espressif/mbedtls
1
0
Fork 0
mirror of https://github.com/espressif/mbedtls.git synced 2025-07-16 05:30:48 +08:00
Code Issues Packages Projects Releases Wiki Activity
28,197 Commits 34 Branches 164 Tags
Commit Graph

12318 Commits

Author SHA1 Message Date
Dave Rodgman
3e5cc175e0 Reduce code size in mbedtls_cipher_validate_values 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 18:00:01 +00:00
Dave Rodgman
6d2c1b3748 Restructure mbedtls_cipher_validate_values 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 18:00:01 +00:00
Dave Rodgman
fb24a8425a Introduce MBEDTLS_ASSUME 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 17:59:56 +00:00
Pengyu Lv
dbd1e0d986 tls13: add helpers to check if psk[_ephemeral] allowed by ticket 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-31 10:17:17 +08:00
Pengyu Lv
29daf4a36b tls13: server: fully check ticket_flags with available kex mode. 
We need to fully check if the provided session ticket could be
used in the handshake, so that we wouldn't cause handshake
failure in some cases. Here we bring f8e50a9 back.

Example scenario:
A client proposes to a server, that supports only the psk_ephemeral
key exchange mode, two tickets, the first one is allowed only for
pure PSK key exchange mode and the second one is psk_ephemeral only.
We need to select the second tickets instead of the first one whose
ticket_flags forbid psk_ephemeral and thus cause a handshake
failure.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-31 09:34:14 +08:00
Dave Rodgman
b06d701f56
Merge pull request #8406 from beni-sandu/aesni 
AES-NI: use target attributes for x86 32-bit intrinsics
 2023-10-30 17:01:06 +00:00
Tom Cosgrove
3857bad9a2
Merge pull request #8427 from tom-cosgrove-arm/fix-linux-builds-in-conda-forge 
Fix builds in conda-forge, which doesn't have CLOCK_BOOTTIME
 2023-10-30 15:29:26 +00:00
Valerio Setti
467271dede ssl_misc: ignore ALG_CBC_PKCS7 for MBEDTLS_SSL_HAVE_xxx_CBC 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-30 11:40:32 +01:00
Valerio Setti
1ebb6cd68d ssl_misc: add internal MBEDTLS_SSL_HAVE_[AES/ARIA/CAMELLIA]_CBC symbols 
These are used in tests to determine whether there is support for
one of those keys for CBC mode.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-30 11:36:32 +01:00
Pengyu Lv
cfb23b8090 tls13: server: parse pre_shared_key only when some psk is selectable 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-30 15:26:26 +08:00
Beniamin Sandu
800f2b7c02 AES-NI: use target attributes for x86 32-bit intrinsics 
This way we build with 32-bit gcc/clang out of the box.
We also fallback to assembly for 64-bit clang-cl if needed cpu
flags are not provided, instead of throwing an error.

Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
 2023-10-27 17:02:22 +01:00
Valerio Setti
36fe8b9f4b psa_crypto_cipher: add guard for unused variable 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-27 09:13:33 +02:00
Valerio Setti
1e21f26d88 psa_crypto_cipher: add helper to validate PSA cipher values 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-27 09:13:33 +02:00
Valerio Setti
4a249828a8 psa_crypto_cipher: add mbedtls_cipher_values_from_psa() 
This commit splits mbedtls_cipher_info_from_psa() in 2 parts:

- mbedtls_cipher_values_from_psa() that performs parameters' validation and
  return cipher's values

- mbedtls_cipher_info_from_psa() which then use those values to return
  the proper cipher_info pointer. Of course this depends on CIPHER_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-27 09:12:06 +02:00
Valerio Setti
2c2adedd82 psa_crypto_aead: add guard for CIPHER_C dependency 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-27 09:12:06 +02:00
Jerry Yu
71c14f1db6 write early data indication in EE msg 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-27 10:52:49 +08:00
Jerry Yu
985c967a14 tls13: add more checks for server early data 
- check if it is enabled
- check if it is psk mode
- check if it is resumption
- check if it is tls13 version

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-27 10:52:27 +08:00
Bence Szépkúti
51328162e6
Merge pull request #8374 from sergio-nsk/sergio-nsk/8372/2 
Fix compiling AESNI in Mbed-TLS with clang on Windows
 2023-10-26 21:21:01 +00:00
Dave Rodgman
2db1e354e3
Merge pull request #8408 from daverodgman/iar-fix-aes 
Fix MBEDTLS_MAYBE_UNUSED for IAR
 2023-10-26 15:53:11 +00:00
Gilles Peskine
b3d0ed2e6e
Merge pull request #8303 from valeriosetti/issue6316 
Add test component with all ciphers and AEADs accelerated only
 2023-10-26 15:53:10 +00:00
Tom Cosgrove
257f6dd57d Fix builds in conda-forge, which doesn't have CLOCK_BOOTTIME 
Fixes #8422

