yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
28997 commits 89 branches 205 tags 114 MiB
Commit graph

6611 commits

Author SHA1 Message Date
Ronald Cron 7fdee8b710 ssl_session: Reorder some fields to reduce padding 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-09 09:26:12 +01:00
Ronald Cron 3c0072b58e ssl_ticket.c: Base ticket age check on the ticket creation time 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 10:29:51 +01:00
Ronald Cron d1c106c787 Define ticket creation time in TLS 1.2 case as well 
The purpose of this change is to eventually base
the calculation in ssl_ticket.c of the ticket age
when parsing a ticket on the ticket creation time
both in TLS 1.2 and TLS 1.3 case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Ronald Cron 17ef8dfddb ssl_session: Define unconditionally the endpoint field 
The endpoint field is needed to serialize/deserialize
a session in TLS 1.2 the same way it is needed in the
TLS 1.3 case: client specific fields that should not
be in the serialized version on server side if both
TLS client and server are enabled in the TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Ronald Cron ba5165e09a ssl_ticket.c: Fix ticket lifetime enforcement 
Take into account that the lifetime of
tickets can be changed through the
mbedtls_ssl_ticket_rotate() API.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:15 +01:00
Ronald Cron d1100b0b45 Disable ticket module when useless 
Disable ticket module if either the TLS
server or the support for session tickets
is not enabled at build time as in that
case the ticket module is not used by the
TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:50:31 +01:00
Tom Cosgrove bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile 
TLS: remove RSA signature algorithms in `suite B` profile
 2024-01-12 14:34:28 +00:00
Tom Cosgrove f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext 
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
 2024-01-12 13:39:15 +00:00
Manuel Pégourié-Gonnard eeb96ac9fe
Merge pull request #8433 from yuhaoth/pr/add-deprecated-flag-for-sig_hashes-api 
Add deprecated flag in document for sig_hashes
 2024-01-11 09:33:10 +00:00
Waleed Elmelegy 09561a7575 Add MBEDTLS_SSL_RECORD_SIZE_LIMIT to config_adjust_ssl.h 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Tom Cosgrove 3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit 
Comply with the received Record Size Limit extension
 2024-01-09 15:22:17 +00:00
Manuel Pégourié-Gonnard 454ab28be5
Merge pull request #8668 from gilles-peskine-arm/asymmetric_key_data-secpr1 
Fix incorrect test data for SECP_R1 in automatically generated tests
 2024-01-09 09:21:14 +00:00
Valerio Setti d5cab81405 mbedtls_config: update documentation for CIPHER_C and CRYPTO_C 
Adding auto-enablement sections.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-09 07:23:33 +01:00
Valerio Setti 9772642b8c adjust_legacy_crypto: auto-enable CIPHER_C when any builtin cipher is enabled in PSA 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-09 07:23:33 +01:00
Valerio Setti 1aaffec7cf Revert "check_config: add check for PSA builtin unauthenticated ciphers" 
This reverts commit d5d99e800a0d648e976a28819ab8709daabcab9b.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-08 16:57:18 +01:00
Valerio Setti c95ab2a1a0 mbedtls_config: extend documentation for MBEDTLS_PSA_CRYPTO_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-08 16:57:18 +01:00
Valerio Setti 95c32973f9 check_config: add check for PSA builtin unauthenticated ciphers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-08 16:57:18 +01:00
Manuel Pégourié-Gonnard 4aad0ff510
Merge pull request #8632 from valeriosetti/issue8598 
[G5] Make block_cipher work with PSA
 2024-01-08 08:07:53 +00:00
Manuel Pégourié-Gonnard 5bad043c06
Merge pull request #8641 from valeriosetti/issue8358 
G3-G4 wrap-up
 2024-01-04 10:48:00 +00:00
Gilles Peskine 44d557c52d Indicate which curves Mbed TLS supports 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-03 20:59:38 +01:00
Gilles Peskine 6e2069661e Note unusual curve size 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-03 20:59:03 +01:00
Gilles Peskine 2a22dac694 Fix typo in curve name 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-01-03 20:58:55 +01:00
Dave Rodgman 1cc90a1003
Merge pull request #8517 from mschulz-at-hilscher/fixes/issue-6910 
Fixes redundant declarations for psa_set_key_domain_parameters
 2024-01-02 16:34:40 +00:00
Valerio Setti 6315441be7 adjust_legacy_from_psa: relax condition for legacy block cipher auto-enabling 
CCM/GCM can be either fully accelerated or rely on just the key type
being accelerated. This means that ultimately it is just the key
type which determines if the legacy block cipher modes need to
be auto-enabled or not.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-02 17:21:01 +01:00
Valerio Setti e581e140cc oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C 
This commit also updates test_suite_pkparse.data file adding
MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-29 16:35:58 +01:00
Valerio Setti 1994e72e18 check_config/block_cipher: minor improvements 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-28 18:33:04 +01:00
Valerio Setti e98ad5931a mbedls_config: update documentation for MBEDTLS_PKCS[5/12]_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-28 10:42:12 +01:00
Valerio Setti 6d3a68162c check_config: remove CIPHER_C requirement for PKCS[5/12] 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-21 16:40:03 +01:00
Valerio Setti a69e872001 pkcs[5/12]: add CIPHER_C for [en/de]crypting functions 
This commit also updates corresponding test suites.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-21 16:39:04 +01:00
Waleed Elmelegy 049cd302ed Refactor record size limit extension handling 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-20 17:28:31 +00:00
Tomi Fontanilles 851d8df58d fix/work around dependency issues when !MBEDTLS_ECP_C 
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
 2023-12-20 13:09:27 +02:00
Tomi Fontanilles bad170e159 pk: remove last references to MBEDTLS_PSA_CRYPTO_C 
They are replaced by MBEDTLS_USE_PSA_CRYPTO.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00
Tomi Fontanilles 8174662b64 pk: implement non-PSA mbedtls_pk_sign_ext() 
This makes the function always available with its
its implementation depending on MBEDTLS_USE_PSA_CRYPTO.

