cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-13 07:35:18 -04:00
Code Issues Packages Projects Releases Wiki Activity
28,046 Commits 7 Branches 115 Tags
Commit Graph

28046 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Przemek Stekiel
a05e9c1ec8 Fix selection of default FFDH group 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-15 17:07:16 +02:00
Przemek Stekiel
8c0a95374f Adapt remaining guards to FFDH 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-15 17:07:10 +02:00
Przemek Stekiel
ce05f54283 Properly disable ECDH in only (psk) ephemeral ffdh key exchange components 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-15 16:44:08 +02:00
Andrzej Kurek
c6beb3a741 Rename NUL to null in x509 IP parsing description 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-15 09:54:37 -04:00
David Horstmann
ff4b6a8d18 Reword changelog entry 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-06-15 14:08:19 +01:00
Gilles Peskine
0fe0c0cf10
Merge pull request #7775 from daverodgman/version_features_codesize 
Shorten encoding of version features
 2023-06-15 14:56:00 +02:00
Dave Rodgman
7c5e567813
Merge pull request #7778 from daverodgman/p256-m-copyright 2023-06-15 13:37:00 +01:00
Dave Rodgman
2e7d57270e
Merge pull request #7624 from daverodgman/aes-perf 
AES perf improvements
 2023-06-15 12:10:06 +01:00
Tom Cosgrove
6edf8b8c7b
Merge pull request #7451 from yanrayw/7376_aes_128bit_only 
Introduce config option of 128-bit key only in AES calculation
 2023-06-15 10:35:32 +01:00
Dave Rodgman
9866df96c6 Add copyright (as agreed with Manuel) 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-15 10:11:49 +01:00
Manuel Pégourié-Gonnard
8d645dcd77 Fix unintentional config reduction in prev commit 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-15 09:07:10 +02:00
Kusumit Ghoderao
d07761c19c add return statement 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-15 12:11:15 +05:30
Yanray Wang
55ef22c2cb mbedtls_config.h: add description for CTR_DRBG about AES-128 only 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-06-15 10:05:27 +08:00
Dave Rodgman
28a97acb3c code style 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-14 20:15:15 +01:00
Dave Rodgman
b28d1c3484 fix check-names failure 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-14 20:06:43 +01:00
Przemek Stekiel
a53dca125e Limit number ffdh test cases (ffdhe2048, ffdhe8192) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-14 20:53:09 +02:00
Paul Elliott
bed9ac7b2d Optimise final 2 rounds 
Final two rounds logic could be significantly simplified.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-14 19:20:33 +01:00
Dave Rodgman
d05e7f1ab3 Do not use NEON for AES-CBC on aarch64 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-14 18:58:48 +01:00
Gilles Peskine
f75903503b
Merge pull request #7770 from valeriosetti/issue7341 
gcc 11.3 fails when compiling ecjpake drivers
 2023-06-14 19:22:46 +02:00
Gilles Peskine
f22983bd1c
Merge pull request #7411 from mprse/extract-key-ids-test 
Improve tests for parsing x509 SubjectKeyId and AuthorityKeyId
 2023-06-14 19:16:29 +02:00
Dave Rodgman
906c63cf35 Revert "improve cbc encrypt perf" 
This reverts commit f1e396c42724896b9d31ac727043da45a35d5e26.

Performance is slightly better with this reverted, especially
for AES-CBC 192.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-14 17:55:41 +01:00
Paul Elliott
b8f7305b02 Replace sizeof(mbedtls_mpi_uint) with ciL define 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-14 17:52:42 +01:00
Dave Rodgman
90dfc21f6b Shorten encoding of version features 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-06-14 17:06:53 +01:00
Gilles Peskine
6966141561 Changelog entry for the MBEDTLS_CIPHER_BLKSIZE_MAX deprecation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
Gilles Peskine
c453e2e7e8 Officially deprecate MBEDTLS_CIPHER_BLKSIZE_MAX 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
Gilles Peskine
9e930e2887 Rename MBEDTLS_CIPHER_BLKSIZE_MAX internally 
Replace all occurrences of MBEDTLS_CIPHER_BLKSIZE_MAX by the new name with
the same semantics MBEDTLS_CMAC_MAX_BLOCK_SIZE, except when defining or
testing the old name.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
Gilles Peskine
7282a9e1a0 Replacement for MBEDTLS_CIPHER_BLKSIZE_MAX 
Prepare to rename this constant by MBEDTLS_CMAC_MAX_BLOCK_SIZE. The old name
was misleading since it looked like it covered all cipher support, not just
CMAC support, but CMAC doesn't support Camellia or ARIA so the two are
different.

