mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-02 08:54:10 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
25,365 Commits 170 Branches 263 Tags
Commit Graph

6026 Commits

Author SHA1 Message Date
Paul Elliott
9a11f8a122
Merge pull request #7573 from tom-cosgrove-arm/add-psa_want_alg_some_pake 
Only include psa_pake_setup() and friends if some PAKE algorithms are required
 2023-05-18 09:59:52 +01:00
Andrzej Kurek
1bc7df2540 Add documentation and a changelog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-17 15:23:56 -04:00
Paul Elliott
8203f2d89f
Merge pull request #7535 from minosgalanakis/ecp/7264_enable_core_shift_l 
[Bignum] Adjust mbedtls_mpi_core_shift_l to use the core function
 2023-05-17 18:45:44 +01:00
Valerio Setti
c1541cb3c7 pk: minor fixes (guards and a wrong assignment) 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-17 19:23:02 +02:00
Andrzej Kurek
67fdb3307d Add a possibility to write subject alt names in a certificate 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-17 11:45:36 -04:00
Andrzej Kurek
1a75269589 Move mbedtls_x509_san_list to x509.h 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-17 11:45:36 -04:00
Valerio Setti
92c3f36866 test_suite_debug: fix USE_PSA_INIT/DONE guards in a test 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-17 15:38:34 +02:00
Valerio Setti
722f8f7472 pk: adding a new field to store the public key in raw format 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-17 15:31:21 +02:00
Manuel Pégourié-Gonnard
b1c0afe484
Merge pull request #7595 from valeriosetti/deprecate_pk_ec 
Set mbedtls_pk_ec() as internal function when ECP_C is not defined
 2023-05-17 12:27:03 +02:00
Yanray Wang
419a55e929 build_info.h: rewrite comment for inclusion of config_psa.h 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-05-17 18:22:34 +08:00
Yanray Wang
6397673cb8 build_info.h: change location of including config_psa.h 
In build_info.h, some macros are defined based on PSA_WANT_XXX symbol.
This commit tweaks the location of including config_psa.h
so that macros in build_info.h could imply config options correctly.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-05-17 13:57:22 +08:00
Minos Galanakis
2056d09893 bignum: Updated documentation for mbedtls_mpi_shift_l() 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-05-16 17:16:26 +01:00
Valerio Setti
3f00b84dd1 pk: fix build issues 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-15 12:57:06 +02:00
Valerio Setti
77a75685ed pk: align library and tests code to the new internal functions 
Note = programs are not aligned to this change because:
- the original mbedtls_pk_ec is not ufficially deprecated
- that function is used in tests when ECP_C is defined, so
  the legacy version of that function is available in that
  case

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-15 11:18:46 +02:00
Valerio Setti
229bf1031f pk: make mbedtls_pk_ec internal when !ECP_C 
mbedtls_pk_ec() is not an ideal function because:
- it provides direct access to the ecp_keypair structure wrapped
  by the pk_context and
- this bypasses the PK module's control
However, since for backward compatibility, it cannot be deprecated
immediately, 2 alternative internal functions are proposed.
As a consequence:
- when ECP_C is defined, then the legacy mbedtls_pk_ec is available
- when only ECP_LIGHT is defined, but ECP_C is not, then only the
  new internal functions will be available

