mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2026-05-04 17:12:51 +02:00

Author	SHA1	Message	Date
Dave Rodgman	7e5b7f91ca	Fix error in ctr_drbg Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-16 17:28:25 +00:00
Dave Rodgman	b7778b2388	Fix ASAN error in test Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-16 16:27:34 +00:00
Bence Szépkúti	333ca8fdfc	Migrate to new RTD redirect format Migrate to the new redirect format introduced by ReadTheDocs in readthedocs/readthedocs.org#10881 Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2024-01-16 17:06:06 +01:00
Dave Rodgman	9f97566c04	Add Changelog Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-16 13:24:45 +00:00
Dave Rodgman	24ad1b59e8	Add NIST AES-CTR test vectors Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-16 13:24:45 +00:00
Dave Rodgman	4cc6fb9039	add test for multipart AES-CTR Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-16 13:24:45 +00:00
Valerio Setti	4860a6c7ac	test_suite_psa_crypto: revert known failing checks for [en\|de]cryption with opaque keys Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-15 16:30:12 +01:00
Valerio Setti	62b6f10f64	test_driver_asymmetric_encryption: implement opaque [en/de]cryption functions Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-15 16:30:07 +01:00
Valerio Setti	66a827fc83	test_driver_key_management: make opaque [un]wrapping functions public Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-15 15:00:52 +01:00
Dave Rodgman	46697da5b3	Make gcm counter increment more efficient Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-15 11:45:01 +00:00
Dave Rodgman	174eeff235	Save 14 bytes in CTR-DRBG Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-15 11:45:01 +00:00
Dave Rodgman	591ff05384	Use optimised counter increment in AES-CTR and CTR-DRBG Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-15 11:45:01 +00:00
Dave Rodgman	ae730348e9	Add tests for mbedtls_ctr_increment_counter Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-15 11:45:01 +00:00
Dave Rodgman	b49cf1019d	Introduce mbedtls_ctr_increment_counter Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-15 11:45:01 +00:00
Ryan Everett	1d32a57764	Revert change to psa_destroy_key documentation Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-15 11:27:58 +00:00
Ryan Everett	709120a9ce	Revert change to return behaviour in psa_reserve_free_key_slot This change was a mistake, we still need to wipe the pointers here. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-15 11:20:50 +00:00
Ryan Everett	dfe8bf86a8	Return CORRUPTION_DETECTED instead of BAD_SLOT when the slot's state is wrong These error codes are only returned if the program has been tampered with, so they should be CORRUPTION_DETECTED. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-15 11:20:50 +00:00
Ryan Everett	4755e6bda4	Relax psa_wipe_key_slot to allow states other than SLOT_PENDING_DELETION psa_wipe_key_slot can now be called on a slot in any state, if the slot's state is PSA_SLOT_FULL or PSA_SLOT_PENDING_DELETION then there must be exactly 1 registered reader. Remove the state changing calls that are no longer necessary. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-15 11:20:35 +00:00
Dave Rodgman	c4f984f2a5	Iterate in 16-byte chunks Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-15 11:20:19 +00:00
Valerio Setti	5bb454aace	psa_crypto: allow asymmetric encryption/decryption also with opaque keys Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-15 10:43:16 +01:00
Valerio Setti	f202c2968b	test_suite_psa_crypto: test asymmetric encryption/decryption also with opaque keys Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-15 10:42:37 +01:00
Ronald Cron	40a4ab0e0c	ssl_tls.c: Factorize save/load of endpoint and ciphersuite Move the save/load of session endpoint and ciphersuite that are common to TLS 1.2 and TLS 1.3 serialized data from the specialized ssl_{tls12,tls13}_session_{save,load} functions to ssl__session_{save,load}. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 10:29:58 +01:00
Ronald Cron	3c0072b58e	ssl_ticket.c: Base ticket age check on the ticket creation time Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 10:29:51 +01:00
Ronald Cron	c57f86e132	Add ticket creation time to TLS 1.2 session serialization Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:58:19 +01:00
Ronald Cron	d1c106c787	Define ticket creation time in TLS 1.2 case as well The purpose of this change is to eventually base the calculation in ssl_ticket.c of the ticket age when parsing a ticket on the ticket creation time both in TLS 1.2 and TLS 1.3 case. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:58:19 +01:00
Ronald Cron	feb577a949	Fix TLS 1.2 session serialization on server side Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:58:19 +01:00
Ronald Cron	7b1921ac57	Add endpoint in TLS 1.2 session serialization data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:58:19 +01:00