This commit introduces the new constant. Subsequent commits will replace
internal uses of MBEDTLS_CIPHER_BLKSIZE_MAX and deprecate it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
Gilles Peskine
16bb83cb57 Explicitly document that Camellia and ARIA aren't supported 
In particular, this explains why the definition of
MBEDTLS_CIPHER_BLKSIZE_MAX is correct.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
Gilles Peskine
9d1689bbbe Add not-supported test case for ARIA and for other Camellia key sizes 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
Gilles Peskine
4f4d4b2c40 Test consistency of cipher max-size macros 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-14 18:00:37 +02:00
Przemek Stekiel
b3eaf8c2ed Use predefined serial numer in certificates 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-14 14:25:21 +02:00
Andrzej Kurek
15ddda9ff8 Remove PSA_TO_MD_ERR from ssl_tls.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-14 07:37:46 -04:00
Kusumit Ghoderao
257ea00199 Use output block as U_accumulator 
Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>
 2023-06-14 15:55:11 +05:30
Manuel Pégourié-Gonnard
1cae90bf50 Update PSA_WANT spec for new KEY_PAIR scheme 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-14 12:19:13 +02:00
Przemek Stekiel
0c23147456 Disable MBEDTLS_DHM_C in component_test_tls13_only_psk 
For details see the following comment: https://github.com/Mbed-TLS/mbedtls/pull/7627#issuecomment-1590792002

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-14 11:12:45 +02:00
Yanray Wang
4292441a42 all.sh: use clang for one test of AES_ONLY_128_BIT_KEY_LENGTH 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-06-14 17:10:15 +08:00
Przemek Stekiel
422ab1f835 Add FFDH tests to ssl-opt 
Add FFDH support to the test case generator script: generate_tls13_compat_tests.py.
Add dependency for openssl as FFDH is supported from version 3.0.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-14 11:04:28 +02:00
Valerio Setti
6ff271e3e9 pake: fixed warning for casting between different types 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-14 10:26:51 +02:00
Paul Elliott
3646dc78bc Fix coding style issue 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-14 08:51:08 +01:00
SlugFiller
daa363b4d3
Add changelog entry 
Signed-off-by: SlugFiller <5435495+SlugFiller@users.noreply.github.com>
 2023-06-14 05:42:12 +03:00
Gilles Peskine
34a201774e More about whether to have the driver key id in the transaction list 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-13 21:11:43 +02:00
Gilles Peskine
009c06b973 Discuss the cost of a get_key_attributes entry point 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-06-13 21:11:43 +02:00
Paul Elliott
b727042501 Move corner test case into python framework 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-13 17:42:01 +01:00
Paul Elliott
436f2ad37c Three round solution 
Attempt to fix failing test by dealing with overflow with three rounds,
instead of previous subtract modulus solution. Also optimise out shifts
by using memcpy / memmove instead. Remove final sub to return canonical
result, as this is not required here.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-06-13 17:39:44 +01:00
Przemek Stekiel
ae3209c1e4 Add ffdh support yo generate_tls13_compat_tests.py 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-13 15:09:03 +02:00
Bence Szépkúti
b02f006685
Merge pull request #7750 from davidhorstmann-arm/build-docs-realfull 
Build the docs in realfull config
 2023-06-13 15:04:31 +02:00
Przemek Stekiel
7d42c0d0e5 Code cleanup #2 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-13 12:30:40 +02:00
Andrzej Kurek
a6033ac431 Add missing guards in tls 1.3 
Error translation is only used with these
defines on.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:47 -04:00
Andrzej Kurek
f1b659ed62 Move an include 
ARRAY_LENGTH macro was previously present
in macros.h, so move the include there.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:47 -04:00
Andrzej Kurek
1e4a030b00 Fix wrong array size calculation in error translation code 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:47 -04:00