Commit graph

9465 commits

Author SHA1 Message Date
Jerry Yu
3419107e8d Add checks for ticket and resumption_key fields
From RFC 8446 and the definition of session, we
should check the length.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-18 11:28:41 +08:00
Dave Rodgman
86c333e79e Add explicit cast to satisfy compiler
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-17 16:57:26 +01:00
Jerry Yu
e36fdd676c Change signature of tls13_session_save
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-17 21:50:25 +08:00
Dave Rodgman
392f714153 Fix type used for capturing TLS ticket generation time
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-17 12:38:24 +01:00
Dave Rodgman
a7448bf19d
Merge pull request #6141 from mpg/driver-hashes-rsa-v21
Driver hashes rsa v21
2022-08-16 09:52:39 +01:00
Janos Follath
cc93908b88 Bignum: Declare loop variable in loop head
In the new bignum files (bignum_core.c, bignum_mod_raw.c and
bignum_mod.c) the loop variables are declared in the loop head wherever
this change is beneficial.

There are loops where the loop variable is used after the end of the
loop (this might not be good practice, but that is out of scope for this
commit) and others where there are several loop variables and declaring
them there would hurt readability.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-15 12:08:49 +01:00
Janos Follath
620c58ced9 Bignum: make const placement consistent
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-15 11:58:42 +01:00
Janos Follath
ed5c8d3d1e Bignum: make modulus value const
The modulus value won't change during normal operations, make this clear
in the struct and the function signatures.

This won't prevent the caller from modifying the passed buffer, but
might give a hint and reinforces the message of the documentation.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-15 11:50:22 +01:00
Janos Follath
138f51c5c8 Fix alphabetic order in makefiles
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-15 11:38:30 +01:00
Gabor Mezei
fd65e82753
Rename structure elements
Use better names for structure elements and adopting the convention of
the other modules.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 18:09:12 +02:00
Gabor Mezei
c414ba3fc0
Simplify code
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 17:59:53 +02:00
Gabor Mezei
5a5c0c5f0a
Move the declaration of variables to their scope of usage
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 15:40:09 +02:00
Gabor Mezei
7f93264ab1
Change struct element order
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 15:37:27 +02:00
Gabor Mezei
89e31460db
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 15:36:56 +02:00
Dave Rodgman
7b1be55484
Merge pull request #5993 from eliteraspberries/android-soname
Allow non-versioned library soname.
2022-08-12 13:49:55 +01:00
Gabor Mezei
5f56df44f0
Remove redundant check
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 14:41:54 +02:00
Gabor Mezei
bf9da1dfb1
Do not read if output pointer is NULL
Skip reading if output pointer is NULL even if the length of the input buffer is 0.
The memory sanitizer will mark this as an error.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-12 14:11:56 +02:00
Mansour Moufid
6a8673092f Allow non-versioned library soname.
Signed-off-by: Mansour Moufid <mansourmoufid@gmail.com>
2022-08-12 11:02:01 +01:00
Janos Follath
6318468183 Improve bignum documentation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 17:42:59 +01:00
Janos Follath
a30b4e5692 Bignum: remove duplicate documentation from source
These functions have full documentation in the header. Maintaing two
copies does not worth the effort and having an out of sync reduced
duplicate is not helpful.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 17:15:18 +01:00
Janos Follath
2ab2d3e3e9 Inline mpi_core_clear()
This used to resize MPIs in the legacy interface, which is not
needed/possible as the new interface has fixed size MPIs.

Inlining this function makes the code easier to read and maintain, while
there is no obvious drawback to it.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 16:16:49 +01:00
Janos Follath
56a10f97ba Bignum: remove unnecessary NULL pointer checks
A null pointer dereference, or null pointer plus small offset, is a
clean runtime error in most environments. So it's not particularly
useful to protect against this.

While at it make a null pointer check that is actually necessary more
robust.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 15:19:00 +01:00
Janos Follath
296ea66442 Bignum: clean up use of enums
- Made use of enums in struct and function declaration
- All enums are handled by switch case now
- If the switch does nothing on default, omit the default case to make
  compiler warnings more powerful
- The two enums are now disjoint and the value 1 is skipped to make
  mistakes easier to detect

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-11 14:58:29 +01:00
Jerry Yu
5c28e7aa0e remove psk key when ephemeral selected
ephemeral is selected, `handshake->psk` must be removed.
Otherwise the encrypt key will be caculate fail.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
56acc9421c Write key_share base on key_exchange mode.
In ServerHello, write key share should base on key_exchange mode, not
base on configuration.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
f0bad2554a Continue check next psk key when binder mismatch
with matched identity and mismatch binder, should check next psk key.
Exit with error will break multi-psk cases.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
32e1370fbc Add config check for pre_shared_key parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
e95c8af266 Align ciphersuite with psk key
With OpenSSL and GnuTLS client, if the MAC of ciphersuite
does not match selected binder, client will reject connection.
This change is to select ciphersuite base on algo of psk binder.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
ccc68a466e change handshake psk key type for tls13
PSK key type of TLS1.3 must be HKDF_EXTRACT and the algo is
decided when create binder

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Ronald Cron
295d93ebe8 Add psk handshake with gnutls
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
40f3771e18 Add handshake psk export function.
Rename `ssl_tls13_get_psk` and export the
function.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Przemek Stekiel
71bf28bb34 Fix include file path
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Przemek Stekiel
f98b57f231 Initialize status/ret to error value
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Przemek Stekiel
2aae040615 make ret_from_status() global function and move it to has_info.[ch]
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Przemek Stekiel
712bb9c5af Use more suitable function for checking if hash is supported
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard
79b99f47a1 Fix definition of MD_OR_PSA macros
The code will make the decision based on availability of MD, not of
MD+this_hash. The later would only be possible at runtime (the hash
isn't known until then, that's the whole point of MD), so we'd need to
have both MD-based and PSA-based code paths in a single build, which
would have a very negative impact on code size. So, instead, we choose
based on the presence of MD, which is know at compile time, so we only
have one of the two code paths in each build.

