ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-07-05 21:49:55 +08:00
Code Issues Releases Wiki Activity
18,296 Commits 173 Branches 272 Tags
Commit Graph

7866 Commits

Author SHA1 Message Date
Ronald Cron
f1eb425782
Merge pull request #4469 from xiaoxiang781216/padlock 
aes: Check aes_padlock_ace > 0 before calling padlock
 2021-05-28 11:06:40 +02:00
Ronald Cron
c44a1d522a
Merge pull request #4507 from Venafi/userid-oid 
Add OID for User ID
 2021-05-28 10:43:41 +02:00
TRodziewicz
062f353804 Changes after code review 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-27 17:34:14 +02:00
TRodziewicz
cc7074128a Remove MBEDTLS_CHECK_PARAMS option 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-27 17:33:32 +02:00
Mateusz Starzyk
e7dce558c9 Merge branch 'development' into mbedtls_private_with_python 
Conflicts:
	include/mbedtls/ssl.h

Conflicts resolved by using code from development branch and
manually re-applying MBEDTLS_PRIVATE wrapping.
 2021-05-27 16:02:46 +02:00
Mateusz Starzyk
03f00307a2 Add missing common.h include. 
Remove obsolete config.h include when common.h is included.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-05-27 14:40:40 +02:00
Mateusz Starzyk
57d1d198ef Fix typo 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-05-27 14:39:53 +02:00
Christoph Reiter
95273f4b07 Expose flag for critical extensions 
Enables creating X.509 CSRs with critical extensions.

Signed-off-by: Christoph Reiter <christoph.reiter@infineon.com>
 2021-05-27 14:27:43 +02:00
Ronald Cron
142c205ffc
Merge pull request #4513 from Patater/psa-without-genprime-fix 
psa: Support RSA signature without MBEDTLS_GENPRIME
 2021-05-27 14:19:24 +02:00
TRodziewicz
46cccb8f39 _SSL_DTLS_BADMAC_LIMIT config.h option removed 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-26 13:36:21 +02:00
TRodziewicz
e8dd7097c3 Combine MBEDTLS_SSL_<CID-TLS1_3>_PADDING_GRANULARITY options 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-26 13:19:08 +02:00
Hanno Becker
28e5f1ed57 Avoid unused variable warning in TLS 1.3 PSK binder calculation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-26 09:29:49 +01:00
Hanno Becker
c8d3ccd67b Fix Doxygen for TLS 1.3 PSK binder helper 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-26 04:47:29 +01:00
Gilles Peskine
b7abba28e3
Merge pull request #4515 from tom-daubney-arm/remove_rsa_mode_params_2 
Remove rsa mode params part 2
 2021-05-25 20:36:33 +02:00
Gilles Peskine
8a5304d446
Merge pull request #4553 from gilles-peskine-arm/aria_alt-3.0 
Fix ARIA_ALT header and self-test and CAMELLIA_ALT self-test
 2021-05-25 20:32:40 +02:00
Gilles Peskine
c537aa83f4 CAMELLIA: add missing context init/free 
This fixes the self-test with alternative implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-25 09:23:10 +02:00
Gilles Peskine
be89fea1a7 ARIA: add missing context init/free 
This fixes the self-test with alternative implementations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-05-25 09:23:10 +02:00
TRodziewicz
4ca18aae38 Corrections after the code review 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 13:38:00 +02:00
TRodziewicz
6370dbeb1d Remove the _SSL_FALLBACK_ parts 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:49:59 +02:00
TRodziewicz
2d8800e227 Small corrections in the comments 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:49:24 +02:00
TRodziewicz
b5850c5216 Correction of too restrictive ssl cli minor check 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:49:15 +02:00
TRodziewicz
ef73f01927 Removing strayed dtls1 after doing tests 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:49:04 +02:00
TRodziewicz
28126050f2 Removal of constants and functions and a new ChangeLog file 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:48:12 +02:00
TRodziewicz
0f82ec6740 Remove the TLS 1.0 and 1.1 support 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:45:20 +02:00
Hanno Becker
b7d9bad6be Add helper function for calculation of TLS 1.3 PSK binder 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-24 11:20:30 +01:00
Hanno Becker
ef5235bc2e Add TLS 1.3 second level key derivations 
This commit adds helper functions to ssl_tls13_keys.[ch]
allowing to derive the secrets specific to each stage of
a TLS 1.3 handshake (early, handshake, application) from
the corresponding master secret (early secret, handshake
secret, master secret).