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-15 11:13:55 +02:00
Fredrik Hesse
cc207bc379 Replace references to Mbed Crypto with Mbed TLS through-out documentation and comments. 
Signed-off-by: Fredrik Hesse <fredrik@hesse.se>
 2023-05-12 14:59:01 +01:00
Tom Cosgrove
6d62faca8e Only include psa_pake_setup() and friends if some PAKE algorithms are required 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-05-12 12:36:24 +01:00
Andrzej Kurek
199eab97e7 Add partial support for URI SubjectAltNames 
Only exact matching without normalization is supported.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-05-10 09:57:19 -04:00
Manuel Pégourié-Gonnard
1d046fa0dd
Merge pull request #6010 from mprse/ffdh_import_export 
FFDH 1, 2A, 2B: FFDH add support for import/export key, key agreement, key generation + tests
 2023-05-10 11:40:54 +02:00
Gilles Peskine
8d42cfddd6
Merge pull request #7539 from gilles-peskine-arm/mbedtls_error_pair_t-smaller 
Halve size of mbedtls_error_pair_t
 2023-05-09 15:55:51 +02:00
Gilles Peskine
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids 
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
 2023-05-08 20:38:29 +02:00
Kusumit Ghoderao
9016bc4ed2 Clean up commented code 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-08 16:04:05 +05:30
Kusumit Ghoderao
3fc4ca7272 Limit max input cost to 32bit 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-08 15:57:41 +05:30
Gilles Peskine
4837e9d1c0 Correct comment about mbedtls error codes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-07 20:27:13 +02:00
Pol Henarejos
d06c6fc45b
Merge branch 'development' into sha3 
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
 2023-05-05 16:01:18 +02:00
Valerio Setti
92da2a79aa pk: improve description for the next opaque ID field 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-05 12:31:23 +02:00
Valerio Setti
4f387ef277 pk: use better naming for the new key ID field 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-05 10:59:32 +02:00
Valerio Setti
e00954d0ed pk: store opaque key ID directly in the pk_context structure 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-05 10:57:26 +02:00
Jethro Beekman
0167244be4 Read and write X25519 and X448 private keys 
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
 2023-05-04 13:01:47 +02:00
Kusumit Ghoderao
b9410e89b4 Fix failing CI 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-04 13:17:51 +05:30
Przemek Stekiel
746dfaea3f Enable FFDH through PSA if it's enabled in the legacy interface 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-05-04 09:14:08 +02:00
Kusumit Ghoderao
dcfa548293 Add pbkdf2 to key_derivation context struct 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-03 14:20:35 +05:30
Kusumit Ghoderao
30ced52497 Add pbkdf2 struct to crypto_builtin_key_derivation.h 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-03 14:20:35 +05:30
Kusumit Ghoderao
876e2c2424 Add psa_pbkdf2_key_derivation_state_t 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-03 14:20:34 +05:30
Kusumit Ghoderao
83baf8968d Add builtin PBKDF2_HMAC definition in config_psa.h 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-03 14:20:34 +05:30
Kusumit Ghoderao
aca31654e6 Enable PSA_WANT_ALG_PBKDF2_HMAC in crypto_config.h 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-05-03 14:20:34 +05:30
Gilles Peskine
b567f8326d Halve size of mbedtls_error_pair_t 
All PSA crypto error codes fit comfortably in 16 bits and we have no plans
to ever change this. So use 16 bits to store them, which reduces
mbedtls_error_pair_t from 8 bytes to 4 bytes.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-05-02 21:40:07 +02:00
Gilles Peskine
d3ca5e5897
Merge pull request #7328 from mprse/ec-jpake-fix1 
Fix the JPAKE driver interface for user+peer
 2023-05-02 20:42:25 +02:00
Manuel Pégourié-Gonnard
8e076e4132
Merge pull request #6915 from aditya-deshpande-arm/example-driver-post-codestyle 
Document (with examples) how to integrate a third-party driver with Mbed TLS
 2023-05-02 12:13:42 +02:00
Manuel Pégourié-Gonnard
f317df98ea
Merge pull request #7461 from valeriosetti/issue7460-part1 
Fixing USE_PSA_INIT/DONE in SSL/X509/PK test suites
 2023-05-02 10:44:13 +02:00
Aditya Deshpande
f100f00679 Add warnings to documentation stating that p256-m code may be out of date with upstream, plus other minor grammatical fixes. 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-04-28 17:54:15 +01:00
Aditya Deshpande
bac592d53e Remove rand() from p256_generate_random() and move to an implementation based on mbedtls_ctr_drbg 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-04-28 17:54:15 +01:00
Aditya Deshpande
e41f7e457f Integrate p256-m as an example driver alongside Mbed TLS and write documentation for the example. 
(Reapplying changes as one commit on top of development post codestyle change instead of rewriting old branch)

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-04-28 17:54:09 +01:00
Przemek Stekiel
4ce523256b Fix definition of PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE (ECC vs FFDH max) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-28 13:40:34 +02:00
Przemek Stekiel
eb511a4495 Update config files to make PSA FFDH undependent on MBEDTLS_DHM_C 
To enable support for FFDH in PSA MBEDTLS_USE_PSA_CRYPTO needs to be enabled.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-28 13:20:16 +02:00
Przemek Stekiel
6d85afa0cc Fix naming: FFDH key -> DH key and fix guard in psa_validate_key_type_and_size_for_key_generation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-28 11:42:17 +02:00
Przemek Stekiel
5357a7a6d9 Use PSA_MAX_OF_THREE in PSA_EXPORT_KEY_PAIR_MAX_SIZE 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-27 11:22:36 +02:00
Dave Rodgman
98062a7c5d
Merge pull request #7316 from yuhaoth/pr/Add-msvc-support-for-aesce-module 
Add msvc support for AESCE
 2023-04-26 21:27:08 +01:00
David Horstmann
9643575d92 Limit OIDs to 128 components 
The longest OID known by oid-info.com is 34 components[1], so 128
should be plenty and will limit the potential for attacks.

[1] http://oid-info.com/get/1.3.6.1.4.1.1248.1.1.2.1.3.21.69.112.115.111.110.32.83.116.121.108.117.115.32.80.114.111.32.52.57.48.48

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-04-26 11:50:14 +01:00
Przemek Stekiel
654bef0be0 Fix typos, comments, style, optimize macros 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-26 09:07:20 +02:00