mbedtls

Author	SHA1	Message	Date
Andrzej Kurek	299b1d6c93	Remove unnecessary `psa/crypto.h` include This is now included in `legacy_or_psa.h`. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-23 05:42:33 -04:00
Andrzej Kurek	cccb044804	Style & formatting fixes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-23 05:26:02 -04:00
Andrzej Kurek	7e16ce3a72	Clarify TLS 1.2 dependencies with and without PSA crypto Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	8c95ac4500	Add missing dependencies / alternatives A number of places lacked the necessary dependencies on one of the used features: MD, key exchange with certificate, entropy, or ETM. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	25f271557b	Update SHA and MD5 dependencies in the SSL module The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO is defined and respective SHA / MD5 defines are missing. A new set of macros added in #6065 is used to reflect these dependencies. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	0ce592169e	Use hash_info_get_size in ssl_tls12_client This way the code does not rely on the MBEDTLS_MD_C define Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	a242e83b21	Rename the sha384 checksum context to reflect its purpose Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:02:04 -04:00
Gilles Peskine	e5018c97f9	Merge pull request #6195 from superna9999/6149-driver-only-hashes-ec-j-pake Driver-only hashes: EC J-PAKE	2022-08-22 17:28:15 +02:00
Gilles Peskine	20ebaac85e	Merge pull request #6211 from tom-cosgrove-arm/explicit-warning-re-ct-conditions-not-0-or-1 Be explicit about constant time bignum functions that must take a 0 or 1 condition value	2022-08-22 17:24:04 +02:00
Gilles Peskine	03f1c39ac7	Merge pull request #6171 from mprse/md_x509_test Driver-only hashes: X.509	2022-08-22 17:18:47 +02:00
Dave Rodgman	beb4fc0723	Merge pull request #6185 from leorosen/tls12_server_null_on_missing_key ssl_tls12_server: fix potential NULL-dereferencing if local certifica…	2022-08-19 20:22:59 +01:00
Neil Armstrong	ecaba1c9b2	Make use of PSA crypto hash if MBEDTLS_MD_C isn't defined Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-19 11:49:22 +02:00
Neil Armstrong	0d76341eac	Remove md_info by md_type in ecjpake context, use mbedtls_hash_info_get_size() to get hash length Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-19 11:49:22 +02:00
Przemek Stekiel	bc3906c58f	pem_pbkdf1(): optimize psa version Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:36:57 +02:00
Przemek Stekiel	bf01c64e9d	oid.c: unify dependencies (VIA_MD_OR_PSA->VIA_LOWLEVEL_OR_PSA) * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing reference -> drivers * x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	4146525ce9	Fix compilation guard (comment) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	0cd6f08e6f	pem.c: fix style issues (redundant spaces) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	d23a4efe2c	pem.c: remove redundant compilation guard If MBEDTLS_MD5_C is not defined MBEDTLS_USE_PSA_CRYPTO must be defined due to PEM_RFC1421. * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing reference -> drivers * x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	c410ccc528	Include psa/crypto.h in legacy_or_psa.h It is needed for PSA_WANT_ALG_xxxx symbols * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing reference -> drivers * x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	4092ff9ba9	pem.c: add internal macro to increase code readability * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing reference -> drivers * x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	829e97d029	Fix include order Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	76b753bbb7	Change the dependencies in pem.c to xxx_BASED_ON_USE_PSA and related files This is done to be able to bild test_psa_crypto_config_accel_hash component where MD5 is only available accelerated (PSA_WANT_ALG_MD5 is enabled and MBEDTLS_MD5_C is disabled) but MBEDTLS_USE_PSA_CRYPTO is disabled. So the build should not attempt to enable pem_pbkdf1. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	81799fd9d8	pem.c, test_suite_pem: fix dependency MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA->MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing reference -> drivers * x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	be92bee58a	pem.c: Fix conditional compilation flags Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	a68d08f7d1	pem.c: adjust for bulid without md Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	de81028f00	Adjust dependencies in library/oid.c * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	fd18366965	Adjust declared dependencies in library/x509* * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Ronald Cron	f3f6b0a5c3	Merge pull request #6123 from yuhaoth/pr/finialize-tls13-serialize_session_save_load TLS 1.3:finalize tls13 serialize session save and load	2022-08-19 08:16:05 +02:00
