mbedtls

mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-07-13 03:33:35 +08:00

Author	SHA1	Message	Date
Paul Elliott	811d8d462f	Fix incorrect enums being used Fix memory leak due to aead_abort() using incorrect enums to identify algorithm used. Fix incorrect return on failure to check tag on aead_verify() Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-14 19:03:26 +01:00
Paul Elliott	5653da0201	Fix errors with missing tests Return not supported for the time being whilst we don't have the transparent driver tests done. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-14 19:03:26 +01:00
Paul Elliott	302ff6bdd6	Implement multipart AEAD PSA interface Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-14 19:03:26 +01:00
Paul Elliott	6504aa6451	First pass addition of driver wrappers Transparent driver test functions not yet implemented. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-14 19:03:26 +01:00
Paul Elliott	adb8b16b16	Add internal implementation of multipart AEAD For the time being CCM and GCM are not entirely implemented correctly due to issues with their underlying implentations, which would be difficult to fix in 2.x, and thus require all the AD and data to be passed in in one go. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-14 19:03:26 +01:00
Paul Elliott	07a30c4c00	Convert oneshot AEAD over to multipart struct Multipart AEAD operation struct has to be public as it's allocated by the caller, so to save duplication of code, switch oneshot AEAD over to using the multipart operation struct. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-05-14 19:03:26 +01:00
Hanno Becker	59b97bbe06	Fixup glitch in ChangeLog entry Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 17:12:15 +01:00
Hanno Becker	8e184e2deb	Add migration guide Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 17:10:27 +01:00
Hanno Becker	a808ec3f0d	Add ChangeLog entry Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 17:10:15 +01:00
Hanno Becker	541af8575e	Use -1 instead of 1 as failure return value in internal SSL function Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 16:49:01 +01:00
Hanno Becker	699d4d7df7	Add migration guide for new SSL ticket API Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 16:36:44 +01:00
Hanno Becker	548b136e8f	Add migration guide for removal of mbedtls_ssl_get_session_pointer() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 16:36:44 +01:00
Hanno Becker	e810bbc1ac	Implement 3.0-semantics for mbedtls_ssl_{get,set}_session() mbedtls_ssl_{get,set}_session() exhibited idempotent behaviour in Mbed TLS 2.x. Multiple calls to those functions are not useful in TLS 1.2, and the idempotent nature is unsuitable for support of TLS 1.3 which introduces the availabilty to offer multiple tickets for resumption, as well as receive multiple tickets. In preparation for TLS 1.3 support, this commit relaxes the semantics of `mbedtls_ssl_{get,set}_session()` by allowing implementations to fail gracefully, and leveraging this freedom by modifying the existing TLS 1.2 implementation to only accept one call to `mbedtls_ssl_{get,set}_session()` per context, and non-fatally failing all subsequent invocations. For TLS 1.3, it will be leveraged by making multiple calls to `mbedtls_ssl_get_session()` issue one ticket a time until no more tickets are available, and by using multiple calls to `mbedtls_ssl_set_session()` to allow the client to offer multiple tickets to the server. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 16:27:54 +01:00
Hanno Becker	494dc71de8	Remove mbedtls_ssl_get_session_pointer() Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 15:15:35 +01:00
Hanno Becker	fc1f4135c3	Use `memset( x, 0, sizeof( x ) )` to clear local structure Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 14:57:54 +01:00
Hanno Becker	9caed14a21	Fix typo in ssl session cache documentation Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 14:57:13 +01:00
Hanno Becker	78196e366f	Fix search for outdated entries in SSL session cache Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 14:55:15 +01:00
Hanno Becker	c3f4a97b8f	Don't infer last element of SSL session cache twice Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 14:54:24 +01:00
Hanno Becker	466ed6fd08	Improve local variable naming in SSL session cache implementation Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 14:54:00 +01:00
Hanno Becker	5cf6f7eafe	Fix swapping of first and last entry in SSL session cache Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 14:45:04 +01:00
TRodziewicz	1cf33bf94d	Corrections o the migration guide Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-14 14:35:26 +02:00
TRodziewicz	95f8f22c27	Migration guide added and ChangeLog clarified Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-14 14:07:51 +02:00
Hanno Becker	006f2cce2e	Fix compile-time guard in session cache implementation Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 04:57:44 +01:00
Hanno Becker	0d05f40222	Clarify that session cache query must return free-able session Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 04:57:43 +01:00
Hanno Becker	b94fdae3c3	Improve code structure for session cache query Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-05-14 04:57:40 +01:00
gabor-mezei-arm	07a35f68ee	Update key type name Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 16:27:46 +02:00
gabor-mezei-arm	d5218df572	Enable fallback to software implementation in psa_sign/verify_message driver Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:19:01 +02:00
gabor-mezei-arm	f048618b43	Unify variable type and rename to be unambiguous Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:19:01 +02:00
gabor-mezei-arm	2b8373f856	Update documentation Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:19:01 +02:00
gabor-mezei-arm	4bc0edb919	Typo Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:19:01 +02:00
gabor-mezei-arm	041887bfc3	Update key usage determination for exercise key tests Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:19:01 +02:00
gabor-mezei-arm	4a6fcda031	Typo Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:19:01 +02:00
gabor-mezei-arm	256443e64e	Change the driver calling logic for psa_sign/verify_messsage The changed logic is to try a sign-message driver (opaque or transparent); if there isn't one, fallback to builtin sofware and do the hashing, then try a sign-hash driver. This will enable to the opaque driver to fallback to software. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:19:00 +02:00
gabor-mezei-arm	6883fd248d	Rename sign/verify builtin functions called by driver wrapper functions Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:19:00 +02:00
gabor-mezei-arm	6e2a8daef4	Add new tests for psa_sign/verify_message Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:19:00 +02:00
gabor-mezei-arm	d785a79477	Fix test Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:19:00 +02:00
gabor-mezei-arm	e088985496	Fix test names Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:19:00 +02:00
gabor-mezei-arm	ce8804fd6e	Update tests dependencies Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:19:00 +02:00
gabor-mezei-arm	4fabc5666b	Use non-deterministic ecdsa algorithm for verify_hash/message tests Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:18:59 +02:00
gabor-mezei-arm	474a35f635	Return error if algorithm is not hash-then-sign for psa_sign_message Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:18:59 +02:00
gabor-mezei-arm	8b3e88614c	Use bool variable instead of enum values Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:18:59 +02:00
gabor-mezei-arm	12b4f34fff	Fix documentation Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:18:59 +02:00
gabor-mezei-arm	6cdf637f88	Use switch-case for error handling Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:18:59 +02:00
gabor-mezei-arm	6dcaa3b5a1	Update driver tests for psa_hash/verify_message Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:18:59 +02:00
gabor-mezei-arm	f9820f92cf	Fix for algorithms other than hash-then-sign Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:18:59 +02:00
gabor-mezei-arm	b5c1e37aff	Use driver-wrapper functions for psa_sign/verify_message To avoid code duplication of the old-style SE interface usage call psa_driver_wrapper_sign/verify_hash function instead of the direct internal functions. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:18:58 +02:00
gabor-mezei-arm	df0f230762	Typo Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:18:58 +02:00
gabor-mezei-arm	0f62240942	Enable algorithms other than hash-then-sign For psa_hash/verify_message other algorithms than hash-then-sign is enabled like PureEdDSA. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:18:58 +02:00
gabor-mezei-arm	46c23a051c	Fix error checking Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:18:58 +02:00
gabor-mezei-arm	2522c0b1cd	Update macro names Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-05-13 11:18:58 +02:00

... 50 51 52 53 54 ...

18296 Commits