Related dependencies and tests are updated as well.

Fixes #7583.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00
Tomi Fontanilles a70b3c24f6 rsa: minor comment/guard improvements 
This brings some improvements to comments/
function prototypes that relate to PKCS#1.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00
Valerio Setti 689c0f71cb tests: use new CCM/GCM capability macros in tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-20 09:54:18 +01:00
Valerio Setti bfa675fe48 adjust_legacy_crypto: add macros for CCM/GCM capabilities with key types 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-20 09:52:08 +01:00
Gilles Peskine 1a9e05bf08 Note that domain parameters are not supported with drivers 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-19 12:23:22 +01:00
Gilles Peskine 5ad9539363 Remove DSA and DH domain parameters from the documentation 
Mbed TLS doesn't support DSA at all, and doesn't support domain parameters
for FFDH (only predefined groups).

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-19 12:22:46 +01:00
Gilles Peskine 9deb54900e Document the domain_parameters_size==SIZE_MAX hack 
It was introduced in https://github.com/Mbed-TLS/mbedtls/pull/8616 but not
documented.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-18 21:01:18 +01:00
Bence Szépkúti a085fa8ccf
Merge pull request #8627 from tom-cosgrove-arm/ip_len 
Avoid use of `ip_len` as it clashes with a macro in AIX system headers
 2023-12-18 02:03:17 +00:00
Valerio Setti 4ff405cf80 block_cipher: remove psa_key_type from mbedtls_block_cipher_context_t 
This information was redundant with the already existing mbedtls_block_cipher_id_t.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-15 16:10:52 +01:00
Valerio Setti bd7528a592 ccm/gcm: use BLOCK_CIPHER whenever possible 
Prefer BLOCK_CIPHER instead of CIPHER_C whenever it's enabled.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti 4a5d57d225 adjust_legacy_crypto: enable BLOCK_CIPHER also when a driver is available 
As a consequence BLOCK_CIPHER will be enabled when:
- CIPHER_C is not defined
- a proper driver is present for one of AES, ARIA and/or Camellia key types

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti 2684e3f2e3 config_adjust_legacy_crypto: fix typo 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti 291571b447 block_cipher: add MBEDTLS_PRIVATE to new PSA fields in mbedtls_block_cipher_context_t 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti 849a1abfdd block_cipher: remove useless use of psa_cipher_operation_t 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti 4bc7fac99a crypto_builtin_composites: add missing guards for includes 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti c0f9bbca2c check_config: use new helpers for legacy GCM_C/CCM_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti 8bba087fe1 adjust_legacy_crypto: add helpers for block ciphers capabilities 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00
Valerio Setti c1db99d3f5 block_cipher: add PSA dispatch if possible 
"if possible" means:
- PSA has been initialized
- requested key type is available in PSA

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-14 18:08:14 +01:00