mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-03 20:54:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
18,626 Commits 170 Branches 263 Tags
Commit Graph

8037 Commits

Author SHA1 Message Date
吴敬辉
0b71611c80 [session] fix a session copy bug 
fix a possible double reference on 'ticket'
when peer_cert/peer_cert_digest calloc failed.

Signed-off-by: 吴敬辉 <11137405@vivo.com>
 2021-11-29 10:50:04 +08:00
Gabor Mezei
a09697527b
Add documentation for the functions 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-26 17:25:14 +01:00
Gabor Mezei
14d5fac11d
Unify function parameters 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-26 17:23:26 +01:00
Gabor Mezei
c0d8dda60d
Make mbedtls_ct_uchar_mask_of_range function static 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-26 17:20:36 +01:00
Gabor Mezei
d77b86cc5b
Delete base64_invasive.h due to functions are moved to the constant-time module 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-26 17:20:02 +01:00
Gabor Mezei
358829abc9
Move mbedtls_ct_base64_dec_value function to the constant-time module 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-26 17:14:52 +01:00
Gabor Mezei
9a4074aa1e
Move mbedtls_ct_base64_enc_char function to the constant-time module 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-26 17:14:21 +01:00
Gabor Mezei
28d611559e
Move mbedtls_ct_uchar_mask_of_range function to the constant-time module 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-26 17:09:38 +01:00
Gabor Mezei
b8d78926eb
Rename functions to have suitable name 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-26 16:51:18 +01:00
Ronald Cron
c6e6f50d47 psa: cipher: Fix invalid output buffer usage in psa_cipher_encrypt() 
Don't use the output buffer in psa_cipher_encrypt()
to pass the generated IV to the driver as local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-26 15:46:20 +01:00
Ronald Cron
9b67428e22 psa: cipher: Add IV parameters to cipher_encrypt entry point 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-26 15:46:20 +01:00
Ronald Cron
2391952a4c psa: cipher: Align APIs execution flow 
Align the execution of cipher one-shot APIs with
that of cipher multi-part APIs: always exit
through the exit-labelled section.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-26 15:46:20 +01:00
Ronald Cron
2fb9052838 psa: cipher: Fix invalid output buffer usage in psa_cipher_generate_iv() 
Don't use the output buffer in psa_cipher_generate_iv()
to pass the generated IV to the driver as local
attacker could potentially control it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-11-26 15:46:20 +01:00
Gilles Peskine
8716f17961 Tweak whitespace for readability 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-26 12:47:55 +01:00
Gilles Peskine
2d8a182407 PSA global data: move fields around to save code size 
Move fields around to have fewer accesses outside the 128-element Thumb
direct access window.

Make the same change as in 2.27+, for the same small benefit.

Results (arm-none-eabi-gcc 7.3.1, build_arm_none_eabi_gcc_m0plus build):
library/psa_crypto.o: 16434 -> 16414 (diff: 20)