Leonid Rozenboim	70dfd4c8ac	ssl_tls12_server: fix potential NULL-dereferencing if local certificate was not set. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-08-18 14:39:37 -07:00
Tom Cosgrove	583816caaf	Be explicit about constant time bignum functions that must take a 0 or 1 condition value Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-18 14:09:18 +01:00
Dave Rodgman	92cd8642fa	Merge pull request #6090 from hanno-arm/fix_bnmul_arm_v7a Remove encoding width suffix from Arm bignum assembly	2022-08-18 08:48:03 +01:00
Jerry Yu	e28d9745a1	fix coding style issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-18 15:44:03 +08:00
Jerry Yu	3419107e8d	Add checks for ticket and resumption_key fields From RFC 8446 and the definition of session, we should check the length. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-18 11:28:41 +08:00
Jerry Yu	e36fdd676c	Change signature of tls13_session_save Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-17 21:50:25 +08:00
Dave Rodgman	a7448bf19d	Merge pull request #6141 from mpg/driver-hashes-rsa-v21 Driver hashes rsa v21	2022-08-16 09:52:39 +01:00
Dave Rodgman	7b1be55484	Merge pull request #5993 from eliteraspberries/android-soname Allow non-versioned library soname.	2022-08-12 13:49:55 +01:00
Mansour Moufid	6a8673092f	Allow non-versioned library soname. Signed-off-by: Mansour Moufid <mansourmoufid@gmail.com>	2022-08-12 11:02:01 +01:00
Przemek Stekiel	71bf28bb34	Fix include file path Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Przemek Stekiel	f98b57f231	Initialize status/ret to error value Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Przemek Stekiel	2aae040615	make ret_from_status() global function and move it to has_info.[ch] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Przemek Stekiel	712bb9c5af	Use more suitable function for checking if hash is supported Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard	79b99f47a1	Fix definition of MD_OR_PSA macros The code will make the decision based on availability of MD, not of MD+this_hash. The later would only be possible at runtime (the hash isn't known until then, that's the whole point of MD), so we'd need to have both MD-based and PSA-based code paths in a single build, which would have a very negative impact on code size. So, instead, we choose based on the presence of MD, which is know at compile time, so we only have one of the two code paths in each build. Adjust the macros so that they match the logic of the code using them. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard	077ba8489d	PKCS#1 v2.1 now builds with PSA if no MD_C Test coverage not there yet, as the entire test_suite_pkcs1_v21 is skipped so far - dependencies to be adjusted in a future commit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	faa3b4e0c3	Get rid of md_info outside helper functions Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	35c09e4824	Introduce compute_hash() function This allows callers not to worry with md_info and makes it easier to provide a PSA version for when MD_C is not available. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	f701acc088	Extract common code into hash_mprime() This will also make it easier to provide a PSA-based version for when MD is not available. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	f3a6755450	Simplify callers of mgf_mask() Some of them no longer need md_ctx, some of those no longer need the exit dance that was used to free it, or need it on a smaller scope. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	259c213545	Tune API of internal function mgf_mask in RSA This is a first step towards making a version of this function that uses PSA when MD is not available. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Dave Rodgman	8a9f88899d	Merge pull request #6186 from leorosen/ssl_tls_null_on_invalid_code ssl_tls: avoid the appearance of a potential NULL dereferencing	2022-08-11 10:12:34 +01:00
Leonid Rozenboim	e9d8dcdbf5	ssl_tls: avoid the appearance of a potential NULL dereferencing Looking at the bigger picture it is clear that if `ssl->session` is NULL, there will be a failure much earlier, and that is well protected from, however, the practice of dereferencing a pointer which has not been verified in prior for validity goes against secure coding practices. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-08-09 12:34:30 -07:00

1 2 3 4 5 ...

9192 commits