mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-09 12:40:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
18,405 Commits 171 Branches 263 Tags
Commit Graph

7931 Commits

Author SHA1 Message Date
Gabor Mezei
9a4074aa1e
Move mbedtls_ct_base64_enc_char function to the constant-time module 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-26 17:14:21 +01:00
Gabor Mezei
28d611559e
Move mbedtls_ct_uchar_mask_of_range function to the constant-time module 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-26 17:09:38 +01:00
Gabor Mezei
b8d78926eb
Rename functions to have suitable name 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-26 16:51:18 +01:00
Ronald Cron
c6e6f50d47 psa: cipher: Fix invalid output buffer usage in psa_cipher_encrypt() 
Don't use the output buffer in psa_cipher_encrypt()
to pass the generated IV to the driver as local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-26 15:46:20 +01:00
Ronald Cron
9b67428e22 psa: cipher: Add IV parameters to cipher_encrypt entry point 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-26 15:46:20 +01:00
Ronald Cron
2391952a4c psa: cipher: Align APIs execution flow 
Align the execution of cipher one-shot APIs with
that of cipher multi-part APIs: always exit
through the exit-labelled section.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-26 15:46:20 +01:00
Ronald Cron
2fb9052838 psa: cipher: Fix invalid output buffer usage in psa_cipher_generate_iv() 
Don't use the output buffer in psa_cipher_generate_iv()
to pass the generated IV to the driver as local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-26 15:46:20 +01:00
Gilles Peskine
8716f17961 Tweak whitespace for readability 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-26 12:47:55 +01:00
Gilles Peskine
2d8a182407 PSA global data: move fields around to save code size 
Move fields around to have fewer accesses outside the 128-element Thumb
direct access window.

Make the same change as in 2.27+, for the same small benefit.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/psa_crypto.o: 16434 -> 16414 (diff: 20)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-26 12:46:28 +01:00
Xiaofei Bai
6dc90da740 Rebased on 74217ee and add fixes 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:12:43 +00:00
Xiaofei Bai
9539501120 Rebase and add fixes 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:09:26 +00:00
Xiaofei Bai
feecbbbb93 Fix some variable names in code comment 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Xiaofei Bai
89b526da3e Fix some more variables names 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Xiaofei Bai
b7972840fd Fix variable names in ssl_tls13_keys.* 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Xiaofei Bai
eef150418f Fix variable names in ssl_tls13_generic/client.c 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Xiaofei Bai
746f9481ea Fix 1_3/13 usages in macros and function names 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
XiaokangQian
4d2329fd8a Change code based on reviews 
Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-25 02:21:16 +00:00
XiaokangQian
a83014db4a TLS1.3: Add signature scheme pkcs1 v1.5 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-25 02:21:16 +00:00
Gilles Peskine
e2d707fea5
Merge pull request #4866 from gabor-mezei-arm/3649_move_constant_time_functions_into_separate_module 
Move constant-time functions into a separate module
 2021-11-24 19:33:00 +01:00
Ronald Cron
b92b88cc4c
Merge pull request #5127 from xkqian/xkqian/pr/add_rsa_pss_rsae 
Xkqian/pr/add rsa pss rsae
 2021-11-24 14:22:30 +01:00
Gabor Mezei
685472bfb6
Update function name 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-24 11:17:36 +01:00
Gabor Mezei
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module 2021-11-24 10:44:13 +01:00
Gilles Peskine
0c9f058504
Merge pull request #5213 from tom-cosgrove-arm/pr_4950 
Fix GCM calculation with very long IV
 2021-11-22 22:22:37 +01:00
XiaokangQian
4b82ca1b70 Refine test code and test scripts 
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 05:50:12 +00:00
XiaokangQian
82d34ccf47 Add signature scheme rsa pss 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 05:50:12 +00:00
Paul Elliott
4086bdbe37 Better fix for empty password / salt 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-18 22:39:16 +00:00
Manuel Pégourié-Gonnard
146247de71
Merge pull request #5172 from bensze01/invalid_nonce_error 
PSA: Indicate in the error returned when we know that an AEAD nonce length is invalid, not just unsupported
 2021-11-18 09:41:12 +01:00
Ronald Cron
ac00659480
Merge pull request #5121 from yuhaoth/pr/add-wrapup-and-hello-test 
TLS1.3 MVP: Add finialize states and simplest test
 2021-11-18 09:11:53 +01:00
Bence Szépkúti
6d48e20d4b Indicate nonce sizes invalid for ChaCha20-Poly1305 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-11-17 18:06:11 +01:00
Bence Szépkúti
357b78e42c Indicate if we know that a nonce length is invalid 
This restores the behaviour found in the previously released versions
and development_2.x.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-11-17 18:06:04 +01:00
Manuel Pégourié-Gonnard
5a57a51ea5
Merge pull request #5180 from daverodgman/key_derivation_output_key_error_code 
Improve PSA error return code for psa_key_derivation_output_key
 2021-11-17 13:09:37 +01:00
Jerry Yu
a6e6c27bd3 Grouplize tls1_3 special functions 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-11-17 17:54:13 +08:00
Jerry Yu
cfe64f0b24 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-11-17 16:03:06 +08:00
Jerry Yu
378254d3e3 Implement handshake wrapup 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-11-17 16:03:06 +08:00
XiaokangQian
3ce4d51c11 Move set_outbound_transform to finalize server finished. 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-17 02:11:36 +00:00
Dave Rodgman
d69da6c3c3 Improve PSA error return code 
psa_key_derivation_output_key: prioritize BAD_STATE over NOT_PERMITTED

