Dave Rodgman
358c7d6eb0
Fix naming inconsistency
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 20:29:03 +00:00
Dave Rodgman
dd3103e9e7
Tidy up UNALIGNED_UINT32_T macro
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 19:42:13 +00:00
Dave Rodgman
e7cd137606
Define UNALIGNED_UINT32_PTR for unaligned access
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 19:14:26 +00:00
Dave Rodgman
a6778013b4
Tidy up UBSan detection
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 17:17:30 +00:00
Dave Rodgman
468df317bf
Fix MSVC support for inline keyword
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 16:56:35 +00:00
Dave Rodgman
1bab27f983
Prevent unaligned access under ASan builds
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 16:51:59 +00:00
Dave Rodgman
3c8eb7e990
Provide external definition of mbedtls_xor
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 14:50:03 +00:00
Dave Rodgman
63d114305f
Whitespace cleanup
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 14:03:30 +00:00
Dave Rodgman
f9a1c37bc8
Whitespace cleanup
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-23 14:02:00 +00:00
Dave Rodgman
fdd967ebdc
Detect support for unaligned memory access
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 18:55:17 +00:00
Dave Rodgman
c36a56e890
Use mbedtls_xor in TLS messaging layer
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:44 +00:00
Dave Rodgman
74b345f282
Use mbedtls_xor in PKCS #5
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:44 +00:00
Dave Rodgman
99a507ee55
Use mbedtls_xor in md
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:44 +00:00
Dave Rodgman
d22fb73e3e
Use mbedtls_xor in GCM
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:44 +00:00
Dave Rodgman
2e9db8e9bf
Use mbedtls_xor in DES
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:44 +00:00
Dave Rodgman
ffb5499988
Use mbedtls_xor in CTR_DRBG
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:44 +00:00
Dave Rodgman
8c0ff81ce7
Use mbedtls_xor in CMAC
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:44 +00:00
Dave Rodgman
c1d9022bab
Use mbedtls_xor in ChaCha20
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:43 +00:00
Dave Rodgman
0d3b55bca8
Use mbedtls_xor in ccm
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:43 +00:00
Dave Rodgman
d23399eb69
Use mbedtls_xor in Camellia
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:43 +00:00
Dave Rodgman
7bb6b84b29
Use mbedtls_xor in ARIA
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:43 +00:00
Dave Rodgman
a8cf607458
Use mbedtls_xor in AES
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 17:32:43 +00:00
Dave Rodgman
c3d8041fe7
Introduce mbedtls_xor
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-11-22 15:01:39 +00:00
Gilles Peskine
339406daf9
Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub
...
Fix undefined behavior in bignum: NULL+0 and -most-negative-sint
2022-11-21 19:51:58 +01:00
Dave Rodgman
9e1836cc16
Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs
...
Fix TLS1.2 signature algorithms list entry getting overwritten by length.
2022-11-21 10:09:57 +00:00
Andrzej Kurek
ec71b0937f
Introduce a test for single signature algorithm correctness
...
The value of the first sent signature algorithm is overwritten.
This test forces only a single algorithm to be sent and then
validates that the client received such algorithm.
04 03 is the expected value for SECP256R1_SHA256.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-11-17 14:58:14 +00:00
Paul Elliott
96a0fd951f
Fix signature algorithms list entry getting overwritten by length.
...
Fix bug whereby the supported signature algorithm list sent by the
server in the certificate request would not leave enough space for the
length to be written, and thus the first element would get overwritten,
leaving two random bytes in the last entry.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-11-17 14:58:14 +00:00
Ronald Cron
d12922a69a
Merge pull request #6486 from xkqian/tls13_add_early_data_indication
...
The merge job of the internal CI ran successfully. This is good to go.
2022-11-17 12:48:50 +01:00
Xiaokang Qian
0cc4320e16
Add EARLY_DATA guard to the early data extension in session ticket
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-16 08:43:50 +00:00
Gilles Peskine
ef7f4e47b1
Express abs(z) in a way that satisfies GCC and MSVC
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 23:25:27 +01:00
Gilles Peskine
af601f9751
Fix undefined behavior with the most negative mbedtls_mpi_sint
...
When x is the most negative value of a two's complement type,
`(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x`
has well-defined behavior and does what was intended.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 23:02:14 +01:00
Gilles Peskine
db14a9d180
Fix NULL+0 in addition 0 + 0
...
Fix undefined behavior (typically harmless in practice) of
mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() when
both operands are 0 and the left operand is represented with 0 limbs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 23:00:21 +01:00
Gilles Peskine
4a768dd17d
Fix negative zero created by (-A) + (+A) or (-A) - (-A)
...
In mbedtls_mpi_add_mpi() and mbedtls_mpi_sub_mpi(), and by extention
mbedtls_mpi_add_int() and mbedtls_mpi_sub_int(), when the resulting value
was zero, the sign bit of the result was incorrectly set to -1 when the
left-hand operand was negative. This is not a valid mbedtls_mpi
representation. Fix this: always set the sign to +1 when the result is 0.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 20:36:18 +01:00
Gilles Peskine
72ee1e3f3c
Unify mbedtls_mpi_add_mpi and mbedtls_mpi_sub_mpi
...
mbedtls_mpi_add_mpi() and mbedtls_mpi_sub_mpi() have the same logic, just
with one bit to flip in the sign calculation. Move the shared logic to a new
auxiliary function. This slightly reduces the code size (if the compiler
doesn't inline) and reduces the maintenance burden.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-15 20:30:09 +01:00
Xiaokang Qian
2cd5ce0c6b
Fix various issues cause rebase to latest code
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 10:33:53 +00:00
Janos Follath
4d0ea7f4cc
Merge pull request #6550 from minosgalanakis/minos/6017_add_montgomery_conversion
...
Bignum: Add Montgomery conversion from/to cannonical form
2022-11-14 11:12:13 +00:00
Xiaokang Qian
fe3483f9a1
Update early data doument and config dependencies
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
ae07cd995a
Change ticket_flag base on review
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
2d87a9eeb5
Pend one alert in case wrong EXT_EARLY_DATA length
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:22 +00:00
Xiaokang Qian
a042b8406d
Address some format issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:16:19 +00:00
Xiaokang Qian
f447e8a8d3
Address comments base on reviews
...
Improve early data indication check
Update test case to gnutls server
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:36 +00:00
Xiaokang Qian
a341225fd0
Change function name ssl_tls13_early_data_has_valid_ticket
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:05 +00:00
Xiaokang Qian
01323a46c6
Add session ticket related check when send early data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:05 +00:00
Xiaokang Qian
ecc2948f21
Fix format issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:05 +00:00
Xiaokang Qian
76332816c7
Define the EARLY_DATA_STATUS
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:05 +00:00
Xiaokang Qian
338f727683
Move EARLY_DATA_OFF/ON guard to ssl_misc.h
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:15:03 +00:00
Xiaokang Qian
b781a2323c
Move ssl_tls13_has_configured_ticket() back to tls13 client
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:51 +00:00
Xiaokang Qian
893ad81966
Remove useless early_secrets field
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:51 +00:00
Xiaokang Qian
911c0cc4f0
Fix format issues in comments
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:50 +00:00
Xiaokang Qian
0e97d4d16d
Add early data indication to client side
...
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:50 +00:00