Adjust the macros so that they match the logic of the code using them.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard
077ba8489d PKCS#1 v2.1 now builds with PSA if no MD_C
Test coverage not there yet, as the entire test_suite_pkcs1_v21 is
skipped so far - dependencies to be adjusted in a future commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
faa3b4e0c3 Get rid of md_info outside helper functions
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
35c09e4824 Introduce compute_hash() function
This allows callers not to worry with md_info and makes it easier to
provide a PSA version for when MD_C is not available.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
f701acc088 Extract common code into hash_mprime()
This will also make it easier to provide a PSA-based version for when MD
is not available.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
f3a6755450 Simplify callers of mgf_mask()
Some of them no longer need md_ctx, some of those no longer need the
exit dance that was used to free it, or need it on a smaller scope.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard
259c213545 Tune API of internal function mgf_mask in RSA
This is a first step towards making a version of this function that
uses PSA when MD is not available.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-08-11 12:47:02 +02:00
Dave Rodgman
8a9f88899d
Merge pull request #6186 from leorosen/ssl_tls_null_on_invalid_code
ssl_tls: avoid the appearance of a potential NULL dereferencing
2022-08-11 10:12:34 +01:00
kXuan
9ac6b28e27
ctr_drbg: remove mbedtls_aes_init call from mbedtls_ctr_drbg_seed
Since 11e9310 add mbedtls_aes_init call in mbedtls_ctr_drbg_init, it
should not init aes_ctx again in mbedtls_ctr_drbg_seed.

Signed-off-by: kXuan <kxuanobj@gmail.com>
2022-08-11 16:38:45 +08:00
Janos Follath
d0895708e2 Bignum: move internal constants to headers
Now that the check_names script allows it, we can do so.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-10 13:32:16 +01:00
kXuan
11e9310fd1
ctr_drbg: fix free uninitialized aes context
Application may enabled AES_ALT and define mbedtls_aes_context by its own.
The initial state of user-defined mbedtls_aes_context may not all byte zero.

In mbedtls_ctr_drbg_init, the code set all byte to zero, including the AES
context nested in the ctr_drbg context.

And in mbedtls_ctr_drbg_free, the code calls mbedtls_aes_free on an AES
context without calling mbedtls_aes_init.

If user-defined AES context requires an non-zero init, the mbedtls_aes_free
call in mbedtls_ctr_drbg_free is illegal.

This patch fix this issue by add mbedtls_aes_init in mbedtls_ctr_drbg_init.

So aes context will always be initialized to correct state.

Signed-off-by: kXuan <kxuanobj@gmail.com>
2022-08-10 16:43:28 +08:00
Leonid Rozenboim
e9d8dcdbf5 ssl_tls: avoid the appearance of a potential NULL dereferencing
Looking at the bigger picture it is clear that if `ssl->session` is NULL,
there will be a failure much earlier, and that is well protected from,
however, the practice of dereferencing a pointer which has not been
verified in prior for validity goes against secure coding practices.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-08-09 12:34:30 -07:00
Janos Follath
c47c0569d4 Remove VALIDATE macros from bignum_core.c
They are deprecated and are declared to be empty anyway.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-09 13:54:43 +01:00
Janos Follath
d1baedb786 Bignum: extract bignum_mod.h functions
Extract functions declared in bignum_mod.h into a source file with a
matching name.

We are doing this because:

- This is a general best practice/convention
- We hope that this will make resolving merge conflicts in the future
  easier
- Having them in a unified source file is a premature optimisation at
  this point

This makes library/bignum_new.c empty and therefore it is deleted.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-09 13:44:53 +01:00
Janos Follath
0ded631879 Bignum: extract bignum_mod_raw.h functions
Extract functions declared in bignum_mod_raw.h into a source file with a
matching name.

We are doing this because:

- This is a general best practice/convention
- We hope that this will make resolving merge conflicts in the future
  easier
- Having them in a unified source file is a premature optimisation at
  this point

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-09 13:34:54 +01:00
Janos Follath
3ca0775e59 Bignum: extract bignum_core.h functions
Extract functions declared in bignum_core.h into a source file with a
matching name.

We are doing this because:

- This is a general best practice/convention
- We hope that this will make resolving merge conflicts in the future
  easier
- Having them in a unified source file is a premature optimisation at
  this point

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-09 11:45:47 +01:00
Dave Rodgman
f421d45869
Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype
Fix build error due to  missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled
2022-08-09 11:27:42 +01:00
Dave Rodgman
953ce3962f
Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12
Add rsa pss rsae for tls12
2022-08-09 10:21:45 +01:00
Janos Follath
dae1147596 Improve Bignum documentation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-08 11:50:02 +01:00
Janos Follath
8ff0729dd7 Fix typos in Bignum documentation
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-08 08:39:52 +01:00
Gabor Mezei
6666914b76 Revert "Move Bignum macros to common header"
This reverts commit 62c5901f0a5061a8825e19c77f88c91fea235078.

Reverting commit due the macros are meant to be local and not following the
naming convention.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:10:51 +01:00
Gabor Mezei
37b06360b3 Add documentation for new bignum functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:10:51 +01:00
Gabor Mezei
c0b9304f92 Use value as numerical value instead of bitfield value
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:08:53 +01:00
Gabor Mezei
d8f5bc2d3d Free the correct struct element
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:08:53 +01:00
Gabor Mezei
535f36d203 Unify parameter naming
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:08:53 +01:00
Gabor Mezei
e66b1d47ed Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
8b718b5a66 Add bounds check to residue input
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
23bdeca64d Add core constant time comparison
Unfortunately reusing the new function from the signed constant time
comparison is not trivial.

One option would be to do temporary conditional swaps which would prevent
qualifying input to const. Another way would be to add an additional
flag for the sign and make it an integral part of the computation, which
would defeat the purpose of having an unsigned core comparison.

Going with two separate function for now and the signed version can be
retired/compiled out with the legacy API eventually.

The new function in theory could be placed into either
`library/constant_time.c` or `library/bignum_new.c`. Going with the
first as the other functions in the second are not constant time yet and
this distinction seems more valuable for new (as opposed to belonging to
the `_core` functions.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
5f016650d7 Reuse Bignum core I/O functions
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
91dc67d31c Allow (NULL, 0) as a representation of 0
- We don't check for NULL pointers this deep in the library
- Accessing a NULL pointer when the limb number is 0 as a mistake is the
  very similar to any other out of bounds access
- We could potentially mandate at least 1 limb representation for 0 but
  we either would need to enforce it or the implementation would be less
  robust.
- Allowing zero limb representation - (NULL, 0) in particular - for zero
  is present in the legacy interface, if we disallow it, the
  compatibility code will need to deal with this (more code size and
  opportunities for mistakes)

In summary, interpreting (NULL, 0) as the number zero in the core
interface is the least of the two evils.

