ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-07-27 13:36:01 +08:00
Code Issues Releases Wiki Activity
27,312 Commits 174 Branches 272 Tags
Commit Graph

12048 Commits

Author SHA1 Message Date
Gilles Peskine
bf21c07923
Merge pull request #5072 from mprse/issue_5065 
Use switch statement instead if-else in psa_aead_check_nonce_length() and psa_aead_set_lengths(). Fixes #5065
 2021-10-18 17:51:50 +02:00
Gabor Mezei
949455892f
Remove unused function 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-10-18 17:02:29 +02:00
Gabor Mezei
a2d0f90c5a
Make functions static 
These functions are only used as an auxiliary function for constant-time functions.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-10-18 16:56:50 +02:00
Gabor Mezei
a316fc8eb0
Update documentation and comments 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-10-18 16:39:13 +02:00
Gabor Mezei
63bbba5c13
Rename and reorder function parameters 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-10-18 16:39:13 +02:00
Gabor Mezei
7013f62ee5
Use condition for not sensitive data 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-10-18 16:39:13 +02:00
Gabor Mezei
eab90bcc36
Move implementation specific comment 
This comment is about how the functions are implemented, not about their
public interface, so it doesn't belong in the header file.
It applies to everything in constant_time.c so moved there.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-10-18 16:39:13 +02:00
Gabor Mezei
1e64261da5
Make mbedtls_cf_size_mask_lt function static 
The mbedtls_cf_size_mask_lt is solely used as an auxiliary function
for mbedtls_cf_size_mask_ge.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-10-18 16:39:13 +02:00
Gilles Peskine
7637ab0d8b
Merge pull request #5037 from mprse/issue_4551 
Fix psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key
 2021-10-18 10:39:21 +02:00
Gilles Peskine
2bb5e9c973
Merge pull request #4760 from gilles-peskine-arm/ecb-alt-ret-3.0 
Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
 2021-10-14 12:11:20 +02:00
Przemyslaw Stekiel
4cad4fc8a9 psa_crypto.c: use switch instead if-else in psa_aead_check_nonce_length and psa_aead_set_lengths (fixes #5065) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-10-13 14:04:36 +02:00
Ronald Cron
e3e16d5d67
Merge pull request #4982 from yuhaoth/pr/add-read-ptr-and-handshake-kex-modes 
TLS1.3:add read ptr and handshake kex modes
CI merge job: only "Session resume using tickets, DTLS: openssl client" failed in one component thus CI can be considered as passed.
 2021-10-11 19:23:12 +02:00
Ronald Cron
e23bba04ee
Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils 
TLS 1.3: ServerHello: add  utils functions used by ServerHello
Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012) thus we can consider that this PR passed CI.
 2021-10-11 11:01:11 +02:00
Jerry Yu
e4eefc716a Improve document for chk_buf_read_ptr 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-09 10:40:40 +08:00
Gilles Peskine
f6892dec2a Readability improvements 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-08 16:28:32 +02:00
Jerry Yu
fd320e9a6e Replace zeroize with memset 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 21:52:41 +08:00
Jerry Yu
88b756bacb move tls1_3 max md size 
It should be internal definition

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 18:41:38 +08:00
Jerry Yu
d1ab262844 define max md size for tls1_3 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 16:19:24 +08:00
Jerry Yu
205fd82f7e fix check_name fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 16:16:24 +08:00
Jerry Yu
ae0b2e2a2f Rename counter_len 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 15:40:14 +08:00
Jerry Yu
c1ddeef53a fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 15:40:14 +08:00
Jerry Yu
dca3d5ddf9 fix document issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 14:19:29 +08:00
Jerry Yu
0cabad375b fix doxygen parameter wrong 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 14:00:29 +08:00
Jerry Yu
adf861aad4 Address kex_modes check function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 14:00:29 +08:00
Jerry Yu
e15e665cfb fix comments and check return issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 14:00:29 +08:00
Jerry Yu
1b7c4a464c tls13: add key exchange modes in handshake params 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 14:00:29 +08:00
Jerry Yu
34da3727d6 Add check read ptr macro 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 14:00:29 +08:00
Paul Elliott
e193ea8cb9 Add Multipart AEAD CCM internal implementation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-10-07 18:06:03 +01:00
Przemyslaw Stekiel
c0fe820dc9 psa_generate_key(): return PSA_ERROR_INVALID_ARGUMENT for public key 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-10-07 11:08:56 +02:00
Gilles Peskine
b9b817e977 Fix PSA_ALG_RSA_PSS verification accepting an arbitrary salt length 
PSA_ALG_RSA_PSS algorithm now accepts only the same salt length for
verification that it produces when signing, as documented.

