yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
23444 commits 89 branches 205 tags 114 MiB
Commit graph

5645 commits

Author SHA1 Message Date
Paul Elliott fe9e77ff7a Better formatting of include guard comments 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 84329464d5 Replace allocated hash buffer with array 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott c9774411d4 Ensure that operation is put into error state if error occurs 
If an error occurs, calling any function on the same operation should return
PSA_ERROR_BAD_STATE, and we were not honouring that for all errors. Add extra
failure tests to try and ratify this.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott f9c91a7fb5 Store the hash, rather than the pointer 
For sign and verify, the pointer passed in to the hash is not guaranteed to
remain valid inbetween calls, thus we need to store the hash in the
operation. Added a test to ensure this is the case.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 1bc59df92c Rename curve_bytes to coordinate_bytes 
Also remove unneeded instance from verify operation struct.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott ab7c5c8550 Change incorrect define for MAX_OPS_UNLIMITED 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 4ca521fcdb Remove obsolete comments 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 4684525ae9 Remove unrequired mpis from sign operation struct 
These are only used at the output stage.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott a3a8abadff Fix operation initialisers if no algorithms defined 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 1b49ef5384 Fix abort documentation. 
Make it clear that these functions reset the number of ops, and remove
statements that say they have no effect.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 90a91f041c Ensure structs are not empty even if ECDSA not supported 
Also make previous changes apply to both interruptible sign hash operation
structures rather than just the one as it was.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 749dec54ef Clean up structure include guards 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 3225f19803 Fix ecdsa.h documentation error 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 296ede99c9 Fix issues with get_{sign/verify}_num_ops 
Move to accumulate ops in context rather than attempting to read straight out
of structures due to structure ops getting reset per operation, and also
issues with _abort clearing internal data. Fix usage of size_t in structures

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 588f8ed498 Add internal implementation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 2ba002cc2f Make ECDSA restartable sign and verify functions public 
Make public the versions of ECSDA sign and verify which return raw signatures
rather than returning ASN.1 encoded signatures, in order to use them for the
internal implemention of psa_sign/verify_hash_interruptible.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 23:34:29 +00:00
Paul Elliott 2d247923e5 Initial empty driver wrapper implementation 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 12:13:17 +00:00
Paul Elliott 1265f00494 First draft of PSA interruptible ECC signing design 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-02-15 12:13:17 +00:00
Gilles Peskine c5e2a4fe67
Merge pull request #6937 from valeriosetti/issue6886 
Add test for PK parsing of keys using compressed points
 2023-02-14 19:54:29 +01:00
Manuel Pégourié-Gonnard d3d8c852a0
Merge pull request #6997 from valeriosetti/issue6858 
driver-only ECDSA: get testing parity in X.509
 2023-02-13 15:30:06 +01:00
Valerio Setti 178b5bdddf pk: move MBEDTLS_PK_CAN_ECDSA_SOME macro to pk.h and fix tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-13 11:15:06 +01:00
Valerio Setti 78f79d323d ecp: add documentation for compressed points limitations 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-10 16:32:58 +01:00
Gilles Peskine 928593f732
Merge pull request #7041 from gilles-peskine-arm/pk_ext-pss_options-public 
Make the fields of mbedtls_pk_rsassa_pss_options public
 2023-02-10 15:08:06 +01:00
Gilles Peskine b009559c8f
Merge pull request #7049 from KloolK/typos 
Fix typos
 2023-02-10 15:07:07 +01:00
Dave Rodgman a22749e749
Merge pull request #6816 from nick-child-ibm/pkcs7_coverage 
Pkcs7 coverage
 2023-02-10 12:55:29 +00:00
Ronald Cron 834e65d47f
Merge pull request #6499 from xkqian/tls13_write_end_of_early_data 
Tls13 write end of early data
 2023-02-10 11:08:22 +01:00
Xiaokang Qian ea28a78384 Revert new field and check ciphersuite match when resume by exist info_id 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 33ff868dca Fix various errors 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian f10f474981 Check server selected cipher suite indicating a Hash associated with the PSK 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 592021aceb Add CCS after client hello in case of early data and comp mode 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian 5b410075cf Remove useless comments about handshake messages for TLS13 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:46:48 +00:00
Xiaokang Qian 125afcb060 Add end-of-early-data write 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:43:58 +00:00
Nick Child 3dafc6c3b3 pkcs7: Drop support for signature in contentInfo of signed data 
The contentInfo field of PKCS7 Signed Data structures can
optionally contain the content of the signature. Per RFC 2315
it can also contain any of the PKCS7 data types. Add test and
comments making it clear that the current implementation
only supports the DATA content type and the data must be empty.

Return codes should be clear whether content was invalid or
unsupported.
Identification and fix provided by:
 - Demi Marie Obenour <demiobenour@gmail.com>
 - Dave Rodgman <dave.rodgman@arm.com>

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-02-07 20:04:52 +00:00
Valerio Setti 0568decc0c ecdsa: add comment for ecdsa_context 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Valerio Setti cf084ae256 pk: add generic defines for ECDSA capabilities 
The idea is to state what are ECDSA capabilities independently from how
this is achieved

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 08:02:23 +01:00
Jan Bruckner 1aabe5c4d7 Fix typos 
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-02-06 12:54:53 +01:00
Gilles Peskine 10ada35019
Merge pull request #7022 from daverodgman/3DES-warning 
Improve warnings for DES/3DES
 2023-02-03 16:41:34 +01:00
Gilles Peskine 0cfb08ddf1
Merge pull request #6922 from mprse/csr_v3 
Parsing v3 extensions from a CSR - v.2
 2023-02-03 16:41:11 +01:00
Gilles Peskine 34c43a871f Make the fields of mbedtls_pk_rsassa_pss_options public 
This makes it possible to verify RSA PSS signatures with the pk module,
which was inadvertently broken since Mbed TLS 3.0. Fixes #7040.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-02 23:06:37 +01:00
Dave Rodgman fdbfaafc2f Additional warnings in cipher.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-02 13:44:31 +00:00
Dave Rodgman 23caf02c5b Update warnings in cipher.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-02 13:17:34 +00:00
Dave Rodgman c04515b83c Improve warnings for DES/3DES 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-02-02 10:47:58 +00:00
Nick Child 77bc726972 pkcs7: Fix typo in comment 
Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-01-30 16:46:10 +00:00
Nick Child ec81709516 pkcs7: Ensure all data in asn1 structure is accounted for 
Several PKCS7 invalid ASN1 Tests were failing due to extra
data bytes or incorrect content lengths going unnoticed. Make
the parser aware of possible malformed ASN1 data.

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-01-30 16:44:58 +00:00
Manuel Pégourié-Gonnard aae61257d1
Merge pull request #6883 from valeriosetti/issue6843 
Improve X.509 cert writing serial number management
 2023-01-30 13:08:57 +01:00
Valerio Setti 9b5e1da8f8 fixing a typo in comment 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-27 11:29:35 +01:00
Manuel Pégourié-Gonnard 169d9e6eb4
Merge pull request #6802 from gilles-peskine-arm/test_suite_psa_crypto_metadata-20221215 
Add metadata tests for CCM* and TLS1.2-ECJPAKE-to-PMS
 2023-01-27 10:05:00 +01:00
Valerio Setti af4815c6a4 x509: replace/fix name of new function for setting serial 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-01-26 17:43:09 +01:00
Przemek Stekiel cf6ff0fb43 Move common functions for crt/csr parsing to x509.c 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:57:19 +01:00
Przemek Stekiel 21c37288e5 Adapt function names 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-01-24 10:57:19 +01:00