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-10-26 14:04:34 +01:00
Ronald Cron
95b735530c
Merge pull request #6719 from yuhaoth/pr/tls13-early-data-add-early-data-of-client-hello 
TLS 1.3: EarlyData SRV: Add early data extension parser.
 2023-10-26 08:31:53 +00:00
Valerio Setti
bbc46b4cc2 cipher: improve code readibility in mbedtls_cipher_setup() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-26 09:00:21 +02:00
Dave Rodgman
d1c4fb07ee Support older IAR versions 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-25 15:07:35 +01:00
Valerio Setti
79a02de79f cipher: check that ctx_alloc_func is not NULL before calling it 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-25 12:03:36 +02:00
Valerio Setti
a6c0761c43 cipher_wrap: fix guards for GCM/CCM AES 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-25 12:03:36 +02:00
Valerio Setti
e86677d0c3 pkparse: fix missing guards for pkcs5/12 functions 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-25 12:03:36 +02:00
Dave Rodgman
d69d3cda34
Merge pull request #8298 from daverodgman/sha-armce-thumb2 
Support SHA256 acceleration on Armv8 thumb2 and arm
 2023-10-24 21:23:15 +00:00
Dave Rodgman
f842868dd9 Fix MBEDTLS_MAYBE_UNUSED for IAR 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-24 14:18:38 +01:00
Pengyu Lv
7b711710b2 Add check_ticket_flags helper function 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-24 17:07:14 +08:00
Dave Rodgman
514590210b Merge remote-tracking branch 'origin/development' into sha-armce-thumb2 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-23 15:35:07 +01:00
Dave Rodgman
66d5512571 Remove dependency on asm/hwcap.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-23 15:12:32 +01:00
Dave Rodgman
bcb810252c
Merge pull request #8363 from daverodgman/iar-fixes-2 
Stop IAR warning about goto skipping variable definition
 2023-10-23 14:59:15 +01:00
Tom Cosgrove
235e361b6c
Merge pull request #8339 from lpy4105/issue/support-cpuid-for-win32 
Support cpuid for win32
 2023-10-23 10:43:39 +00:00
Manuel Pégourié-Gonnard
2bf0870e25
Merge pull request #7861 from mpg/cleanup-pk-parse 
cleanup PK parse - part 1
 2023-10-23 08:49:16 +00:00
Matthias Schulz
edc32eaf1a Uncrustified 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-10-19 16:09:08 +02:00
Sergey Markelov
3898f10fed Fix #8372 - Error compiling AESNI in Mbed-TLS with clang on Windows 
It can successfully compile w/ the clang options -maes -mpclmul.

Signed-off-by: Sergey Markelov <sergey@solidstatenetworks.com>
 2023-10-18 20:24:39 -07:00
Gilles Peskine
6407f8fc54
Merge pull request #8322 from valeriosetti/issue8257 
Improve location of MD_CAN macros
 2023-10-18 14:31:28 +00:00
Matthias Schulz
ab4082290e Added parameters to add callback function to handle unsupported extensions. Similar to how the callback functions work when parsing certificates. Also added new test cases. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-10-18 13:20:59 +02:00
Gilles Peskine
f6f4695824
Merge pull request #8320 from valeriosetti/issue8263 
Fix dependencies of mbedtls_pk_ec_ro and mbedtls_pk_ec_rw
 2023-10-18 10:03:46 +00:00
Pengyu Lv
ed5e4e86a5 Merge branch 'development' into issue/6935/ticket_flags-kex-mode-determination 2023-10-18 18:03:07 +08:00
Jerry Yu
b47b2990d6 fix various issues 
- fix wrong typo
- remove redundant check
- remove psk mode tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-18 15:50:35 +08:00
Manuel Pégourié-Gonnard
c6d633ffbc
Merge pull request #8297 from valeriosetti/issue8064 
Change accel_aead component to full config
 2023-10-18 07:15:59 +00:00
Matthias Schulz
873a202d18 Now handling critical extensions similarly to how its done in x509_get_crt_ext just without the callback function to handle unknown extensions. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-10-17 16:02:20 +02:00
Matthias Schulz
cc923f307e Added missing like between variables and function body. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-10-17 12:36:56 +02:00
Matthias Schulz
adb3cc4d43 Fixes #8377. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-10-17 11:57:10 +02:00
Valerio Setti
2f00b7a5da cipher: reset MBEDTLS_CIPHER_HAVE_AEAD to MBEDTLS_CIPHER_MODE_AEAD 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-17 11:43:34 +02:00
Manuel Pégourié-Gonnard
745ec5d75e Fix static initializer warning 
In a hypothetical build with no curves, or in the future when we add a
new curve type and possibly forget updating this function with a new
block for the new type, we write to `ret` at the beginning or the
function then immediately overwrite it with MPI_CHK(check_privkey),
which static analyzers understandably find questionable.

Use `ret` here and check the key only if it was actually set.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-17 10:13:45 +02:00
Dave Rodgman
2fde39a22c
Merge pull request #8283 from daverodgman/more-aes-checks 
More AES guards testing and some fixes
 2023-10-16 18:22:51 +00:00
Valerio Setti
9fc1f24331 md: restore md.h includes in source files directly using its elements 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-16 14:39:38 +02:00