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-26 12:46:28 +01:00
Xiaofei Bai
6dc90da740 Rebased on 74217ee and add fixes 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:12:43 +00:00
Xiaofei Bai
9539501120 Rebase and add fixes 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:09:26 +00:00
Xiaofei Bai
feecbbbb93 Fix some variable names in code comment 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Xiaofei Bai
89b526da3e Fix some more variables names 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Xiaofei Bai
b7972840fd Fix variable names in ssl_tls13_keys.* 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Xiaofei Bai
eef150418f Fix variable names in ssl_tls13_generic/client.c 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Xiaofei Bai
746f9481ea Fix 1_3/13 usages in macros and function names 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
XiaokangQian
4d2329fd8a Change code based on reviews 
Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-25 02:21:16 +00:00
XiaokangQian
a83014db4a TLS1.3: Add signature scheme pkcs1 v1.5 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-25 02:21:16 +00:00
Gilles Peskine
e2d707fea5
Merge pull request #4866 from gabor-mezei-arm/3649_move_constant_time_functions_into_separate_module 
Move constant-time functions into a separate module
 2021-11-24 19:33:00 +01:00
Ronald Cron
b92b88cc4c
Merge pull request #5127 from xkqian/xkqian/pr/add_rsa_pss_rsae 
Xkqian/pr/add rsa pss rsae
 2021-11-24 14:22:30 +01:00
Gabor Mezei
685472bfb6
Update function name 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-11-24 11:17:36 +01:00
Gabor Mezei
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module 2021-11-24 10:44:13 +01:00
Gilles Peskine
0c9f058504
Merge pull request #5213 from tom-cosgrove-arm/pr_4950 
Fix GCM calculation with very long IV
 2021-11-22 22:22:37 +01:00
XiaokangQian
4b82ca1b70 Refine test code and test scripts 
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 05:50:12 +00:00
XiaokangQian
82d34ccf47 Add signature scheme rsa pss 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 05:50:12 +00:00
Paul Elliott
4086bdbe37 Better fix for empty password / salt 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-11-18 22:39:16 +00:00
Manuel Pégourié-Gonnard
146247de71
Merge pull request #5172 from bensze01/invalid_nonce_error 
PSA: Indicate in the error returned when we know that an AEAD nonce length is invalid, not just unsupported
 2021-11-18 09:41:12 +01:00
Ronald Cron
ac00659480
Merge pull request #5121 from yuhaoth/pr/add-wrapup-and-hello-test 
TLS1.3 MVP: Add finialize states and simplest test
 2021-11-18 09:11:53 +01:00
Bence Szépkúti
6d48e20d4b Indicate nonce sizes invalid for ChaCha20-Poly1305 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-11-17 18:06:11 +01:00
Bence Szépkúti
357b78e42c Indicate if we know that a nonce length is invalid 
This restores the behaviour found in the previously released versions
and development_2.x.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-11-17 18:06:04 +01:00
Manuel Pégourié-Gonnard
5a57a51ea5
Merge pull request #5180 from daverodgman/key_derivation_output_key_error_code 
Improve PSA error return code for psa_key_derivation_output_key
 2021-11-17 13:09:37 +01:00
Jerry Yu
a6e6c27bd3 Grouplize tls1_3 special functions 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-11-17 17:54:13 +08:00
Jerry Yu
cfe64f0b24 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-11-17 16:03:06 +08:00
Jerry Yu
378254d3e3 Implement handshake wrapup 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-11-17 16:03:06 +08:00
XiaokangQian
3ce4d51c11 Move set_outbound_transform to finalize server finished. 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-17 02:11:36 +00:00
Dave Rodgman
d69da6c3c3 Improve PSA error return code 
psa_key_derivation_output_key: prioritize BAD_STATE over NOT_PERMITTED

If psa_key_derivation_output_key() is called on an operation which hasn't been
set up or which has been aborted, return PSA_ERROR_BAD_STATE. Only return
PSA_ERROR_NOT_PERMITTED if the operation state is ok for
psa_key_derivation_input_bytes() or psa_key_derivation_output_bytes() but not
ok to output a key.

Ideally psa_key_derivation_output_key() would return PSA_ERROR_NOT_PERMITTED
only when psa_key_derivation_output_bytes() is possible, but this is clumsier
to implement.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-11-16 16:03:31 +00:00
XiaokangQian
a3087e881e Fix finished message decryption fail issue 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-16 02:38:45 +00:00
XiaokangQian
9ec8fcfddd Improve failure messag for calculating verify data 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 08:24:08 +00:00
XiaokangQian
dce82245ac Fix the compile issue about prepare message 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 06:01:26 +00:00
XiaokangQian
0fa6643eb5 Align coding stles and remove useless code 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
35dc625e37 Move the location of functions 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
8773aa0da9 Align coding styles in generic for client finish 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
cc90c94413 Rebase and change code 
Solve conflicts.
Rename functions
Align coding style

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00
XiaokangQian
e1655e4db8 Change naming styles and fix ci failure 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-15 03:37:11 +00:00