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
4670f88991 Reuse Bignum helper functions
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
4614b9ad1b Move Bignum macros to common header
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:08:52 +01:00
Janos Follath
f1d617deb8 Add tests for big endian core I/O
The test case where there were extra limbs in the MPI failed and this
commit contains the corresponding fix as well. (We used to use the
minimum required limbs instead of the actual limbs present.)

Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:06:31 +01:00
Janos Follath
ba5c139e4c Add more validation to modulus life cycle
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:03:56 +01:00
Janos Follath
281ccda8a5 Clean up mpi_mod_init/free
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:03:56 +01:00
Janos Follath
5005edb36c Fix typos
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-05 17:03:56 +01:00
Gabor Mezei
c5328cf9a6 Add a set of I/O functions for the modulus structure
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:03:56 +01:00
Gabor Mezei
b903070cec Add a set of I/O functions
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:03:56 +01:00
Gabor Mezei
0c655572dc Build the new bignum_new.c file
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:03:56 +01:00
Gabor Mezei
f049dbfe94 Add the new modulus and the residue structures
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-08-05 17:03:56 +01:00
Gilles Peskine
b3edc1576c
Merge pull request #2602 from edsiper/crt-symlink
x509_crt: handle properly broken links when looking for certificates
2022-08-03 13:05:29 +02:00
Gilles Peskine
07e7fe516b
Merge pull request #6088 from tuvshinzayaArm/validation_remove_change_curve
Validation remove and change in files related to curve in library
2022-08-03 13:05:16 +02:00
Gilles Peskine
7e1ee0f04b
Merge pull request #6114 from mman/development
Use double quotes to include private header file psa_crypto_cipher.h
2022-08-03 13:04:57 +02:00
Martin Man
4741e0b56c Use double quotes to include private header file psa_crypto_cipher.h
Signed-off-by: Martin Man <mman@martinman.net>
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
2022-08-02 12:44:35 +02:00
Aditya Patwardhan
3096f331ee Fix missing prototype warning when MBEDTLS_DEPRECATED_REMOVED is
enabled

Added the changelog.d entry

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-08-02 11:15:18 +05:30
Dave Rodgman
919ff15ecf
Merge pull request #4686 from Kazuyuki-Kimura/patch_#2020
Fixed a bug that the little-endian Microblaze does not work when MBEDTLS_HAVE_ASM is defined
2022-07-29 17:08:11 +01:00
Dave Rodgman
27036c9e28
Merge pull request #6142 from tom-cosgrove-arm/fix-comments-in-docs-and-comments
Fix a/an typos in doxygen and other comments
2022-07-29 12:59:05 +01:00
Jerry Yu
c3bf748dc7 fix vertical alignment
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-29 10:27:17 +08:00
Jerry Yu
09a99fcf8a Add rsa_pss_rsae_* sig algos for tls12 default
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Jerry Yu
379b1ff3a5 remove useless comment
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Jerry Yu
95b743ca17 Rename get_pk_type_and_md_alg
The function is for both tls12 and tls13 now.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Jerry Yu
693a47ab1d add rsa_pss_rsae_* support in tls12
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Tuvshinzaya Erdenekhuu
86669de348 Broke 2 long lines
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-07-28 10:31:16 +01:00
Dave Rodgman
aba26d0099
Merge pull request #5963 from tom-daubney-arm/remove_ssl_compression_new
Remove use of SSL session compression
2022-07-28 10:28:23 +01:00
Manuel Pégourié-Gonnard
f6b8c3297a
Merge pull request #6065 from mpg/explore2
Driver-only hashes: RSA 1.5 and PK + strategy doc
2022-07-28 10:43:38 +02:00
Tom Cosgrove
ce7f18c00b Fix a/an typos in doxygen and other comments
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-07-28 05:50:56 +01:00
Manuel Pégourié-Gonnard
68429fc44d Fix a few more typos
Update link while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-27 20:44:02 +02:00
Tuvshinzaya Erdenekhuu
22f3654324 Remove NULL pointer validation in ecp.c
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-07-27 15:21:48 +01:00
Tuvshinzaya Erdenekhuu
a891f83803 Re-introduce ENUM validation in ecjpake.c
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-07-27 15:20:08 +01:00
Tuvshinzaya Erdenekhuu
2b1ecdaf4e Remove NULL pointer validation in ecjpake.c
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-07-27 15:20:08 +01:00
Tuvshinzaya Erdenekhuu
f69cac784a Reintroduce enum validation ecdh.c
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-07-27 14:43:38 +01:00
Tuvshinzaya Erdenekhuu
7857caadcd Remove NULL pointer validation in ecdh.c
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-07-27 14:40:47 +01:00
Tuvshinzaya Erdenekhuu
375950f119 Remove NULL pointer validations in ecdsa.c
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
2022-07-27 14:28:20 +01:00
Thomas Daubney
31e03a8e15 Replace hard-coded zeroes for constant
Replace two occurances of hard-coded zero for
MBEDTLS_SSL_COMPRESS_NULL in TLS 1.3 code.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-07-26 16:13:23 +01:00
Thomas Daubney
54e38ea9cd Remove remaining references to compression in docs
Some references to compression exist in the docs.
This commit removes those instances.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-07-26 16:13:23 +01:00
Thomas Daubney
20f89a9605 Remove uses of SSL compression
Remove or modify current uses of session compression.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-07-26 16:13:03 +01:00
Manuel Pégourié-Gonnard
de9ffe37ab Fix typos in hash_info.[ch]
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-26 10:20:52 +02:00
Ronald Cron
e579ece305
Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load
TLS 1.3: Add serialize session save load
I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in  #6123. Thus I am ok to merge it as it is.
2022-07-23 08:57:11 +02:00
Ronald Cron
340c559cb3
Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks
TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.
2022-07-23 08:50:45 +02:00
Jerry Yu
13ab81d5ac Add handshake failure in pre_shared_key withou psk_kex_modes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:17:11 +08:00
Jerry Yu
bc7c1a4260 fix typo/format/name issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:09:40 +08:00
Jerry Yu
438ddd835b Add tls13 session save/load
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:08:43 +08:00
Jerry Yu
a66fecebe7 Add endpoint/ticket_flag field for session
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:08:43 +08:00
Jerry Yu
6f1db3fc92 fix format and potential non-PSK fail issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:05:59 +08:00
Jerry Yu
ce6ed7076a Change the order of key_exchange determine
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 21:49:53 +08:00
Jerry Yu
ba9b6e9e53 fix unkown identity case
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 21:45:05 +08:00
Jerry Yu
568ec2502a fix format/name issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 21:27:34 +08:00
Jerry Yu
2f0abc94d8 fix typo/type/format issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 19:34:48 +08:00
Ronald Cron
4beb870fa8
Merge pull request #6064 from xkqian/tls13_add_psk
Add psk code to tls13 client side
2022-07-22 11:35:05 +02:00
Dave Rodgman
a948f0588c
Merge pull request #1986 from jacmet/bn_mul-fix-x86-pic-compilation-for-gcc-4
bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5
2022-07-21 17:34:48 +01:00
Jerry Yu
77f0148e11 Add psk/psk_ephemeral key exchange check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 23:27:22 +08:00
Ronald Cron
32578b3bd0
Merge pull request #6069 from yuhaoth/pr/add-tls13-write-new-session-ticket
TLS 1.3:add tls13 write new session ticket
Validated by the internal CI and Travis.
2022-07-21 16:17:35 +02:00
XiaokangQian
bee71453b2 Improve the buffer pointer check in write pre_shared key
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
3ad67bf4e3 Rename functions and add test messages
Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
7c12d31813 Refine comments for psk related code
Change-Id: Iff5c176bb902919abc8d4fb78a185aa68704a791
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
8698195566 Address comments of various issues
Improve comments
Change coding style
Rename functions

