espressif/mbedtls
1
0
Fork 0
mirror of https://github.com/espressif/mbedtls.git synced 2025-06-22 06:58:04 +08:00
Code Issues Packages Projects Releases Wiki Activity
29,975 Commits 33 Branches 163 Tags
Commit Graph

4433 Commits

Author SHA1 Message Date
Ronald Cron
05d7cfbd9c tls13: cli: Rename STATE_UNKNOWN to STATE_IDLE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
d2884662c1 tls13: cli: Split early data user status and internal state 
Do not use the return values of
mbedtls_ssl_get_early_data_status()
(MBEDTLS_SSL_EARLY_DATA_STATUS_ macros)
for the state of the negotiation and
transfer of early data during the
handshake.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:15 +01:00
Manuel Pégourié-Gonnard
fe164aecfc
Merge pull request #8887 from gilles-peskine-arm/pk_import_into_psa-fix_doxygen_code_blocks 
Fix intended code blocks that were not suitably indented
 2024-03-12 11:27:45 +00:00
Dave Rodgman
9cc01ccbf8
Merge pull request #8831 from yanesca/switch_to_new_exp 
Use mpi_core_exp_mod in bignum
 2024-03-11 13:40:46 +00:00
Manuel Pégourié-Gonnard
af3e574f5f
Merge pull request #8862 from valeriosetti/issue8825 
Improve support of mbedtls_psa_get_random in client-only builds
 2024-03-10 20:06:27 +00:00
Ronald Cron
7e1f9f290f
Merge pull request #8854 from ronald-cron-arm/tls13-srv-max-early-data-size 
TLS 1.3: Enforce max_early_data_size on server
 2024-03-09 00:16:07 +00:00
Gilles Peskine
71cc260563
Merge pull request #8728 from minosgalanakis/features/add_mbedtls_x509_crt_get_ca_istrue_accesor_6151 
[MBEDTLS_PRIVATE] Add mbedtls_x509_crt_get_ca_istrue() accesor
 2024-03-05 18:04:06 +00:00
Dave Rodgman
3c4166aef3
Merge pull request #8863 from minosgalanakis/feature/add_ecdh_context_5016 
[MBEDTLS_PRIVATE] Add a getter for the ECDH context->grp.id member.
 2024-03-05 16:58:13 +00:00
Minos Galanakis
87b4f6d86c x509: Reworded documentation bits. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-05 11:05:51 +00:00
Gilles Peskine
ddbe4ae901 Fix intended code blocks that were not suitably indented 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 18:30:09 +01:00
Gilles Peskine
fad79fcdd9 Merge remote-tracking branch 'development' into ecp-write-ext-3.6 
Conflicts:
* library/pk.c: mbedtls_pk_wrap_as_opaque() changed in the feature branch
  and was removed in the target branch.
 2024-03-04 08:52:08 +01:00
Minos Galanakis
2abbac74dc x509: Added mbedtls_x509_crt_get_ca_istrue() API accessor. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 02:22:01 +00:00
Manuel Pégourié-Gonnard
e33b349c90
Merge pull request #8864 from valeriosetti/issue8848 
Deprecate or remove mbedtls_pk_wrap_as_opaque
 2024-03-01 15:54:32 +00:00
Ronald Cron
19bfe0a631 tls13: Rename early_data_count to total_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
26a9811027 ssl: Add early_data_count field 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:03:51 +01:00
Valerio Setti
1a58e9a232 psa_util: change guard for mbedtls_psa_get_random() to CRYPTO_CLIENT 
This commit also:
- updates changelog
- add a stub function to be used in component_test_psa_crypto_client()
  test

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-29 16:14:29 +01:00
Ronald Cron
9b4e964c2c
Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data 
TLS 1.3: Add mbedtls_ssl_write_early_data() API
 2024-02-29 14:31:55 +00:00
Minos Galanakis
d753738fc0 echd: Added mbedtls_ecdh_get_grp_id getter. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-02-29 13:31:34 +00:00
Gilles Peskine
b395e74edd mbedtls_ecp_write_key_ext(): make key const 
Having a non-const `key` parameter was anotherf defect of
mbedtls_ecp_write_key(). Take this opportunity to fix it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-28 14:18:28 +01:00
Gilles Peskine
04ae479b04 mbedtls_ecp_write_key_ext: document error for no private key set 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-28 13:19:42 +01:00
Gilles Peskine
c0f7a8680f mbedtls_ecp_write_key(): deprecate the old function 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-28 13:19:42 +01:00
Gilles Peskine
acdc52e154 mbedtls_ecp_write_key_ext(): recommend over the old function in documentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-28 13:19:42 +01:00
Gilles Peskine
e3fb4ccabf mbedtls_ecp_write_key_ext(): new function 
Same as mbedtls_ecp_write_key(), but doesn't require the caller to figure out
the length of the output and possibly distinguish between Weierstrass and
Montgomery curves.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-28 13:19:42 +01:00
Manuel Pégourié-Gonnard
7f523bf9eb
Merge pull request #8845 from gilles-peskine-arm/ecp-write-doc-3.6 
Document ECP write functions
 2024-02-28 11:04:38 +00:00
Valerio Setti
88ae0ef286 pk: completely remove mbedtls_pk_wrap_as_opaque 
Remove instead of deprecating it.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-27 13:49:42 +01:00
Manuel Pégourié-Gonnard
5b5faf0898
Merge pull request #8844 from davidhorstmann-arm/restore-x509-functions-to-public 
Restore some X509 functions to public headers
 2024-02-27 10:55:16 +00:00
Valerio Setti
4c6cea549c pk: deprecate mbedtls_pk_wrap_as_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-27 10:51:03 +01:00
David Horstmann
ef950ccb1d Un-unrestore mbedtls_x509_string_to_names() 
Re-restore mbedtls_x509_string_to_names() to public as our example
programs use it, and it is the reverse of mbedtls_x509_dn_gets().

