polarssl

mirror of https://github.com/cuberite/polarssl.git synced 2025-10-06 20:13:59 -04:00

Author	SHA1	Message	Date
Dave Rodgman	05b80a4eee	Merge pull request #6201 from gilles-peskine-arm/tls13_only-renegotiation Disable MBEDTLS_SSL_RENEGOTIATION in TLS-1.3-only builds	2023-03-03 09:56:51 +00:00
Gilles Peskine	6def41b146	Merge pull request #6932 from yuhaoth/pr/fix-arm64-host-build-and-illegal_instrucion-fail Replace CPU modifier check with file scope target cpu modifiers	2023-03-02 15:36:41 +01:00
Gilles Peskine	7d3186d18a	Disable MBEDTLS_SSL_RENEGOTIATION in tls13-only configuration There's no renegotiation in TLS 1.3, so this option should have no effect. Insist on having it disabled, to avoid the risk of accidentally having different behavior in TLS 1.3 if the option is enabled (as happened in https://github.com/Mbed-TLS/mbedtls/issues/6200). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-03-01 19:47:23 +01:00
Gilles Peskine	7e677fa2c5	Merge pull request #6389 from gilles-peskine-arm/ecdsa-use-psa-without-pkwrite Remove pkwrite dependency in pk using PSA for ECDSA	2023-02-28 18:17:16 +01:00
Gilles Peskine	b52b788e55	Merge pull request #6895 from yuhaoth/pr/add-aes-with-armv8-crypto-extension Add AES with armv8 crypto extension	2023-02-28 18:16:37 +01:00
Jerry Yu	608e1093de	Improve comment about conflicts between aesce and sha512-crypto Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-28 12:50:00 +08:00
Dave Rodgman	dd4427cc5b	Merge pull request #7169 from AndrzejKurek/mpi-window-size Reduce the default MBEDTLS_ECP_WINDOW_SIZE value from 6 to 2	2023-02-27 17:12:38 +00:00
Paul Elliott	ac2251dad1	Merge pull request #7076 from mprse/parse_RFC822_name Add parsing of x509 RFC822 name + test	2023-02-27 14:16:13 +00:00
Andrzej Kurek	86f30ff626	Reduce the default MBEDTLS_ECP_WINDOW_SIZE value to 2 As tested in https://github.com/Mbed-TLS/mbedtls/issues/6790, after introducing side-channel counter-measures to bignum, the performance of RSA decryption in correlation to the MBEDTLS_ECP_WINDOW_SIZE has changed. The default value of 2 has been chosen as it provides best or close-to-best results for tests on Cortex-M4 and Intel i7. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-24 07:51:21 -05:00
Jerry Yu	c66deda4c5	Add explanation for aesce limitation Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-24 11:42:07 +08:00
Janos Follath	406b9172ad	Merge pull request #7044 from minosgalanakis/bignum/6342_add_named_moduli_setup Bignum: Add named moduli setup	2023-02-22 12:14:33 +00:00
Gilles Peskine	250a5ac4cb	Merge pull request #7095 from paul-elliott-arm/interruptible_sign_hash_codestyle Implement PSA interruptible sign/verify hash	2023-02-21 15:13:34 +01:00
Dave Rodgman	e42cedf256	Merge pull request #7077 from daverodgman/pkcs7-fixes-dm-rebased Pkcs7 fixes	2023-02-21 11:53:30 +00:00
Jerry Yu	330e6ae111	Add document about runtime detection of AESCE Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-21 15:16:20 +08:00
Jerry Yu	c8bcdc8b91	fix various issues - Improve some function names - Improve comments - improve readability Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-21 15:16:20 +08:00
Przemek Stekiel	ecee12f04f	Add parsing of SAN: rfc822Name Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-02-20 15:09:50 +01:00
Minos Galanakis	a30afe2216	ecp_curves: Minor refactoring. This patch introduces the following changes: * Documentation for `mbedtls_ecp_modulus_setup()` moved to `ecp_invasive.h`. * Added invalid modulus selector `MBEDTLS_ECP_MOD_NONE`. * Adjusted negative tests to use invalid selectors. * Reworded documentation. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-02-20 13:53:06 +00:00
Minos Galanakis	d2ca802329	ecp_curves: Added `mbedtls_ecp_modulus_setup()`. This patch introduces a new static method, responsible for automatically initialising an modulus structure, based on the curve id and a modulus type selector. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2023-02-20 13:49:46 +00:00
Manuel Pégourié-Gonnard	718eb4f190	Merge pull request #7025 from AndrzejKurek/uri_san Add the uniformResourceIdentifier subtype for the subjectAltName	2023-02-20 11:29:59 +01:00
Paul Elliott	5686533ba2	Add warning to mbedtls_ecp_set_max_ops() Using PSA interruptible interfaces will cause previously set values to be overwritten. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-16 12:15:39 +00:00
Andrzej Kurek	81b0b89a34	Clarify comments on subjectAltName types Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-16 06:55:10 -05:00
Jerry Yu	f7dccb303b	Remove limitation for sha256/512 arm64 accelerator Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-16 17:56:33 +08:00
Jerry Yu	751e76bb04	Replace `crypto engine` with `crypto extension` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-16 10:48:15 +08:00
