mbedtls

Author	SHA1	Message	Date
Przemek Stekiel	fd32e9609b	ssl_parse_client_key_exchange(): read the curve identifier and the peer's public key and compute the shared secret using PSA Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-09 16:01:59 +01:00
Przemek Stekiel	b6ce0b6cd8	ssl_prepare_server_key_exchange(): generate a private/public key and write out the curve identifier and public key using PSA Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-09 16:01:50 +01:00
Ronald Cron	5bb8fc830a	Call Certificate writing generic handler only if necessary Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	3f20b77517	Improve comment Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	00d012f2be	Fix type of force_flush parameter Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	9f55f6316e	Move state change from CSS states to their main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	3addfa4964	Move state change from WRITE_CLIENT_HELLO to its main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	66dbf9118e	TLS 1.3: Do not send handshake data in handshake step handlers Send data (call to mbedtls_ssl_flush_output()) only from the loop over the handshake steps. That way, we do not have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE error code) on the network in handshake step handlers. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	9df7c80c78	TLS 1.3: Always go through the CLIENT_CERTIFICATE state Even if certificate authentication is disabled at build time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state. It simplifies overall the code for a small code size cost when certificate authentication is disabled at build time. Furthermore that way we have only one point in the code where we switch to the handshake keys for record encryption. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:50:08 +01:00
Paul Elliott	17f452aec4	Merge pull request #5448 from lhuang04/tls13_alpn Port ALPN support for tls13 client from tls13-prototype	2022-03-08 17:53:38 +00:00
Manuel Pégourié-Gonnard	d815114f93	Merge pull request #5524 from mprse/tls_ecdh_2c TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)	2022-03-08 11:43:45 +01:00
Przemek Stekiel	c85f0912c4	psa_crypto.c, test_suite_psa_crypto.function: fix style Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-08 11:37:54 +01:00
Przemek Stekiel	f8614a0ec2	asymmetric_encryption.h: trim trailing spaces Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-08 10:48:35 +01:00
Przemek Stekiel	b6bdebde5e	asymmetric_encrypt: handle forced output Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-08 10:32:18 +01:00
Przemek Stekiel	d5e5c8b58d	asymmetric_encrypt: add remining test driver cases Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-08 10:31:07 +01:00
Gilles Peskine	c9c967c812	Fix RSA sanity checks for asymmetric_encrypt * Remove expected_output_data: since asymmetric encryption is randomized, it can't be useful. * The decryption check needs the private exponent, not the public exponent. * Use PSA macro for the expected ciphertext buffer size. * Move RSA sanity checks to their own function for clarity. * For RSAES-PKCS1-v1_5, check that the result of the private key operation has the form 0x00 0x02 ... 0x00 M where M is the plaintext. * For OAEP, check that the result of the private key operation starts with 0x00. The rest is the result of masking which it would be possible to check here, but not worth the trouble of implementing. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-03-07 21:18:37 +01:00
Gilles Peskine	44311f5c98	Merge pull request #5571 from superna9999/5162-pk-rsa-signing PK: RSA signing	2022-03-07 17:09:14 +01:00
Gilles Peskine	6bf5c8cb1d	Merge pull request #5506 from superna9999/4964-extend-psa-one-shot-multipart Extend PSA operation setup tests to always cover both one-shot and multipart	2022-03-07 17:04:37 +01:00
Gilles Peskine	15364ffb03	Merge pull request #5579 from SiliconLabs/erase_secret_before_free Erase secrets in allocated memory before freeing said memory	2022-03-07 17:04:04 +01:00
Gilles Peskine	fdfc10b250	Merge pull request #4408 from gilles-peskine-arm/storage-format-check-mononicity Check storage format tests for regressions	2022-03-07 17:02:34 +01:00
Przemek Stekiel	72373f3819	WIP: Add asymmetric_encrypt test case Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-07 16:48:18 +01:00
Neil Armstrong	6d5baf5f1e	Use PSA MAC verify API in mbedtls_ssl_cookie_check() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-07 14:33:21 +01:00
Neil Armstrong	be52f500c8	Use PSA_ALG_TRUNCATED_MAC() to limit to COOKIE_HMAC_LEN in mbedtls_ssl_cookie_setup() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-07 14:33:21 +01:00
