style issues Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2021-06-24 16:17:43 +01:00
Janos Follath	865a75e95b	Reject low-order points on Curve448 early We were already rejecting them at the end, due to the fact that with the usual (x, z) formulas they lead to the result (0, 0) so when we want to normalize at the end, trying to compute the modular inverse of z will give an error. If we wanted to support those points, we'd a special case in ecp_normalize_mxz(). But it's actually permitted by all sources (RFC 7748 say we MAY reject 0 as a result) and recommended by some to reject those points (either to ensure contributory behaviour, or to protect against timing attack when the underlying field arithmetic is not constant-time). Since our field arithmetic is indeed not constant-time, let's reject those points before they get mixed with sensitive data (in ecp_mul_mxz()), in order to avoid exploitable leaks caused by the special cases they would trigger. (See the "May the Fourth" paper https://eprint.iacr.org/2017/806.pdf) Signed-off-by: Janos Follath <janos.follath@arm.com>	2021-06-24 15:34:59 +01:00
Janos Follath	8b8b781524	Use mbedtls_mpi_lset() more Signed-off-by: Janos Follath <janos.follath@arm.com>	2021-06-24 15:00:33 +01:00
Janos Follath	8c70e815dd	Move mpi constant macros to bn_mul.h Signed-off-by: Janos Follath <janos.follath@arm.com>	2021-06-24 14:48:38 +01:00
Janos Follath	8081ced91d	Prevent memory leak in ecp_check_pubkey_x25519() Signed-off-by: Janos Follath <janos.follath@arm.com>	2021-06-24 14:24:13 +01:00

1 2 3 4 5 ...

7244 Commits