Ronald Cron	17ef8dfddb	ssl_session: Define unconditionally the endpoint field The endpoint field is needed to serialize/deserialize a session in TLS 1.2 the same way it is needed in the TLS 1.3 case: client specific fields that should not be in the serialized version on server side if both TLS client and server are enabled in the TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:58:19 +01:00
Ronald Cron	ba5165e09a	ssl_ticket.c: Fix ticket lifetime enforcement Take into account that the lifetime of tickets can be changed through the mbedtls_ssl_ticket_rotate() API. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:58:15 +01:00
Ronald Cron	e34f124ff1	ssl_ticket.c: Remove pedantic server endpoint check When calculating the ticket age, remove the check that the endpoint is a server. The module is supposed to be used only server side. Furthermore, if such check was necessary, it should be at the beginning of all ssl_ticket.c APIs. As there is no such protection in any API, just remove the check. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:56:40 +01:00
Ronald Cron	3c3e2e62f6	ssl_ticket.c: Remove TLS server guard The ticket module is removed from the build if the TLS server is not in the build now thus no need for the guard. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:54:29 +01:00
Ronald Cron	ce72763f78	ssl_ticket.c: Remove client code ssl_ticket.c is a server module. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:52:55 +01:00
Ronald Cron	d1100b0b45	Disable ticket module when useless Disable ticket module if either the TLS server or the support for session tickets is not enabled at build time as in that case the ticket module is not used by the TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:50:31 +01:00
Dave Rodgman	67223bb501	add support for AES-CTR to benchmark Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-01-12 18:33:57 +00:00
Tom Cosgrove	bc5d9165ae	Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile TLS: remove RSA signature algorithms in `suite B` profile	2024-01-12 14:34:28 +00:00
Tom Cosgrove	f1ba1933cf	Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext TLS1.3: SRV/CLI: add support for sending Record Size Limit extension	2024-01-12 13:39:15 +00:00
Waleed Elmelegy	f0ccf46713	Add minor cosmetic changes to record size limit changelog and comments Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-12 10:52:45 +00:00
Waleed Elmelegy	4b09dcd19c	Change renegotiation test to use G_NEXT_SRV Change renegotiation test to use G_NEXT_SRV to avoid problems when sending TLS 1.3 extensions since we exceed the extension limit in G_SRV. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-12 10:50:25 +00:00
Ryan Everett	86d5347930	Mention PK parse in changelog Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-12 10:31:31 +00:00
Ryan Everett	a90378c425	Restore previous version of rsa_pkcs8_pbes2_pbkdf2_2048_3des_sha384.pem Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-12 10:24:00 +00:00
BensonLiou	57cf55233e	Merge branch 'development' of https://github.com/Mbed-TLS/mbedtls into random_bye_on_hrr	2024-01-12 17:53:06 +08:00
BensonLiou	35178fe7ec	Do not generate new random number while receiving HRR Signed-off-by: BensonLiou <momo1208@gmail.com>	2024-01-12 17:52:31 +08:00
Kusumit Ghoderao	153586a3d5	change values to ULL Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2024-01-12 11:19:16 +05:30
Ryan Everett	d00a138075	Change test data for pkparse aes Test data generated using openSSL with: openssl pkcs8 -topk8 -v2 $ENC -v2prf hmacWithSHA384 -inform PEM -in $IN -outform PEM -out $OUT -passout "pass:PolarSSLTest" Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-11 17:23:15 +00:00
Paul Elliott	3519cfb3d8	Merge pull request #8639 from bensze01/release_components Set OpenSSL/GnuTLS variables when running release components	2024-01-11 15:38:35 +00:00
Ronald Cron	ae2213c307	Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function Harmonise the names and return values of check functions in TLS code	2024-01-11 13:51:39 +00:00
Ronald Cron	7c14afcaaa	Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check TLS1.3: SRV: check `min_tls_version` when parsing ClientHello	2024-01-11 13:34:09 +00:00
Waleed Elmelegy	85ddd43656	Improve record size limit changelog wording Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-11 11:07:57 +00:00
Manuel Pégourié-Gonnard	eeb96ac9fe	Merge pull request #8433 from yuhaoth/pr/add-deprecated-flag-for-sig_hashes-api Add deprecated flag in document for sig_hashes	2024-01-11 09:33:10 +00:00
Valerio Setti	19ec9e4f66	psa_crypto_ecp: remove support for secp224k1 Since this curve is not supported in PSA (and it will not ever be in the future), we save a few bytes. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-11 07:07:14 +01:00

... 18 19 20 21 22 ...

30100 Commits