ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-31 10:01:22 +08:00
Code Issues Releases Wiki Activity
31,483 Commits 172 Branches 268 Tags
Commit Graph

13400 Commits

Author SHA1 Message Date
Dave Rodgman
fb133513d6
Merge pull request #8705 from daverodgman/ctr-perf 
Ctr perf
 2024-01-17 20:25:41 +00:00
Paul Elliott
2728267ec4
Merge pull request #8672 from Ryan-Everett-arm/implement-new-key-slot-states 
Implement the new key slot state system within the PSA subsystem.
 2024-01-17 17:50:04 +00:00
Valerio Setti
504a10254c psa_crypto: do not validate DH groups which are not enabled 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:57:03 +01:00
Valerio Setti
ecaf7c5690 ssl_tls: add guards for enabled DH key types 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:30 +01:00
Valerio Setti
4ed8daa929 psa_crypto_ffdh: add guards for enabled domain parameters 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:30 +01:00
Ryan Everett
4a0ba80bdb
Clarify psa_destroy_key documentation 
Co-authored-by: Janos Follath <janos.follath@arm.com>
Signed-off-by: Ryan Everett <144035422+Ryan-Everett-arm@users.noreply.github.com>
 2024-01-17 14:12:33 +00:00
Ryan Everett
38a2b7a6a3 Extend psa_wipe_key_slot documentation 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-17 11:45:44 +00:00
Ryan Everett
7ed542e0f1 Implement delayed deletion in psa_destroy_key and some cleanup 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-17 11:40:29 +00:00
Dave Rodgman
885248c8ee Add header guards 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-17 11:06:31 +00:00
Dave Rodgman
7e5b7f91ca Fix error in ctr_drbg 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-16 17:28:25 +00:00
Dave Rodgman
46697da5b3 Make gcm counter increment more efficient 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:45:01 +00:00
Dave Rodgman
174eeff235 Save 14 bytes in CTR-DRBG 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:45:01 +00:00
Dave Rodgman
591ff05384 Use optimised counter increment in AES-CTR and CTR-DRBG 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:45:01 +00:00
Dave Rodgman
b49cf1019d Introduce mbedtls_ctr_increment_counter 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:45:01 +00:00
Ryan Everett
1d32a57764 Revert change to psa_destroy_key documentation 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-15 11:27:58 +00:00
Ryan Everett
709120a9ce Revert change to return behaviour in psa_reserve_free_key_slot 
This change was a mistake, we still need to wipe the pointers here.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-15 11:20:50 +00:00
Ryan Everett
dfe8bf86a8 Return CORRUPTION_DETECTED instead of BAD_SLOT when the slot's state is wrong 
These error codes are only returned if the program has been tampered with,
so they should be CORRUPTION_DETECTED.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-15 11:20:50 +00:00
Ryan Everett
4755e6bda4 Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION 
psa_wipe_key_slot can now be called on a slot in any state, if the slot's state
is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered
reader.

Remove the state changing calls that are no longer necessary.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-15 11:20:35 +00:00
Dave Rodgman
c4f984f2a5 Iterate in 16-byte chunks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-15 11:20:19 +00:00
Valerio Setti
5bb454aace psa_crypto: allow asymmetric encryption/decryption also with opaque keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-15 10:43:16 +01:00
Ronald Cron
40a4ab0e0c ssl_tls.c: Factorize save/load of endpoint and ciphersuite 
Move the save/load of session endpoint and
ciphersuite that are common to TLS 1.2 and
TLS 1.3 serialized data from the
specialized ssl_{tls12,tls13}_session_{save,load}
functions to ssl__session_{save,load}.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 10:29:58 +01:00
Ronald Cron
3c0072b58e ssl_ticket.c: Base ticket age check on the ticket creation time 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 10:29:51 +01:00
Ronald Cron
c57f86e132 Add ticket creation time to TLS 1.2 session serialization 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Ronald Cron
feb577a949 Fix TLS 1.2 session serialization on server side 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Ronald Cron
7b1921ac57 Add endpoint in TLS 1.2 session serialization data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Ronald Cron
17ef8dfddb ssl_session: Define unconditionally the endpoint field 
The endpoint field is needed to serialize/deserialize
a session in TLS 1.2 the same way it is needed in the
TLS 1.3 case: client specific fields that should not
be in the serialized version on server side if both
TLS client and server are enabled in the TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Ronald Cron
ba5165e09a ssl_ticket.c: Fix ticket lifetime enforcement 
Take into account that the lifetime of
tickets can be changed through the
mbedtls_ssl_ticket_rotate() API.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:15 +01:00
Ronald Cron
e34f124ff1 ssl_ticket.c: Remove pedantic server endpoint check 
When calculating the ticket age, remove the check
that the endpoint is a server. The module is
supposed to be used only server side. Furthermore,
if such check was necessary, it should be at the
beginning of all ssl_ticket.c APIs. As there is no
such protection in any API, just remove the check.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:56:40 +01:00
Ronald Cron
3c3e2e62f6 ssl_ticket.c: Remove TLS server guard 
The ticket module is removed from the build
if the TLS server is not in the build now
thus no need for the guard.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:54:29 +01:00
Ronald Cron
ce72763f78 ssl_ticket.c: Remove client code 
ssl_ticket.c is a server module.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:52:55 +01:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile 
TLS: remove RSA signature algorithms in `suite B` profile
 2024-01-12 14:34:28 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext 
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
 2024-01-12 13:39:15 +00:00
Waleed Elmelegy
f0ccf46713 Add minor cosmetic changes to record size limit changelog and comments 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-12 10:52:45 +00:00
BensonLiou
57cf55233e Merge branch 'development' of https://github.com/Mbed-TLS/mbedtls into random_bye_on_hrr 2024-01-12 17:53:06 +08:00
BensonLiou
35178fe7ec Do not generate new random number while receiving HRR 
Signed-off-by: BensonLiou <momo1208@gmail.com>
 2024-01-12 17:52:31 +08:00
Ronald Cron
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function 
Harmonise the names and return values of check functions in TLS code
 2024-01-11 13:51:39 +00:00
Ronald Cron
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check 
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
 2024-01-11 13:34:09 +00:00
Valerio Setti
19ec9e4f66 psa_crypto_ecp: remove support for secp224k1 
Since this curve is not supported in PSA (and it will not ever be
in the future), we save a few bytes.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-11 07:07:14 +01:00
Paul Elliott
f149cd1a3a
Merge pull request #8688 from jwinzig-at-hilscher/development 
Fix bug in mbedtls_x509_set_extension
 2024-01-10 16:57:16 +00:00
Kusumit Ghoderao
7d4db631cf add depends on for capacity tests and fix code style 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
d3f70d321a fix unused variable warning and other fixes 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
86e83dd4a7 Add kdf_set_max_capacity function 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
a0907f5750 Reorder and correct comment 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Kusumit Ghoderao
5f3a938d95 Fix psa_key_derivation_setup_kdf 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2024-01-10 21:49:09 +05:30
Waleed Elmelegy
3ff472441a Fix warning in ssl_tls13_generic.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
f501790ff2 Improve comments across record size limit changes 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
fbe42743eb Fix issue in checking in writing extensions 
Fix issue in checking if server received
record size limit extension.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Waleed Elmelegy
e1ac98d888 remove mbedtls_ssl_is_record_size_limit_valid function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Waleed Elmelegy
d2fc90e024 Stop sending record size limit extension if it's not sent from client 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Waleed Elmelegy
148dfb6457 Change record size limit writing function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00