If psa_key_derivation_output_key() is called on an operation which hasn't been
set up or which has been aborted, return PSA_ERROR_BAD_STATE. Only return
PSA_ERROR_NOT_PERMITTED if the operation state is ok for
psa_key_derivation_input_bytes() or psa_key_derivation_output_bytes() but not
ok to output a key.

Ideally psa_key_derivation_output_key() would return PSA_ERROR_NOT_PERMITTED
only when psa_key_derivation_output_bytes() is possible, but this is clumsier
to implement.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-11-16 16:03:31 +00:00
XiaokangQian
a3087e881e Fix finished message decryption fail issue 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-16 02:38:45 +00:00
XiaokangQian
9ec8fcfddd Improve failure messag for calculating verify data 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 08:24:08 +00:00
XiaokangQian
dce82245ac Fix the compile issue about prepare message 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 06:01:26 +00:00
XiaokangQian
0fa6643eb5 Align coding stles and remove useless code 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
35dc625e37 Move the location of functions 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
8773aa0da9 Align coding styles in generic for client finish 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
cc90c94413 Rebase and change code 
Solve conflicts.
Rename functions
Align coding style

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
e1655e4db8 Change naming styles and fix ci failure 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
c00ba81310 Remove MBEDTLS_SSL_NEW_SESSION_TICKET in TLS1.3 MVP 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
eab1023dbf Fix some compiling errors for name mismatch 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
74af2a827e TLS1.3: Add client finish processing in client side 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
Ronald Cron
bb41a88f2e
Merge pull request #5120 from yuhaoth/pr/fix-memory-leak-and-version-header 
TLS1.3 :fix memory leak and version header
 2021-11-12 13:49:26 +01:00
Ronald Cron
28777db226
Merge pull request #4952 from xkqian/add_server_finished 
Add server finished
 2021-11-12 12:30:10 +01:00
Paul Elliott
853c0da8de Fix for pkcs12 with NULL or zero length password 
Previously passing a NULL or zero length password into either
mbedtls_pkcs12_pbe() or mbedtls_pkcs12_derive() could cause an infinate
loop, and it was also possible to pass a NULL password, with a non-zero
length, which would cause memory corruption.
I have fixed these errors, and improved the documentation to reflect the
changes and further explain what is expected of the inputs.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-11 19:26:37 +00:00