Add a docstring, so that it is a properly documented public function.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-26 13:59:43 +00:00
Valerio Setti
a53e7a5cb5 psa: let mbedtls_psa_get_random() always use psa_generate_random() 
It means that mbedtls_psa_get_random() goes through the PSA interface
all the times. Fallbacks to CTR_DRBG or HMAC_DRBG are still possible,
but that depends on how the crypto provider is built.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-26 12:03:59 +01:00
Tom Cosgrove
817772a6ca
Merge pull request #8716 from mschulz-at-hilscher/feature/gcm_largetable 
Use large GCM tables
 2024-02-23 16:25:38 +00:00
Ronald Cron
8f1de7e029 tls13: Improve documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-22 12:02:39 +01:00
Ronald Cron
d4069247b8 Improve comments/documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-21 17:37:26 +01:00
Gilles Peskine
0aab69d2eb
Merge pull request #8807 from gilles-peskine-arm/pk_import_into_psa-implement_import 
Implement mbedtls_pk_import_into_psa
 2024-02-21 15:45:17 +00:00
Janos Follath
6bd5cae3e6 Fix MBEDTLS_MPI_WINDOW_SIZE documentation 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-02-21 11:27:31 +00:00
Gilles Peskine
dd49c739f0 Merge remote-tracking branch 'development' into pk_import_into_psa-implement_import 
Conflicts:
* tests/suites/test_suite_pk.function: consecutive changes to the
  depends_on line of pk_sign_verify and its argument list.
 2024-02-21 12:10:40 +01:00
David Horstmann
946491360b Unrestore mbedtls_x509_string_to_names() 
This function should be internal, being exposed only via functions like
mbedtls_x509write_crt_set_subject_name().

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-21 10:35:33 +00:00
Manuel Pégourié-Gonnard
0ecb5fd6f5
Merge pull request #8574 from ronald-cron-arm/ssl-tickets 
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
 2024-02-21 09:38:46 +00:00
Manuel Pégourié-Gonnard
fc3f980f0f
Merge pull request #8826 from valeriosetti/issue8824 
RSA keys set to PSS/OAEP padding perform PKCS1v1.5 when MBEDTLS_USE_PSA_CRYPTO is enabled
 2024-02-20 14:08:41 +00:00
Manuel Pégourié-Gonnard
a7f651cf16
Merge pull request #8804 from valeriosetti/issue8799 
mbedtls_rsa_parse_key and mbedtls_rsa_parse_pubkey accept trailing garbage
 2024-02-20 11:58:52 +00:00
Janos Follath
028a38b7cb
Merge pull request #8661 from BensonLiou/use_init_api 
use mbedtls_ssl_session_init() to init session variable
 2024-02-19 15:49:34 +00:00
Valerio Setti
85e568c76d pk: fix documentation for RSA sign/verify and encrypt/decrypt 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-19 15:45:00 +01:00
Gilles Peskine
7511d4aed7 ECP write/export key: document that these functions don't detect unset data 
Fixes #8803.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-19 13:56:39 +01:00
Gilles Peskine
1c7ff7ea53 mbedtls_ecp_write_key: document and test smaller output buffer 
Document and test the current behavior, even if it is weird:

* For Weierstrass keys, the error is MBEDTLS_ERR_MPI_BUFFER_TOO_SMALL,
  not MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL.
* For Weierstrass keys, a smaller output buffer is ok if the output fits.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-19 13:49:45 +01:00
Gilles Peskine
a395bdd066 mbedtls_ecp_write_key: document and test larger output buffer 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-19 13:30:31 +01:00
Gilles Peskine
5bb04e03ac mbedtls_ecp_write_key: no FEATURE_UNAVAILABLE error 
When exporting a key, MBEDTLS_ERR_ECP_FEATURE_UNAVAILABLE should not happen.
This error indicates that the curve is not supported, but that would prevent
the creation of the key.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-19 13:24:41 +01:00
David Horstmann
762f9f9cbb Restore X509 functions erroneously made private 
Restore the following functions to public headers:
* mbedtls_x509_dn_get_next()
* mbedtls_x509_serial_gets()
* mbedtls_x509_time_cmp()
* mbedtls_x509_time_gmtime()
* mbedtls_x509_time_is_past()
* mbedtls_x509_time_is_future()
* mbedtls_x509_parse_subject_alt_name()
* mbedtls_x509_free_subject_alt_name()

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-19 11:07:50 +00:00
Manuel Pégourié-Gonnard
d93e640882
Merge pull request #8797 from adeaarm/check_config_look_for_crypto_client 
Make check_config aware of MBEDTLS_PSA_CRYPTO_CLIENT
 2024-02-19 08:14:34 +00:00
Valerio Setti
4cc6522a85 pem: do not parse ASN1 data after decryption (removes ASN1 dependency) 
Now that we have padding verification after decryption and since
this can be used to validate the password as well there is no
need to parse ASN1 content any more, so we can simplify/remove
that dependency.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-16 15:26:12 +01:00
Valerio Setti
90ea4fd201 pk: fix documentation for sign/verify and encrypt/decrypt 
Remove exception warnings about PKCS1v1.5, since now both padding
formats are treated properly no matter if USE_PSA_CRYPTO is
defined or not.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-16 15:19:19 +01:00
Ronald Cron
d6d32b9210 tls13: Improve declaration and doc of early data status 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-15 17:19:14 +01:00