1
0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-05-29 01:16:39 +08:00

6957 Commits

Author SHA1 Message Date
Thomas Daubney
cbc088f5d0 Removes p_rng from mbedtls_rsa_rsassa_pkcs1_v15_verify
Commit removes p_rng from
mbedtls_rsa_rsassa_pkcs1_v15_verify function in
preparation of removal of mode parameter.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-19 11:39:58 +01:00
Ronald Cron
0e3ec27598
Merge pull request #4506 from gilles-peskine-arm/array-parameters-to-pointers-sha512
Change sha256 and sha512 output type from an array to a pointer
2021-05-19 12:37:17 +02:00
Mateusz Starzyk
3ea8e2d5ad Restore alphabetical order of SHA definitions
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-05-19 11:38:01 +02:00
Mateusz Starzyk
4228f895c0 Merge branch 'development' into convert_NO_SHA384_to_positive
Conflicts:
* configs/config-psa-crypto.h: modified here, removed in development
* tests/suites/test_suite_x509parse.data: all conflicts are in depends_on
  lines where development made a change unrelated to MBEDTLS_SHAxxx and our
  branch either changed `MBEDTLS_SHA256_C` to `MBEDTLS_SHA224_C` or
  `MBEDTLS_SHA512_C:!MBEDTLS_SHA512_NO_SHA384` to ``MBEDTLS_SHA384_C`, with
  no change to what the test does. Pick the other branch's dependency
  changes then apply our SHA dpeendency change.
2021-05-19 11:37:49 +02:00
Manuel Pégourié-Gonnard
5ca21db813 Fix misuse of MD API in SSL constant-flow HMAC
The sequence of calls starts-update-starts-update-finish is not a
guaranteed valid way to abort an operation and start a new one. Our
software implementation just happens to support it, but alt
implementations may very well not support it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-05-19 10:33:40 +02:00
Gilles Peskine
b7bb0687f7 Rework and reword the guarantees on output_size
To simplify the documentation, and because there are only two realistic
behaviors in practice, only allow two behaviors for multipart output:
immediate output, or buffering of the last partial block.

State some simple rules that applications can follow if they don't care about
the details.

Explicitly state how much output is needed for finish(). Only require the
buffer size to be the size of the actual output, not the size of the potential
output in the worst case. Rename the parameter from output_len to output_size
since it's a buffer size and not necessarily the length of the data.

No longer guarantee that the built-in implementation produces immediate
output.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-18 23:15:40 +02:00
Thomas Daubney
68d9cbca97 Removes mode param from mbedtls_rsa_pkcs1_verify
Commit removes mode parameter from
mbedtls_rsa_pkcs1_verify and propagates the
change throughout the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:14:32 +01:00
Thomas Daubney
613d1a4fb7 Removes p_rng param from mbedtls_rsa_pkcs1_verify
Commit removes p_rng from mbedtls_rsa_pkcs1_verify
since p_rng has no relevance following the removal
of f_rng from this function.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:07:13 +01:00
Thomas Daubney
ac1331211e Removes f_rng parameter from mbedtls_rsa_pkcs1_verify
Commit removes f_rng parameter from
mbedtls_rsa_pkcs1_verify as a prerequisite
to removing the mode parameter. f_rng no
longer has relevance in this function if
mode is removed.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:07:13 +01:00
Thomas Daubney
de9fdc4b12 Removes mode param from mbedtls_rsa_rsassa_pss_sign
Commit removes the mode param from
mbedtls_rsa_rsassa_pss_sign and propagates
the changes throughout the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:07:13 +01:00
Thomas Daubney
526549854c Removes mode param from mbedtls_rsa_rsassa_pkcs1_v15_sign
Commit removes the mode parameter from
mbedtls_rsa_rsassa_pkcs1_v15_sign and
propagates the change throughout the
codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 20:07:05 +01:00
Dave Rodgman
c1ae30a05e Fix docs for mbedtls_padlock_has_support
Fix a slight inaccuracy in the docs for the return value of
mbedtls_padlock_has_support.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-05-18 19:01:42 +01:00
Thomas Daubney
140184d029 Removes mode param from mbedtls_rsa_pkcs1_sign
Commit removes the mode parameter from
mbedtls_rsa_pkcs1_sign and progagates the
change to all relevant parts of the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 18:02:24 +01:00
Thomas Daubney
fa1581ea03 Modifies typedef of mbedtls_pk_rsa_alt_sign_func
This commit modifies the typedef of
mbedtls_pk_rsa_alt_sign_func and propagates the
associated changes throughout the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-18 12:38:33 +01:00
Gilles Peskine
9c58274484 Remove automatically generated source files
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-17 22:48:08 +02:00
Gilles Peskine
687d1ab714 Makefile targets for automatically generated files
Run `make generated_files` to generate the automatically generated
C source files and build scripts.