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-24 08:32:24 +01:00
Hanno Becker
2d8e99b097 Add API to query maximum plaintext size of incoming records 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-23 06:03:55 +01:00
Hanno Becker
9752aadd85 Make query API for state of MFL extension internal 
This commit makes the API

- mbedtls_ssl_get_output_max_frag_len()
- mbedtls_ssl_get_input_max_frag_len()
- mbedtls_ssl_get__max_frag_len()

for querying the state of the Maximum Fragment Length
extension internal.

Rationale: The value those APIs provide to the user is in
upper bounds for the size of incoming and outgoing records,
which can be used to size application data buffers apporpriately
before passing them to mbedtls_ssl_{read,write}(). However,
there are other factors which influence such upper bounds,
such as the MTU or other extensions (specifically, the
record_size_limit extension which is still to be implemented)
which should be taken into account.

There should be more general APIs for querying the maximum
size of incoming and outgoing records.

For the maximum size of outgoing records, we already have such,
namely mbedtls_ssl_get_max_out_record_payload().

For the maximum size of incoming records, a new API will be
added in a subsequent commit.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-23 06:03:55 +01:00
Paul Elliott
3a16e014f2 Ensure tag lengths match in verification 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Paul Elliott
f47b0957ab Set tag to 'impossible' value on failure to encrypt 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Paul Elliott
6eb959854b Improve state logic 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Paul Elliott
6981fbcf10 Remove unneccessary guard for key unlock 
Also make sure failure is not hidden by key unlock failure

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Paul Elliott
e95259f833 Remove some CCM leftovers 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-21 18:05:04 +01:00
Mateusz Starzyk
88fa17d1e9 Add missing 'common.h' include. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-05-21 18:10:44 +02:00
Mateusz Starzyk
2c09c9bca9 Introduce MBEDTLS_PRIVATE macro. 
Public structs members are considered private and should not
be used by users application.

MBEDTLS_PRIVATE(member) macro is intended to clearly indicate
which members are private.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-05-21 18:07:06 +02:00
Thomas Daubney
d58ed587fd Restores erroneously removed checks 
Some padding checks in rsa.c were
erroneously removed in a previous
commit and are restored in this
commit.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-05-21 11:50:39 +01:00
Janos Follath
7fc487c4d6
Merge pull request #4347 from hanno-arm/ssl_session_cache_3_0 
Add session ID as an explicit parameter to SSL session cache API
 2021-05-21 09:28:55 +01:00
Ronald Cron
ca72287583
Merge pull request #4304 from mstarzyk-mobica/convert_NO_SHA384_to_positive 
Modify config option for SHA384.
 2021-05-21 08:04:33 +02:00
Paul Elliott
60aa203e30 Remove temporary AEAD CCM implementation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-20 22:44:32 +01:00
Paul Elliott
e715f88d9d Fix key slot being used uninitialised on error 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-20 21:55:39 +01:00
Paul Elliott
1a98acac1c Properly handle GCM's range of nonce sizes 
Add comment to the effect that we cannot really check nonce size as the
GCM spec allows almost arbitrarily large nonces. As a result of this,
change the operation nonce over to an allocated buffer to avoid overflow
situations.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-20 18:39:58 +01:00
Paul Elliott
ee4ffe0079 Move AEAD length checks to PSA core 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-20 18:39:58 +01:00
Paul Elliott
b91da71db1 Remove unrequired initialisation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-20 18:39:58 +01:00
Paul Elliott
ac1b3fd5b6 Ensure that key gets unlocked in case of error 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-20 18:39:58 +01:00
Paul Elliott
cee785cd72 Seperate id checks from other state checks 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-20 18:39:58 +01:00
Paul Elliott
bb8bf6649e Change function signature indentation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-20 18:39:58 +01:00
Paul Elliott
e9eeea3290 Formatting fixes 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-20 18:39:58 +01:00
Paul Elliott
5c656cbf99 Fix missed incorrect include guard 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-20 18:39:58 +01:00
Paul Elliott
b91f331fce Correct potential return values in documentation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-20 18:39:58 +01:00
Paul Elliott
498d3503c4 Misc documentation fixes. 
Misnamed function calls, typos and missed changes.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-05-20 18:39:58 +01:00