Paul Elliott	3225f19803	Fix ecdsa.h documentation error Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Paul Elliott	2ba002cc2f	Make ECDSA restartable sign and verify functions public Make public the versions of ECSDA sign and verify which return raw signatures rather than returning ASN.1 encoded signatures, in order to use them for the internal implemention of psa_sign/verify_hash_interruptible. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-02-15 23:34:29 +00:00
Jerry Yu	35f2b26fd8	move cpu modifier flags check to source file Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-15 11:58:48 +08:00
Gilles Peskine	c5e2a4fe67	Merge pull request #6937 from valeriosetti/issue6886 Add test for PK parsing of keys using compressed points	2023-02-14 19:54:29 +01:00
Andrzej Kurek	50836c4dfb	Fix a comment in x509_crt.h Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-13 10:21:14 -05:00
Andrzej Kurek	7a05fab716	Added the uniformResourceIdentifier subtype for the subjectAltName. Co-authored-by: Hannes Tschofenig <hannes.tschofenig@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-02-13 10:03:07 -05:00
Manuel Pégourié-Gonnard	d3d8c852a0	Merge pull request #6997 from valeriosetti/issue6858 driver-only ECDSA: get testing parity in X.509	2023-02-13 15:30:06 +01:00
Valerio Setti	178b5bdddf	pk: move MBEDTLS_PK_CAN_ECDSA_SOME macro to pk.h and fix tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-13 11:15:06 +01:00
Valerio Setti	78f79d323d	ecp: add documentation for compressed points limitations Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-10 16:32:58 +01:00
Gilles Peskine	928593f732	Merge pull request #7041 from gilles-peskine-arm/pk_ext-pss_options-public Make the fields of mbedtls_pk_rsassa_pss_options public	2023-02-10 15:08:06 +01:00
Gilles Peskine	b009559c8f	Merge pull request #7049 from KloolK/typos Fix typos	2023-02-10 15:07:07 +01:00
Demi Marie Obenour	6cfc469296	pkcs7: reject signatures with internal data A CMS signature can have internal data, but mbedTLS does not support verifying such signatures. Reject them during parsing. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-02-10 12:56:10 +00:00
Demi Marie Obenour	e373a254c4	pkcs7: do not store content type OIDs They will always be constant. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>	2023-02-10 12:56:10 +00:00
Demi Marie Obenour	aaf3c0028d	pkcs7: do not store content type OID Since only one content type (signed data) is supported, storing the content type just wastes memory. Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>	2023-02-10 12:56:10 +00:00
Dave Rodgman	a22749e749	Merge pull request #6816 from nick-child-ibm/pkcs7_coverage Pkcs7 coverage	2023-02-10 12:55:29 +00:00
Ronald Cron	834e65d47f	Merge pull request #6499 from xkqian/tls13_write_end_of_early_data Tls13 write end of early data	2023-02-10 11:08:22 +01:00
Valerio Setti	d0b83e1fc7	build_info: fix PK's requirements for RSA_C Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:39:10 +01:00
Valerio Setti	1337a4f334	pk_wrap: use specific lengths for EC's private key and key-pair Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-02-08 13:39:10 +01:00
Gilles Peskine	bbccdd485c	pk no longer needs pk_write for ECDSA with MBEDTLS_USE_PSA_CRYPTO The dependency is still useful for RSA, for which PSA encodes keys with an ASN.1 structure. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-02-08 13:39:10 +01:00
Xiaokang Qian	ea28a78384	Revert new field and check ciphersuite match when resume by exist info_id Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	33ff868dca	Fix various errors Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	f10f474981	Check server selected cipher suite indicating a Hash associated with the PSK Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	592021aceb	Add CCS after client hello in case of early data and comp mode Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:47 +00:00
Xiaokang Qian	5b410075cf	Remove useless comments about handshake messages for TLS13 Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:46:48 +00:00
Xiaokang Qian	125afcb060	Add end-of-early-data write Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:43:58 +00:00
Nick Child	3dafc6c3b3	pkcs7: Drop support for signature in contentInfo of signed data The contentInfo field of PKCS7 Signed Data structures can optionally contain the content of the signature. Per RFC 2315 it can also contain any of the PKCS7 data types. Add test and comments making it clear that the current implementation only supports the DATA content type and the data must be empty. Return codes should be clear whether content was invalid or unsupported. Identification and fix provided by: - Demi Marie Obenour <demiobenour@gmail.com> - Dave Rodgman <dave.rodgman@arm.com> Signed-off-by: Nick Child <nick.child@ibm.com>	2023-02-07 20:04:52 +00:00
Jerry Yu	b3b85ddf4a	Disable macro conflict check It cause full configuration test fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-02-07 17:11:54 +08:00

1 2 3 4 5 ...

3448 Commits