Run `make neat` to remove all automatically generated files, even C
source files and build scripts.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-05-17 22:47:02 +02:00
Ronald Cron
fdcde47f36
Merge pull request #4458 from davidhorstmann-arm/remove-max-content-len
Remove MBEDTLS_SSL_MAX_CONTENT_LEN option
2021-05-17 16:36:04 +02:00
Gilles Peskine
864b425156
Merge pull request #4488 from tom-daubney-arm/remove_rsa_mode_params
Remove rsa mode params part 1
2021-05-17 13:49:19 +02:00
Manuel Pégourié-Gonnard
9370f01391
Merge pull request #3927 from hanno-arm/ciphersuite_helper_macros
Unify naming scheme for macros indicating presence of classes of ciphersuites
2021-05-17 11:18:58 +02:00
Thomas Daubney
141700f057 Removes mode param from mbedtls_rsa_rsaes_oaep_encrypt
Removes mode parameter from
mbedtls_rsa_rsaes_oaep_encrypt and propagates
changes throughout the codebase.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-17 10:11:05 +01:00
Thomas Daubney
53e4ac64b7 Removes mode param from mbedtls_rsa_rsaes_pkcs1_v15_encrypt
Removal of mode parameter from
mbedtls_rsa_rsaes_pkcs1_v15_encrypt. This commit
propagates the change to all relevant function calls
and tests.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-17 10:11:05 +01:00
Thomas Daubney
2177277dda Removes mode param from mbedtls_rsa_pkcs1_encrypt
Removal of the mode parameter from
mbedtls_rsa_pkcs1_encrypt function. This change
is propagated throughout the codebase and to
relevant tests.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2021-05-17 10:11:05 +01:00
Manuel Pégourié-Gonnard
5605911fd3
Merge pull request #4447 from hanno-arm/ssl_config_cleanup
Avoid and remove some SSL error codes for Mbed TLS 3.0
2021-05-17 10:55:17 +02:00
Hanno Becker
8cce50d726 Remove reference to SSLv3
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-15 06:15:52 +01:00
Hanno Becker
d086bf0c62 Fix typo
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-15 06:14:56 +01:00
Hanno Becker
31351cef6f Add missing escape character in multi-line preprocessor directive
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-15 06:14:56 +01:00
Hanno Becker
0cc4661365 Introduce helper macro for presence of stream ciphersuites
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-15 06:14:56 +01:00
Hanno Becker
fd86ca8626 Rename SOME_MODES_USE_MAC -> SOME_SUITES_USE_MAC
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-15 06:07:48 +01:00
Hanno Becker
541af8575e Use -1 instead of 1 as failure return value in internal SSL function
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 16:49:01 +01:00
Hanno Becker
fc1f4135c3 Use memset( x, 0, sizeof( x ) ) to clear local structure
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 14:57:54 +01:00
Hanno Becker
78196e366f Fix search for outdated entries in SSL session cache
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 14:55:15 +01:00
Hanno Becker
c3f4a97b8f Don't infer last element of SSL session cache twice
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 14:54:24 +01:00
Hanno Becker
466ed6fd08 Improve local variable naming in SSL session cache implementation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 14:54:00 +01:00
Hanno Becker
5cf6f7eafe Fix swapping of first and last entry in SSL session cache
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 14:45:04 +01:00
Hanno Becker
006f2cce2e Fix compile-time guard in session cache implementation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 04:57:44 +01:00
Hanno Becker
b94fdae3c3 Improve code structure for session cache query
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 04:57:40 +01:00
gabor-mezei-arm
d5218df572
Enable fallback to software implementation in psa_sign/verify_message driver
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
f048618b43
Unify variable type and rename to be unambiguous
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
2b8373f856
Update documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:01 +02:00
gabor-mezei-arm
256443e64e
Change the driver calling logic for psa_sign/verify_messsage
The changed logic is to try a sign-message driver (opaque or transparent);
if there isn't one, fallback to builtin sofware and do the hashing,
then try a sign-hash driver. This will enable to the opaque driver
to fallback to software.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
6883fd248d
Rename sign/verify builtin functions called by driver wrapper functions
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:19:00 +02:00
gabor-mezei-arm
474a35f635
Return error if algorithm is not hash-then-sign for psa_sign_message
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
8b3e88614c
Use bool variable instead of enum values
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
12b4f34fff
Fix documentation
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
6cdf637f88
Use switch-case for error handling
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
f9820f92cf
Fix for algorithms other than hash-then-sign
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:59 +02:00
gabor-mezei-arm
b5c1e37aff
Use driver-wrapper functions for psa_sign/verify_message
To avoid code duplication of the old-style SE interface usage
call psa_driver_wrapper_sign/verify_hash function instead of
the direct internal functions.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
df0f230762
Typo
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
0f62240942
Enable algorithms other than hash-then-sign
For psa_hash/verify_message other algorithms than hash-then-sign is
enabled like PureEdDSA.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00
gabor-mezei-arm
46c23a051c
Fix error checking
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
2021-05-13 11:18:58 +02:00