Change-Id: Ia111aef303932cfeee693431c3d48f90342b32e5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
adab9a6440 Fix transcript issues and add cases against openssl
Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
008d2bf80b Address comments in psk client review
Improve comments
Refine cipher suite related code in psk
Refine get_psk_offered()

Change-Id: Ic3b0b5f86eb1e71f11bb499961aa8494284f1840
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
XiaokangQian
eb69aee6af Add psk code to tls13 client side
Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
Manuel Pégourié-Gonnard
73692b7537 Rework macros expressing dependencies
Fix usage with sed:

s/MBEDTLS_OR_PSA_WANT_\([A-Z_0-9]*\)/MBEDTLS_HAS_\1_VIA_LOWLEVEL_OR_PSA/
s/MBEDTLS_USE_PSA_WANT_\([A-Z_0-9]*\)/MBEDTLS_HAS_\1_VIA_MD_OR_PSA_BASED_ON_USE_PSA/

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-21 12:11:53 +02:00
Jerry Yu
96a2e368dc TLS 1.3: Add pre-shared-key multiple psk parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 18:00:13 +08:00
Jerry Yu
6119715e05 Change type cast to size_t
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:28:02 +08:00
Jerry Yu
1c9247cff4 TLS 1.3: Add pre_share_key last ext check
From RFC, pre_share_key must be the last one.
Add check for it. And with/without psk, it should
be check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
352cd7db59 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
daf375aa8b fix issues of check_binder_match
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
bb852029f4 fix naming issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
6e74a7e3c7 Add check return flags
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
997549353e fix various code format issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
032b15ce5e Add write selected_identity
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
1c105560b4 add offered psks parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
6dcd18d55b export hdr checksum function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Ronald Cron
bc817bac76 TLS 1.3: Limit scope of tls13_kex_modes handshake field
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-07-21 09:43:53 +02:00
Jerry Yu
fca4d579a4 fix various issues
- unnecessary comments
- format issue
- improve readability

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 10:37:48 +08:00
Ronald Cron
799077177b TLS 1.3: Use selected key exchange mode field
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-07-20 17:49:58 +02:00
Ronald Cron
853854958f TLS 1.3: Add selected key exchange mode field
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-07-20 17:49:22 +02:00
Ronald Cron
7f9ccfeccc TLS 1.3: Remove unnecessary key exchange mode check
If there is a PSK involved in the key exchange
and thus no certificate we do not go through the
MBEDTLS_SSL_CERTIFICATE_REQUEST state thus there
is no reason to check that in the coordination
function of that state.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-07-20 17:47:23 +02:00
Ronald Cron
2d8b7ac898 TLS 1.3: Fix selected key exchange mode check
ECDHE operations have to be done in
ephemeral and PSK-ephemeral key exchange
mode, not just ephemeral key exhange mode.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-07-20 17:46:58 +02:00
Dave Rodgman
fa40b02da3 Remove use of lstat
lstat is not available on some platforms (e.g. Ubuntu 16.04). In this
particular case stat is sufficient.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-07-20 16:10:33 +01:00
Jerry Yu
6cb4fcd1a5 Remove key exchange mode check.
This change does not meet RFC requirements.
It should be revert after key exchange mode issue
fixed

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 22:41:00 +08:00
Jerry Yu
e67bef4aba Add tls13 write new session ticket
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 22:41:00 +08:00
Jerry Yu
251a12e942 Add dummy session save
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 22:40:59 +08:00
Dave Rodgman
7085aa42ee
Merge pull request #5896 from wernerlewis/aes_shallow_copy
Refactor AES context to be shallow-copyable
2022-07-20 15:16:37 +01:00
Dave Rodgman
103f8b6506 Spelling and grammar improvements
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-07-20 14:37:08 +01:00
Dave Rodgman
935154ef04 Don't increase failure count for dangling symlinks
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-07-20 14:37:07 +01:00
Eduardo Silva
e1bfffc4f6 x509_crt: handle properly broken links when looking for certificates
On non-windows environments, when loading certificates from a given
path through mbedtls_x509_crt_parse_path() function, if a symbolic
link is found and is broken (meaning the target file don't exists),
the function is returning MBEDTLS_ERR_X509_FILE_IO_ERROR which is
not honoring the default behavior of just skip the bad certificate file
and increase the counter of wrong files.

