mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-09 12:40:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
23,890 Commits 171 Branches 263 Tags
Commit Graph

23890 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Demi Marie Obenour
512818b1d2 pkcs7: check that content lengths fill whole buffer 
Otherwise invalid data could be accepted.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-10 12:56:10 +00:00
Dave Rodgman
a22749e749
Merge pull request #6816 from nick-child-ibm/pkcs7_coverage 
Pkcs7 coverage
 2023-02-10 12:55:29 +00:00
Tom Cosgrove
b96c309395 Don't use lstrlenW() on Windows 
The lstrlenW() function isn't available to UWP apps, and isn't necessary, since
when given -1, WideCharToMultiByte() will process the terminating null character
itself (and the length returned by the function includes this character).

Resolves #2994

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-02-10 12:52:13 +00:00
Ronald Cron
834e65d47f
Merge pull request #6499 from xkqian/tls13_write_end_of_early_data 
Tls13 write end of early data
 2023-02-10 11:08:22 +01:00
Manuel Pégourié-Gonnard
cf1c16af6e
Merge pull request #6925 from gilles-peskine-arm/coding-style-doc 
Switch to the new coding style: documentation
 2023-02-10 10:05:27 +01:00
Pengyu Lv
b10cf0dd39 adjust help message 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-10 11:06:36 +08:00
Pengyu Lv
a4e1eece3d print skipped file names to stdout 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-10 10:55:29 +08:00
Dave Rodgman
78c6f40736
Fix code-style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-09 09:21:14 +00:00
Manuel Pégourié-Gonnard
2189fda914 Use TEST_EQUAL in one more place in test_suite_md 
The only remaining occurrences of TEST_ASSERT are now pointer comparison,
to NULL or to a reference md_info. That is, the output of the following
command is empty:

    grep TEST_ASSERT tests/suites/test_suite_md.function |
        egrep -v '= NULL|== md_info|md_info =='

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-09 09:18:22 +01:00
Manuel Pégourié-Gonnard
a9a1b21ca9 Use ASSERT_COMPARE in test_suite_md 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-02-09 09:15:50 +01:00
Dave Rodgman
4f70b3cdb4
Fix pylint warning 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-08 16:40:40 +00:00
Nick Child
14f255f332 pkcs7: Remove unnecessary dependencies 
stdio, stdlib and string header files are not
used. Remove them.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-02-08 15:38:48 +00:00
Nick Child
c7c94df715 pkcs7/test: Format generate test script 
Adhere to syntax and format recommendations
from check-python-files.py

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-02-08 15:38:48 +00:00
Valerio Setti
00a6c6fcbe test: fix for using proper sign/verify macros 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti
40df83509b all.sh: fix comment for test_psa_crypto_config_accel_ecdsa_use_psa 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti
ce0caa3384 oid: fix comment in #endif 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti
fcc6933a53 test: fix disparities in x509parse and x509write suites 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti
b9dc2513c1 test: add SHA1 to the supported algs in accelerated ECDSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti
f972ce8d69 oid: replace ECDSA_C with new macros for ECDSA capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti
c8801b7ef1 test: x509: remove disparities in driver only testing for ECDSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:52:31 +01:00
Valerio Setti
80d0798ae8 pk_wrap: use new macros for ECDSA capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:49:17 +01:00
Valerio Setti
683a432a7f fix code style 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Valerio Setti
a1e3e3a28f test: pk: keep PK_WRITE_C only in RSA tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Valerio Setti
5c032b5e1b pk_wrap: fix comment in ecdsa_verify_wrap 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Valerio Setti
b761b15f06 fix code style 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Valerio Setti
d0b83e1fc7 build_info: fix PK's requirements for RSA_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Valerio Setti
1337a4f334 pk_wrap: use specific lengths for EC's private key and key-pair 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Valerio Setti
5bc52248ef pk_wrap: fix for DETERMINISTIC_ECDSA case in ecdsa_sign_wrap() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-08 13:39:10 +01:00
Gilles Peskine
be9e2a1634 The pk_psa_sign test function needs pk_write 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 13:39:10 +01:00
Gilles Peskine
8a6022e948 Clean up header inclusions in pk_wrap.c 
To better reflect what the code relies on, limit the headers that are
included when MBEDTLS_USE_PSA_CRYPTO is disabled. Also stop including
"pkwrite.h" when it is no longer needed.