Fixes #4946.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-05 14:26:25 +02:00
Mateusz Starzyk
c48f43b44d Fix PSA AEAD GCM's update output buffer length verification. 
Move GCM's update output buffer length verification
from PSA AEAD to the built-in implementation of the GCM.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-10-04 13:54:55 +02:00
Mateusz Starzyk
f28261fc14 Remove output buffer limitation for PSA with GCM. 
The requirement of minimum 15 bytes for output buffer in
psa_aead_finish() and psa_aead_verify() does not apply
to the built-in implementation of the GCM.

Alternative implementations are expected to verify the
length of the provided output buffers and to return
the MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL in case the
buffer length is too small.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-10-04 13:54:54 +02:00
Gilles Peskine
023aa11760
Merge pull request #4996 from mprse/mbedtls_cipher_setup_psa_ECB 
Fix test gap: mbedtls_cipher_setup_psa() with ECB
 2021-10-01 14:49:10 +02:00
openluopworld
eab65acca4 bugfix: if the len of iv is not 96-bit, y0 can be calculated incorrectly. 
An initialization vector IV can have any number of bits between 1 and
2^64. So it should be filled to the lower 64-bit in the last step
when computing ghash.

Signed-off-by: openluopworld <luopengxq@gmail.com>
 2021-10-01 17:57:11 +08:00
LuoPeng
eb009232c0 Update library/gcm.c 
Co-authored-by: davidhorstmann-arm <70948878+davidhorstmann-arm@users.noreply.github.com>
Signed-off-by: openluopworld <luopengxq@gmail.com>
 2021-10-01 17:57:11 +08:00
XiaokangQian
05420b120b TLS1.3: Add useful comments based on RFC8446 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-09-30 06:15:18 +00:00
XiaokangQian
16c61aa738 TLS1.3: Alignment coding styles based on comments 
Fix kinds of alignment issues in fetch handshake messages.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-09-30 02:14:23 +00:00
XiaokangQian
6b226b0874 Add fetch_hand_message in generic 
This function is one common function in generic file, get it from
the encrypted extension and submit one patch independently.

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-09-30 02:14:23 +00:00
Andrzej Kurek
a72fe641cc Do not zeroize the ssl context if a key exporting function is set 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2021-09-29 17:08:31 -04:00
Ronald Cron
cd51e76583
Merge pull request #4338 from paul-elliott-arm/psa-m-aead 
Implement multipart PSA AEAD
 2021-09-29 22:48:33 +02:00
Andrzej Kurek
324f72ec9c Fix a bug where the ssl context is used after it's nullified 
When not using DEBUG_C, but using the DTLS CID feature -
a null pointer was accessed in ssl_tls.c.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2021-09-29 10:15:52 -04:00
Andrzej Kurek
5902cd64e2 Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on 
This option only gated an ability to set a callback,
but was deemed unnecessary as it was yet another define to
remember when writing tests, or test configurations. Fixes #4653.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2021-09-29 10:15:42 -04:00
Paul Elliott
60116aee9e Invert logic on nonce length tests 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-29 14:40:16 +01:00
Paul Elliott
355f59edbe Fix formatting issues 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-29 14:40:16 +01:00
Paul Elliott
e716e6c00b Switch cipher enabled macros 
Switch from using MBEDTLS_PSA_BUILTIN_ macros over to using PSA_WANT_
macros, as code was moved from the internal drivers to the PSA Core.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-09-29 14:40:16 +01:00
Przemyslaw Stekiel
80c6a8e1a6 Add PSA support for MBEDTLS_CIPHER_AES_128_ECB 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-09-29 12:39:21 +02:00
Gilles Peskine
bfe3d87f24
Merge pull request #4842 from gilles-peskine-arm/public_fields-3.0-info 
Make some structure fields public: key info, ASN.1 and X.509 parsing, socket fd
 2021-09-29 12:37:09 +02:00
Jerry Yu
d96a5c2d86 Fix wrong usage of counter len macro 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-29 17:46:51 +08:00
gabor-mezei-arm
5b3a32d883
Fix missing includes 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-09-29 10:53:55 +02:00
Manuel Pégourié-Gonnard
1869377146
Merge pull request #4942 from yuhaoth/pr/add-tls13-client-dummy-state-handlers 
add tls13 client dummy state handlers and improve dispatch test
 2021-09-29 10:45:16 +02:00