The problem have been raised many times in our open source project
called Fluent Bit which depends on MbedTLS:

https://github.com/fluent/fluent-bit/issues/843#issuecomment-486388209

The expected behavior is that if a simple certificate cannot be processed,
it should just be skipped.

This patch implements a workaround with lstat(2) and stat(2) to determinate
first if the entry found in the directory is a symbolic link or not, if is
a simbolic link, do a proper stat(2) for the target file, otherwise process
normally. Upon find a broken symbolic link it will increase the counter of
not processed certificates.

Signed-off-by: Eduardo Silva <eduardo@treaure-data.com>
2022-07-20 14:36:12 +01:00
Jerry Yu
3afdf36de7 Add hash length check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 18:12:08 +08:00
Jerry Yu
0a430c8aaf Rename resumption_key and the hardcode len
`resumption_key` is better name.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
b14413804a Remove ticket_flags
It should be added later.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
08aed4def9 fix comments and time_t type issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
a0446a0344 Add check_return flag
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
4e6c42a533 fix various issues
- wrong typo
- unnecessary comments/debug code
- wrong location

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
cb3b1396f3 move resume psk ticket computation to end
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
af2c0c8dd6 fix various comment/format issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
a357cf4d4c Rename new_session_ticket state
Both client and server side use
`MBEDTLS_SSL_NEW_SESSION_TICKET` now

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
f8a4994ec7 Add tls13 new session ticket parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
c62ae5f539 Add new session ticket message check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
a270f67340 Add tls13 session fields
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Manuel Pégourié-Gonnard
d82a9edc63 Rm now-duplicate helper function
Again, the guards are slightly different, let's see in the CI if this
causes any trouble.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard
130fa4d376 Rm local helper now that a global one is available
There is a small difference: the global function only works for hashes
that are included in the build, while the old one worked for all hashes
regardless of whether they were enabled or not.

We'll see in the CI is this causes any issues.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard
abac037a7b Migrate from old inline to new actual function.
This is mostly:

    sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \
    library/*.c tests/suites/*.function

This should be good for code size as the old inline function was used
from 10 translation units inside the library, so we have 10 copies at
least.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard
4772884133 New internal module for managing hash information
Using static inline functions is bad for code size; the function from
md_internal.h was already used from 3 different C files, so already was
copied at least 3 times in the library, and this would only get worse
over time.

Use actual functions, and also share the actual data between them.

Provide a consistent set of operations. Conversion to/from
human-readable string was omitted for now but could be added later if
needed.

In the future, this can be used to replace other similar (inline)
functions that are currently scattered, including (but perhaps not
limited to):
- mbedtls_psa_translate_md() from psa_util.h
- mbedtls_md_info_from_psa() (indirectly) from psa_crypto_hash.h
- get_md_alg_from_psa() from psa_crypto_rsa.c

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 21:28:38 +02:00
Peter Korsgaard
c0546e351f bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5
Fixes #1910

With ebx added to the MULADDC_STOP clobber list to fix #1550, the inline
assembly fails to build with GCC < 5 in PIC mode with the following error:

include/mbedtls/bn_mul.h:46:13: error: PIC register clobbered by ‘ebx’ in ‘asm’

This is because older GCC versions treated the x86 ebx register (which is
used for the GOT) as a fixed reserved register when building as PIC.

This is fixed by an improved register allocator in GCC 5+.  From the release
notes:

Register allocation improvements: Reuse of the PIC hard register, instead of
using a fixed register, was implemented on x86/x86-64 targets.  This
improves generated PIC code performance as more hard registers can be used.

https://www.gnu.org/software/gcc/gcc-5/changes.html

As a workaround, detect this situation and disable the inline assembly,
similar to the MULADDC_CANNOT_USE_R7 logic.

Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
2022-07-18 17:31:13 +01:00
Manuel Pégourié-Gonnard
1c402a4217 Remove macro that's no longer used
It was only used in test_suite_pk which was fixed to no longer compute
hashes in a temporary buffer.

Also, it's not entirely clear is this macro was really a good idea:
perhaps it's better for each user to have an explicit #if
defined(MBEDTSL_USE_PSA_CRYPTO) and use either MBEDTLS_MD_MAX_SIZE or
PSA_HASH_MAX_SIZE in each branch of that #if.

So, removing it for the time being.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 12:49:19 +02:00
Ronald Cron
d5b1eb51db
Merge pull request #6078 from yuhaoth/pr/add-tls13-paser-psk-kex-mode-ext
TLS 1.3: PSK: Add parser of psk kex mode ext on server side
2022-07-18 11:34:24 +02:00
Hanno Becker
907a367b50 Remove explicit width suffixes from Arm bignum assembly
Within the M-profile of the Arm architecture, some instructions
admit both a 16-bit and a 32-bit encoding. For those instructions,
some assemblers support the use of the .n (narrow) and .w (wide)
suffixes to force a choice of instruction encoding width.
Forcing the size of encodings may be useful to ensure alignment
of code, which can have a significant performance impact on some
microarchitectures.

It is for this reason that a previous commit introduced explicit
.w suffixes into what was believed to be M-profile only assembly
in library/bn_mul.h.

This change, however, introduced two issues:
- First, the assembly block in question is used also for Armv7-A
  systems, on which the .n/.w distinction is not meaningful
  (all instructions are 32-bit).
- Second, compiler support for .n/.w suffixes appears patchy,
  leading to compilation failures even when building for M-profile
  targets.

This commit removes the .w annotations in order to restore working
code, deferring controlled re-introduction for the sake of performance.