Include "mbedlts/platform_util.h" unconditionally. It was only included for
RSA ALT but was also used for MBEDTLS_USE_PSA_CRYPTO (the code worked
because other headers include "mbedtls/platform_util.h").

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 13:39:10 +01:00
Gilles Peskine
bbccdd485c pk no longer needs pk_write for ECDSA with MBEDTLS_USE_PSA_CRYPTO 
The dependency is still useful for RSA, for which PSA encodes keys with an
ASN.1 structure.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 13:39:10 +01:00
Gilles Peskine
13caa94746 Don't use pk_write in ecdsa_sign_wrap with USE_PSA_CRYPTO 
Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_sign_wrap() was calling
mbedtls_pk_write_key_der() to write a private key in SEC1 format, only to
then extract the part that represents the private value which is what
psa_import_key() actually wants. Instead, call an mpi function to directly
get the private key in the desired format.

This slightly reduces the code size and stack usage, and removes a
dependency on pk_write.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 13:39:10 +01:00
Gilles Peskine
b4a87b07f8 Don't use pk_write in ecdsa_verify_wrap with USE_PSA_CRYPTO 
Under MBEDTLS_USE_PSA_CRYPTO, ecdsa_verify_wrap() was calling
mbedtls_pk_write_pubkey() to write a public key in the form of a
subjectPublicKey, only to then extract the part that represents the EC
point which psa_import_key() actually wants. Instead, call an ecp
function to directly get the public key in the desired format (just the
point).

This slightly reduces the code size and stack usage, and removes a
dependency on pk_write.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 13:39:10 +01:00
Manuel Pégourié-Gonnard
9cb1aa21c4
Merge pull request #6970 from valeriosetti/issue6857 
driver-only ECDSA: get testing parity in PK
 2023-02-08 13:33:15 +01:00
Gilles Peskine
199ee456b1 Summarize how to improve MBEDTLS_PSA_CRYPTO_CLIENT 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 12:35:19 +01:00
Gilles Peskine
58e935fc6b add a missing 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-08 12:07:12 +01:00
Xiaokang Qian
0de0d863b6 Rebase code to restore reco-delay and fix some style issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 07:41:42 +00:00
Yanray Wang
303829709d compat.sh: simplify code of iterating on VERIFY for PSK tests 
Since PSK cipher suites do not allow client certificate verification,
PSK test cases should be executed under VERIFY=NO. SUB_VERIFIES is
used to constrain verification option for PSK tests.

With aforementioned change, the latter check of
$VERIFY=YES && $TYPE!=PSK is redundant so it's removed.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-02-08 14:58:35 +08:00
Xiaokang Qian
8dc4ce76c7 Fix various coding style and comment issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
6b980011e5 Replace session_negotiate->ciphersuite with handshake->ciphersuite_info->id 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
53c4c27d35 Update the comment of ciphersuite check for early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
64bc9bc33d Add comments to describe the early data behavior-encrypt/rejected... 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
e04afdc44f Refine the condition of whether re-generate early keys 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
eb31cbc791 Share the hash check code between ticket and external psk 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
4ef8ba2938 Assign the ciphersuite in finalize_hrr{server_hello} 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
bb883244aa Remove useless comments of outbound switch 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
02f5e14073 Combine the alert check of selected_id and ciphercuite 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
934ce6f6a9 Rename the finalize_client{server}_hello() 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
ac4c625dea Add hash check of ciphersuite for ticket psk 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
6be8290aba Change to CCS after client hello only if we offer early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00