Neil Armstrong	7cd0270d6c	Drop mutex in mbedtls_ssl_cookie_ctx when PSA is used Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-07 14:33:21 +01:00
Neil Armstrong	2217d6f825	Generate cookie MAC key with psa_generate_key Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-07 14:33:21 +01:00
pespacek	b9ca22dead	Improving readability of x509_crt and x509write_crt for PR Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-03-07 13:59:44 +01:00
pespacek	d924e55944	Improving readability of x509_crt and x509write_crt Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-03-07 13:31:54 +01:00
Przemek Stekiel	7a58208809	Change names rsa->asymmetric_encryption Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-07 10:49:04 +01:00
Neil Armstrong	fd4c259a7b	Use PSA_INIT() in mac_multipart_internal_func() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-07 10:11:11 +01:00
Przemek Stekiel	7fc0751f78	Restore build options for mbedtls_ecc_group_of_psa() and related functions Additional issue created to simplifiy usage of BUILTIN_KEY_TYPE_xxx && BUILTIN_ALG_yy macros https://github.com/ARMmbed/mbedtls/issues/5596 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-06 20:43:46 +01:00
Gilles Peskine	dcf2ff53c8	Ensure files get closed when they go out of scope This is automatic in CPython but not guaranteed by the language. Be friendly to other Python implementations. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-03-04 20:02:00 +01:00
Gilles Peskine	4a9630a651	Fix typo and align on US spelling Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-03-04 20:00:29 +01:00
Tom Cosgrove	70245bee01	Add ChangeLog entry for fix to mbedtls_md_process() test Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-03-04 16:48:49 +00:00
Ron Eldor	0df1ecd5fd	Fix test_suite_md API violation Add a call to `mbedtls_md_starts()` in the `mbedtls_md_process()` test, as it violates the API usage. Fixes #2227. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-03-04 16:48:17 +00:00
Neil Armstrong	77b69ab971	Remove non-PSA MAC key in mbedtls_ssl_cookie_ctx Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-04 14:45:45 +01:00
Neil Armstrong	23d34ce372	Use PSA HMAC API in ssl_cookie_hmac() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-04 14:45:45 +01:00
Neil Armstrong	d633201279	Import PSA HMAC key in mbedtls_ssl_cookie_setup() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-04 14:45:18 +01:00
Przemek Stekiel	f25b16cadd	test_psa_compliance: update tag to fix-pr-5139-3 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-04 14:25:09 +01:00
Andrzej Kurek	541318ad70	Refactor ssl_context_info time printing Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-03-04 05:07:45 -05:00
Andrzej Kurek	554b820747	Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-03-04 05:07:45 -05:00
Andrzej Kurek	469fa95cbc	Add the timing test dependency on MBEDTLS_HAVE_TIME Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-03-04 05:07:45 -05:00
Andrzej Kurek	6056e7af4f	Fix benchmark and udp_proxy dependency on MBEDTLS_HAVE_TIME Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-03-04 05:07:45 -05:00
Andrzej Kurek	09e803ce0d	Provide a dummy implementation of timing.c Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-03-04 05:07:45 -05:00
Andrzej Kurek	06a00afeec	Fix requirement mismatch in fuzz/common.c Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-03-04 05:07:45 -05:00
Andrzej Kurek	108bf520e0	Add a missing guard for time.h in net_sockets.c Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-03-04 05:07:45 -05:00
Andrzej Kurek	3475b26375	Add a changelog entry Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-03-04 05:07:45 -05:00
David Horstmann	61faf665e6	Use $PWD instead of $(pwd) for consistency Change the new baremetal all.sh tests to use $PWD rather than calling pwd again directly. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-03-04 05:07:45 -05:00
David Horstmann	ca53459bed	programs/fuzz: Remove superfluous MBEDTLS_HAVE_TIME MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra check for MBEDTLS_HAVE_TIME is not needed. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-03-04 05:07:45 -05:00
David Horstmann	4e0cc40d0f	programs/fuzz: Use build_info.h in common.h Remove direct inclusion of mbedtls_config.h and replace with build_info.h, as is the convention in Mbed TLS 3.0. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-03-04 05:07:45 -05:00
David Horstmann	5b9cb9e8ca	programs/test: fix build without MBEDTLS_HAVE_TIME Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is not defined. In this case, do not attempt to seed the pseudo-random number generator used to sometimes produce corrupt packets and other erroneous data. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-03-04 05:07:45 -05:00

... 5 6 7 8 9 ...

19366 commits