Fixes #6089.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2022-07-15 12:00:58 +01:00
Manuel Pégourié-Gonnard
f88b1b5375 Introduce MBEDTLS_OR_PSA_WANT_xxx helper macros
Currently just replacing existing uses, but the real point of having
these conditions as a single macro is that we'll be able to use them in
tests case dependencies, see next commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-15 12:08:14 +02:00
Jerry Yu
854dd9e23f fix comment issue
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-15 14:38:38 +08:00
Jerry Yu
299e31f10e fix various issue
- remove unused test case
- add alert message
- improve readabitlity

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-13 23:06:36 +08:00
Paul Elliott
af4b90db3f Revert "Add missing library/psa_crypto_driver_wrappers.c"
This reverts commit c2a9387110

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 11:30:17 +01:00
Paul Elliott
81c69b547a Revert "Revert "Revert "Add generated files for 3.2.0 release"""
This reverts commit 185d24ba0e.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 11:29:34 +01:00
Jerry Yu
e19e3b9eb8 Add psk_key_exchange_modes parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-12 09:53:35 +00:00
Paul Elliott
cd08ba0326 Bump version to 3.2.1
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 10:51:55 +01:00
Dave Rodgman
c2a9387110 Add missing library/psa_crypto_driver_wrappers.c
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-07-12 10:51:55 +01:00
Dave Rodgman
185d24ba0e Revert "Revert "Add generated files for 3.2.0 release""
This reverts commit 7adb8cbc0e.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 10:51:44 +01:00
Manuel Pégourié-Gonnard
043c8c5de8 Add USE_PSA version of PK test functions
While at it, also fix buffer size for functions that already depend on
USE_PSA: it should be PSA_HASH_MAX_SIZE for functions that always use
PSA, and the new macro MBEDTLS_USE_PSA_MD_MAX_SIZE for functions that
use it or not depending on USE_PSA.

The only case where MBEDTLS_MD_MAX_SIZE is OK is when the function
always uses MD - currently this is the case with
pk_sign_verify_restart() as it is incompatible with USE_PSA anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard
5508673832 Add helper macros for dependencies based on USE_PSA
For now in an internal header as it's the safest option and that way we
can change whenever we want.

Later on if we think the macros can be useful to applications as well then we
can move them to a public location.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
3f4778995e Rm dependency on MD in psa_crypto_rsa.c
The previous commit made the PKCS#1v1.5 part of rsa.c independent from
md.c, but there was still a dependency in the corresponding part in PSA.
This commit removes it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
fe2b9b5397 Make mbedtls_oid_get_md_alg() always available
This is a step towards building with RSA PKCS#1v1.5 without MD.

Also loosen guards around oid data: the OID definitions clearly don't
depend on our software implementation.

We could simply have no dependency as this is just data. But for the
sake of code size, let's have some guards so that people who don't use
MD5, SHA1 or RIPEMD160 don't have to pay the price for them.

Note: this is used for RSA (PKCS#v1.5) signatures among other things, an
area that is not influenced by USE_PSA, so the guards should not depend
on it either.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard
f493f2ad1d Use md_internal_get_size() in rsa.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard
3356b89b64 Add missing guard around call to MD
PKCS#1 v1.5 mostly does not need hash operations. This is a first step
towards allowing builds with PKCS#1 v1.5 only (no v2.1) without MD.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard
a370e06e30 Avoid dependency of PK on MD
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard
d8a298e1fc Add internal MD size getter
Modules / tests that only need to get the size of a hash from its type,
without actually computing a hash, need not depend on MD_C.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-12 11:11:18 +02:00
Paul Elliott
7adb8cbc0e Revert "Add generated files for 3.2.0 release"
This reverts commit cb21f2eab3.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 18:18:30 +01:00
Paul Elliott
cb21f2eab3 Add generated files for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:56:01 +01:00
Paul Elliott
20362cd1ca Bump library and so versions for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:56:01 +01:00
Paul Elliott
f518f81d41 Ensure return for mbedtls_ssl_write_alpn_ext() is checked
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 12:37:47 +01:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Paul Elliott
6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash
Fix DTLS 1.2 session resumption
2022-07-06 15:03:36 +01:00
Andrzej Kurek
21b50808cd Clarify the need for calling mbedtls_ssl_derive_keys after extension parsing
Use a more straightforward condition to note that session resumption
is happening.
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-06 03:26:55 -04:00
Werner Lewis
c1999d5746 Add fallback when rk unaligned with padlock
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-07-05 11:55:15 +01:00
Andrzej Kurek
92d7417d89 Formatting fixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Paul Elliott
072d2b094d Add pem_free() to other error paths in pk_parse_public_key()
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-04 06:49:26 -04:00
Leonid Rozenboim
116f50cd96 Fix resource leaks
These potential leaks were flagged by the Coverity static analyzer.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-07-04 06:49:26 -04:00
Manuel Pégourié-Gonnard
4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection
Permissions 2a: TLS 1.2 ciphersuite selection
2022-07-04 12:37:02 +02:00
Paul Elliott
41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf
Turn off stdio buffering with setbuf()
2022-07-04 10:12:22 +01:00
Ronald Cron
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk
Refactor signature algorithm chooser
2022-07-04 09:10:08 +02:00
Paul Elliott
bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints
Add accessors to config DN hints for cert request
2022-07-01 17:23:14 +01:00
Paul Elliott
c466ec2e73 Fix code formatting
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-01 16:43:25 +01:00
Neil Armstrong
971f30d917 Fix mbedtls_ssl_get_ciphersuite_sig_alg() by returning MBEDTLS_PK_NONE for MBEDTLS_KEY_EXCHANGE_RSA
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-01 16:23:50 +02:00
Manuel Pégourié-Gonnard
8b8a1610f7
Merge pull request #936 from paul-elliott-arm/fix_tls_record_size_check
Fix the wrong variable being used for TLS record size checks
2022-07-01 12:29:48 +02:00
Jerry Yu
52b7d923fe fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-01 18:12:44 +08:00
Neil Armstrong
96eceb8022 Refine mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg() when USE_PSA_CRYPTO is selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-30 18:05:05 +02:00
Gilles Peskine
da0913ba6b Call setbuf when reading or writing files: library
After opening a file containing sensitive data, call mbedtls_setbuf() to
disable buffering. This way, we don't expose sensitive data to a memory
disclosure vulnerability in a buffer outside our control.

This commit adds a call to mbedtls_setbuf() after each call to fopen(),
except:
* In ctr_drbg.c, in load_file(), because this is only used for DH parameters
  and they are not confidential data.
* In psa_its_file.c, in psa_its_remove(), because the file is only opened
  to check its existence, we don't read data from it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 17:03:40 +02:00
Gilles Peskine
6497b5a1d1 Add setbuf platform function
Add a platform function mbedtls_setbuf(), defaulting to setbuf().

