yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2026-01-06 08:40:14 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
24793 commits 89 branches 205 tags 114 MiB
Commit graph

5920 commits

Author SHA1 Message Date
Waleed Elmelegy 708d78f80b Improve & test legacy mbedtls_pkcs5_pbe2 
* Prevent pkcs5_pbe2 encryption when PKCS7 padding has been
  disabled since this not part of the specs.
* Allow decryption when PKCS7 padding is disabled for legacy
  reasons, However, invalid padding is not checked.
* Add tests to check these scenarios. Test data has been
  reused but with changing padding data in last block to
  check for valid/invalid padding.
* Document new behaviour, known limitations and possible
  security concerns.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-07-19 14:01:35 +01:00
Gilles Peskine c453e2e7e8 Officially deprecate MBEDTLS_CIPHER_BLKSIZE_MAX 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
Gilles Peskine 9e930e2887 Rename MBEDTLS_CIPHER_BLKSIZE_MAX internally 
Replace all occurrences of MBEDTLS_CIPHER_BLKSIZE_MAX by the new name with
the same semantics MBEDTLS_CMAC_MAX_BLOCK_SIZE, except when defining or
testing the old name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
Gilles Peskine 7282a9e1a0 Replacement for MBEDTLS_CIPHER_BLKSIZE_MAX 
Prepare to rename this constant by MBEDTLS_CMAC_MAX_BLOCK_SIZE. The old name
was misleading since it looked like it covered all cipher support, not just
CMAC support, but CMAC doesn't support Camellia or ARIA so the two are
different.

This commit introduces the new constant. Subsequent commits will replace
internal uses of MBEDTLS_CIPHER_BLKSIZE_MAX and deprecate it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
Gilles Peskine 16bb83cb57 Explicitly document that Camellia and ARIA aren't supported 
In particular, this explains why the definition of
MBEDTLS_CIPHER_BLKSIZE_MAX is correct.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
Valerio Setti 92da2a79aa pk: improve description for the next opaque ID field 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-05 12:31:23 +02:00
Valerio Setti 4f387ef277 pk: use better naming for the new key ID field 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-05 10:59:32 +02:00
Valerio Setti e00954d0ed pk: store opaque key ID directly in the pk_context structure 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-05 10:57:26 +02:00
Jethro Beekman 0167244be4 Read and write X25519 and X448 private keys 
Signed-off-by: Jethro Beekman <jethro@fortanix.com>
Co-authored-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
Signed-off-by: Gijs Kwakkel <gijs.kwakkel@fortanix.com>
 2023-05-04 13:01:47 +02:00
Gilles Peskine d3ca5e5897
Merge pull request #7328 from mprse/ec-jpake-fix1 
Fix the JPAKE driver interface for user+peer
 2023-05-02 20:42:25 +02:00
Manuel Pégourié-Gonnard 8e076e4132
Merge pull request #6915 from aditya-deshpande-arm/example-driver-post-codestyle 
Document (with examples) how to integrate a third-party driver with Mbed TLS
 2023-05-02 12:13:42 +02:00
Manuel Pégourié-Gonnard f317df98ea
Merge pull request #7461 from valeriosetti/issue7460-part1 
Fixing USE_PSA_INIT/DONE in SSL/X509/PK test suites
 2023-05-02 10:44:13 +02:00
Aditya Deshpande f100f00679 Add warnings to documentation stating that p256-m code may be out of date with upstream, plus other minor grammatical fixes. 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-04-28 17:54:15 +01:00
Aditya Deshpande bac592d53e Remove rand() from p256_generate_random() and move to an implementation based on mbedtls_ctr_drbg 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-04-28 17:54:15 +01:00
Aditya Deshpande e41f7e457f Integrate p256-m as an example driver alongside Mbed TLS and write documentation for the example. 
(Reapplying changes as one commit on top of development post codestyle change instead of rewriting old branch)

Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-04-28 17:54:09 +01:00
Dave Rodgman 98062a7c5d
Merge pull request #7316 from yuhaoth/pr/Add-msvc-support-for-aesce-module 
Add msvc support for AESCE
 2023-04-26 21:27:08 +01:00
Jerry Yu a1a039dba6 Improve minimum compiler versions document 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-26 10:21:42 +08:00
Przemek Stekiel aede2ad554 Optimize code (pake role type, freeing buffers) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-25 14:30:34 +02:00
Przemek Stekiel 6e628a4e7b Add undfined role for ec j-pake 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-25 13:11:36 +02:00
Jerry Yu f015a93f98 Add msvc version document 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-25 10:38:03 +08:00
valerio cf35d774fe doc: update USE_PSA_CRYPTO description 
Signed-off-by: valerio <valerio.setti@nordicsemi.no>
 2023-04-24 13:47:18 +02:00
Gilles Peskine 935a987b2b
Merge pull request #7436 from AndrzejKurek/x509-verify-san-ip 
x509 SAN IP parsing
 2023-04-21 22:00:58 +02:00
Jerry Yu a7d454cec2 Remove unnecessary check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-04-20 10:32:38 +08:00
Paul Elliott 4359badbb2
Merge pull request #7331 from mprse/ec-jpake-fix2 
PSA PAKE: Check input_length against PSA_PAKE_INPUT_SIZE() in psa_pake_input
 2023-04-17 16:31:09 +01:00
Ronald Cron f54762e498
Merge pull request #7415 from Harshal5/fix/declaration_of_mbedtls_ecdsa_sign_det_restartable_function 
ecdsa: fix `-missing-prototypes` warning when `MBEDTLS_ECDSA_SIGN_ALT` is defined
 2023-04-17 15:41:25 +02:00
Przemek Stekiel 7921a03425 Add claryfication for PSA_PAKE_INPUT/OUTPUT_MAX_SIZE macros 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-04-17 12:32:06 +02:00
harshal.patil 8c77644906 ecdsa: fix -missing-prototypes warning when MBEDTLS_ECDSA_SIGN_ALT is defined 
- In `mbedtls/v3.4.0`, ECDSA restartable sign and verify functions (`ecdsa.c`) were made public.
- But the `mbedtls_ecdsa_sign_det_restartable` function prototype was declared in the file `ecdsa.h`,
  only when `MBEDTLS_ECDSA_SIGN_ALT` is not defined.

Signed-off-by: harshal.patil <harshal.patil@espressif.com>
 2023-04-17 12:53:00 +05:30
Manuel Pégourié-Gonnard ed5998cd7d
Merge pull request #7422 from valeriosetti/remove-psa-have-full-symbols 
Remove PSA_HAVE_FULL_xxx symbols
 2023-04-17 09:19:00 +02:00
Stephan Koch 48fba6fbac Fix so that PSA_WANT_ALG_DETERMINISTIC_ECDSA implies PSA_HAVE_FULL_ECDSA. 
Signed-off-by: Stephan Koch <koch@oberon.ch>
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-14 13:41:10 +02:00
Glenn Strauss c26bd76020 x509 crt verify SAN iPAddress 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-04-11 08:29:42 -04:00
Valerio Setti 6b006c126b remove KEY_TYPE_ECC_PUBLIC_KEY unnecessary requirement 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 12:02:19 +02:00
Valerio Setti 6c496a1553 solve disparities for ECP_LIGHT between ref/accel 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Valerio Setti 151bdf9668 build_info: fixed comment 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Valerio Setti d4a5d461de library: add remaining changes for the new ECP_LIGHT symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Valerio Setti 0d2980f117 pk: adapt to new ECP_LIGHT symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Valerio Setti fd122f4e95 ecp: introduce new ECP_LIGHT symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Valerio Setti 969e206e28 remove PSA_HAVE_FULL_JPAKE symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 10:55:25 +02:00
Valerio Setti 6f66664ed6 remove PSA_HAVE_FULL_ECDSA symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 10:54:22 +02:00
Valerio Setti 48859cc7d8 remove PSA_HAVE_FULL_ECDH symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 10:50:47 +02:00
Gilles Peskine 7c1c7ce90e
Merge pull request #7401 from AndrzejKurek/md-guards-missing 
Add missing md.h includes
 2023-04-11 09:32:17 +02:00
Gilles Peskine c9e8a65d06
Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api 
ssl_cache: misc improvements
 2023-04-11 09:30:40 +02:00
Pengyu Lv 723ac268e7 ssh_cache: Add back description of other errors for cache getter 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-11 09:19:08 +08:00
Pengyu Lv e3746d7ce6 ssl_cache: Error renaming and document improvement 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-10 14:40:03 +08:00
Ronald Cron b828c7d3de Fix, improve and add comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron 8a12aeec93 tls: Initialize SSL context tls_version in mbedtls_ssl_setup() 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Andrzej Kurek 1b75e5f784 Add missing md.h includes 
MBEDTLS_MD_CAN_SHAXXX are defined there.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-04 09:55:06 -04:00
Ronald Cron 219f978097
Merge pull request #7059 from ronald-cron-arm/psa-crypto-misc 
PSA cryptography miscellaneous
 2023-04-04 10:54:03 +02:00
Manuel Pégourié-Gonnard 86d5d4bf31
Merge pull request #7103 from valeriosetti/issue6622 
Some MAX_SIZE macros are too small when PSA ECC is accelerated
 2023-04-03 16:23:27 +02:00
Dave Rodgman dd48c6e3df
Merge pull request #7385 from daverodgman/timing_alignment 
Fix cast alignment warning in timing.c
 2023-03-31 19:48:34 +01:00
Dave Rodgman 33b2210065 Fix cast alignment warning in timing.c 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-31 15:50:54 +01:00