The intent is to allow disabling stdio buffering when reading or writing
files with sensitive data, because this exposes the sensitive data to a
subsequent memory disclosure vulnerability.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 17:01:40 +02:00
Ronald Cron
cb67e1a890
Merge pull request #5917 from gilles-peskine-arm/asn1write-0-fix
Improve ASN.1 write tests
2022-06-30 15:42:16 +02:00
Paul Elliott
f6a56cf5ff
Merge pull request #939 from ronald-cron-arm/tls13-add-missing-overread-check
TLS 1.3: Add missing overread check
2022-06-29 17:01:14 +01:00
Werner Lewis
7656a373b6 Reformat AES changes for readability
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-29 16:17:50 +01:00
Werner Lewis
dd76ef359d Refactor AES context to be shallow-copyable
Replace RK pointer in AES context with a buffer offset, to allow
shallow copying. Fixes #2147.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-29 16:17:50 +01:00
Dave Rodgman
5b50f38f92
Merge pull request #934 from gilles-peskine-arm/mpi-0-mod-2
Fix null pointer dereference in mpi_mod_int(0, 2)
2022-06-29 15:02:59 +01:00
Jerry Yu
2fe6c638e2 remove supported check from parse sig algs
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:20:17 +08:00
Jerry Yu
959e5e030b fix format issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:20:17 +08:00
Jerry Yu
660cb4209c Remove pkcs1 from key cert and sig alg map
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:20:17 +08:00
Jerry Yu
71b18844ff fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:19:49 +08:00
Jerry Yu
9d3e2fa372 Add negative tests
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:19:06 +08:00
Manuel Pégourié-Gonnard
2f244c43b4
Merge pull request #5980 from mprse/md_dep_fix
Remove MD dependencies from mbedtls_x509_sig_alg_gets(), ssl_tls13_parse_certificate_verify()
2022-06-29 10:18:41 +02:00
Jerry Yu
c2e0493e6e Add rsa_pkcs1 for cert sig match
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:18:31 +08:00
Jerry Yu
cc5391048e fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:18:30 +08:00
Jerry Yu
ee28e7a21d add tests for select sig alg
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:17:06 +08:00
Jerry Yu
aebaaaf527 add debug messages
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:09 +08:00
Jerry Yu
430db6b6ff Remove hack fix for server hybrid issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:09 +08:00
Jerry Yu
a1255e6b8c fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:09 +08:00
Jerry Yu
9bb3ee436b Revert rsa_pss_rsae_* support for tls12
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:08 +08:00
Jerry Yu
53f5c15155 Add debug message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:08 +08:00
Jerry Yu
80dd5db808 Remove pkcs1 from certificate verify.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:08 +08:00
Jerry Yu
d4a71a57a8 Add tls12 algorithms in hybrid mode client hello
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:08 +08:00
Jerry Yu
5ef71f2723 remove rsa_pkcs1_* from tls13 support list
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:08 +08:00
Jerry Yu
f085678879 remove unnecessary check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:07 +08:00
Jerry Yu
6272c4d4aa Revert unnecessary space change
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:07 +08:00
Jerry Yu
96ee23eb88 fix tls12 openssl/gnutls server fail
To test version negotiation with tls12 OpenSSL/GnuTLS server, If
`rsa_pss_rsae_*` were sent to server before `rsa_pkcs_*`, server
will return `rsa_pss_rsae_*` as key exchange sig alg. OpenSSL/GnuTLS
can work with this case. mbedTLS will fail due to `rsa_pss_rsae_*`
unsupported.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:07 +08:00
Jerry Yu
ba5e379697 Revert order of default sig_algs
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:07 +08:00
Jerry Yu
3f71ca0941 Remove rsa_pss_rsae_* from tls12 sig_algs
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:07 +08:00
Jerry Yu
0c6be8f863 move big function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:07 +08:00
Jerry Yu
3896ac6e5b fix ordered sig algs fail for openssl
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:06 +08:00
Jerry Yu
f3b46b5082 Add debug message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:05 +08:00
Jerry Yu
d099cf0325 fix unused variable issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:47 +08:00
Jerry Yu
f55886a217 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:46 +08:00
Jerry Yu
6babfee178 remove out of scope codes
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:46 +08:00
Jerry Yu
fb526693c1 Rename sig_alg cert_key check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:45 +08:00
Jerry Yu
f0cda410a4 remove default sig_hashes
And add pss_rsae_* sig_algs to fix
`Handshake TLS 1.3` test fails, which
is part of `test_suite_ssl`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:45 +08:00
Jerry Yu
7ab7f2b184 Remove pkcs1 from certificate_verify
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:44 +08:00
Jerry Yu
08524c55f9 remove pkcs1_* support
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:44 +08:00
Jerry Yu
0ebce95785 create tls12/tls13 sig alg support check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:43 +08:00
Jerry Yu
f249ef7821 refactor get sig algo from pk
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:40 +08:00
Ronald Cron
7898fd456a
Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server
TLS 1.3 server: Send dummy change_cipher_spec records

The internal CI PR-merge job ran successfully thus good to go.
2022-06-29 09:47:49 +02:00
Glenn Strauss
bd10c4e2af Test accessors to config DN hints for cert request
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-06-29 02:54:28 -04:00
Gilles Peskine
d86abf2392
Merge pull request #5861 from wernerlewis/csr_subject_comma
Fix output of commas and other special characters in X509 DN values
2022-06-28 21:00:49 +02:00
Glenn Strauss
999ef70b27 Add accessors to config DN hints for cert request
mbedtls_ssl_conf_dn_hints()
mbedtls_ssl_set_hs_dn_hints()

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-06-28 12:43:59 -04:00
Neil Armstrong
9f1176a793 Move preferred_hash_for_sig_alg() check after ssl_pick_cert() and check if hash alg is supported with mbedtls_pk_can_do_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:12:17 +02:00
Neil Armstrong
9f4606e6d2 Rename mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX in mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:12:17 +02:00
Neil Armstrong
0c9c10a401 Introduce mbedtls_ssl_get_ciphersuite_sig_pk_ext_alg() and use it in ssl_pick_cert()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-06-28 18:10:48 +02:00
Gabor Mezei
f7044eaec8
Fix name
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-28 16:01:49 +02:00
Ronald Cron
e99ec7cb6a
Merge pull request #5908 from ronald-cron-arm/tls13-fixes-doc
TLS 1.3: Fixes and add documentation
Validated by the internal CI, no need to wait for the Open CI.
2022-06-28 12:16:17 +02:00
Gabor Mezei
96ae926572
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-28 11:56:26 +02:00
Gabor Mezei
5471912269
Move switching to handshake transform after sending CCS record
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-28 11:56:26 +02:00
Gabor Mezei
05ebf3be74
Revert "Do not encrypt CCS records"
This reverts commit 96ec831385.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-28 11:55:35 +02:00
Przemek Stekiel
4dc874453e ssl_tls13_parse_certificate_verify(): optimize the code
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-28 11:05:42 +02:00
Manuel Pégourié-Gonnard
273453f126
Merge pull request #5983 from gstrauss/inline-mbedtls_x509_dn_get_next
Inline mbedtls_x509_dn_get_next() in x509.h
2022-06-28 10:13:58 +02:00
Ronald Cron
11b5332ffc tls13: Fix certificate extension size write
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
81a334fc02 tls13: Fix buffer overread checks in ssl_tls13_parse_alpn_ext()
Some coding style alignement as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
7b8404608a tls13: Rename ssl_tls13_write_hello_retry_request_coordinate
Rename ssl_tls13_write_hello_retry_request_coordinate to
ssl_tls13_prepare_hello_retry_request as it is more
aligned with what the function does.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
fb508b8f21 tls13: Move state changes up to state main handler
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
63dc463ed6 tls13: Simplify switch to the inbound handshake keys on server side
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
5afb904022 tls13: Move out of place handshake field reset
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
828aff6ead tls13: Rename server_hello_coordinate to preprocess_server_hello
Rename server_hello_coordinate to preprocess_server_hello
as it is more aligned with what the function does.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
db5dfa1f1c tls13: Move ServerHello fetch to the ServerHello top handler
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
9d6a545714 tls13: Re-organize EncryptedExtensions message parsing code
Align the organization of the EncryptedExtensions
message parsing code with the organization of the
other message parsing codes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
154d1b68d6 tls13: Fix wrong usage of MBEDTLS_SSL_CHK_BUF(_READ)_PTR macros
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
c80835943c tls13: Fix pointer calculation before space check
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
2827106199 tls13: Add missing buffer overread check
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
b94854f8e3
Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests
TLS 1.3: Enable and add tests
2022-06-28 09:15:17 +02:00
Glenn Strauss
01d2f52a32 Inline mbedtls_x509_dn_get_next() in x509.h
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-06-27 14:20:07 -04:00
Dave Rodgman
f5b7082f6e
Merge pull request #5811 from polhenarejos/bug_x448
Fix order value for curve x448
2022-06-27 13:47:24 +01:00
Werner Lewis
9b0e940135 Fix case where final special char exceeds buffer
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 12:01:22 +01:00
Przemek Stekiel
9e30fc94f3 Remove redundant spaces
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-27 12:48:35 +02:00
Werner Lewis
b33dacdb50 Fix parsing of special chars in X509 DN values
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:19:50 +01:00
Przemek Stekiel
6a5e01858f ssl_tls13_parse_certificate_verify(): remove md dependency
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-27 11:53:13 +02:00
Przemek Stekiel
6230d0d398 mbedtls_x509_sig_alg_gets(): remove md dependency
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-27 11:19:04 +02:00
Ronald Cron
cf600bc07c Comment fixes
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
2b1a43c101 tls13: Add missing overread check in Certificate msg parsing.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
ad8c17b9c6 tls: Add overread/overwrite check failure tracking
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
e3dac4aaa1 tls13: Add Certificate msg parsing tests with invalid vector lengths
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:42 +02:00
Ronald Cron
07040bb179
Merge pull request #5951 from xkqian/tls13_add_alpn
Add ALPN extension to the server side
2022-06-27 08:33:03 +02:00
Ronald Cron
9738a8d0fd
Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks
TLS 1.3: Fix certificate key usage checks
2022-06-27 08:32:17 +02:00
Paul Elliott
668b31f210 Fix the wrong variable being used for TLS record size checks
Fix an issue whereby a variable was used to check the size of incoming
TLS records against the configured maximum prior to it being set to the
right value.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-06-24 20:09:37 +01:00
Ronald Cron
1938588e80 tls13: Align some debug messages with TLS 1.2 ones
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
XiaokangQian
0b776e282a Change some comments for alpn
Change-Id: Idf066e94cede9d26aa41d632c3a81dafcee38587
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-24 09:04:59 +00:00
Manuel Pégourié-Gonnard
93a7f7d7f8
Merge pull request #5954 from wernerlewis/x509_next_merged
Add mbedtls_x509_dn_get_next function
2022-06-24 09:59:22 +02:00
XiaokangQian
95d5f549f1 Fix coding styles
Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-24 05:42:15 +00:00
Przemek Stekiel
1b0ebdf363 Zeroize hkdf_label buffer
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-23 09:22:49 +02:00
Przemek Stekiel
38ab400dc4 Adapt code to be consistent with the existing code
- init status to error
- use simple assignment to status
- fix code style (spaces)

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-23 09:05:40 +02:00
XiaokangQian
c740345c5b Adress review comments
Change Code styles
Add test cases

Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-23 03:24:12 +00:00
Gabor Mezei
96ec831385
Do not encrypt CCS records
According to the TLS 1.3 standard the CCS records must be unencrypted.

When a record is not encrypted the counter, used in the dynamic IV
creation, is not incremented.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-22 17:07:21 +02:00
Gabor Mezei
7b39bf178e
Send dummy change_cipher_spec records from TLS 1.3 server
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-22 17:07:21 +02:00
XiaokangQian
acb3992251 Add ALPN extension to the server side
CustomizedGitHooks: yes
Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-22 06:34:58 +00:00
Przemek Stekiel
d5ae365b97 Use PSA HKDF-Extrat/Expand algs instead mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_xpand()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-21 07:22:33 +02:00