mbedtls

Author	SHA1	Message	Date
Manuel Pégourié-Gonnard	56b159a12a	Merge pull request #7627 from mprse/ffdh_tls13_v2 Make use of FFDH keys in TLS 1.3 v.2	2023-07-03 10:12:33 +02:00
Przemek Stekiel	7dda271c1d	Fix description of functions Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-28 09:16:08 +02:00
Tom Cosgrove	db041cc82f	Merge pull request #7665 from AndrzejKurek/optimize-error-translation-code-size Optimize error translation code size	2023-06-28 08:09:00 +01:00
Valerio Setti	6835b4a6ed	tls: always zeroize buffer on exit Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-22 09:06:31 +02:00
Valerio Setti	3589a4c644	tls: keep buffer declaration in a single line Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-22 09:02:44 +02:00
Valerio Setti	b46217d5c1	tls: never destroy a priavte key that is not owned/created by TLS module Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 13:18:52 +02:00
Valerio Setti	0813b6f28d	tls: optimize code in ssl_get_ecdh_params_from_cert() When MBEDTLS_PK_USE_PSA_EC_DATA is defined, opaque and non-opaque keys are basically stored in the same way (only a diffferent ownership for the key itself), so they should be treated similarly in the code. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-06-16 12:18:53 +02:00
Andrzej Kurek	1e4a030b00	Fix wrong array size calculation in error translation code Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-13 05:46:47 -04:00
Andrzej Kurek	1c7a99856f	Add missing ifdefs Make sure that the error translating functions are only defined when they're used. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-13 05:46:47 -04:00
Andrzej Kurek	0064484a70	Optimize error translation code size Introducing an intermediate function saves code size that's otherwise taken by excessive, repeated arguments in each place that was translating errors. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-13 05:46:46 -04:00
Przemek Stekiel	75a5a9c205	Code cleanup Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-13 09:57:23 +02:00
Przemek Stekiel	da4fba64b8	Further code optimizations Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:31:09 +02:00
Przemek Stekiel	24e50d3dbd	Compile out length check to silent the compiler warning Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:31:08 +02:00
Manuel Pégourié-Gonnard	6076f4124a	Remove hash_info.[ch] Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	8857984b2f	Replace hash_info macro with MD macro Now the MD macro also accounts for PSA-only hashes. Just a search-and-replace, plus manually removing the definition in hash_info.h. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	7b1136836c	Merge pull request #7438 from valeriosetti/issue7074 Avoid parse/unparse private ECC keys in PK with USE_PSA when !ECP_C	2023-06-01 10:06:45 +02:00
Valerio Setti	d0405093d9	tls: use pk_get_group_id() instead of directly accessing PK's structure Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-24 16:02:32 +02:00
Thomas Daubney	f9f0ba8211	Use functions in alignment.h to get value Refactor code using get functions from alignment.h to read values. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2023-05-24 06:24:16 +01:00
Valerio Setti	972077820b	tls/x509: minor enhancement for using the new private key format Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-23 15:12:07 +02:00
Valerio Setti	3f00b84dd1	pk: fix build issues Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-15 12:57:06 +02:00
Valerio Setti	77a75685ed	pk: align library and tests code to the new internal functions Note = programs are not aligned to this change because: - the original mbedtls_pk_ec is not ufficially deprecated - that function is used in tests when ECP_C is defined, so the legacy version of that function is available in that case Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-15 11:18:46 +02:00
Valerio Setti	4f387ef277	pk: use better naming for the new key ID field Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-05 10:59:32 +02:00
Valerio Setti	048cd44f77	pk: fix library code for using the new opaque key solution Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-05-05 10:59:32 +02:00
Ronald Cron	fe01ec2d57	tls12: srv: Use sizeof() instead of constant Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:32:05 +02:00
Ronald Cron	c564938180	Add downgrade protection mechanism Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:32:05 +02:00
Ronald Cron	6291b23080	tls: Add logic in handshake step to enable server version negotiation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Valerio Setti	77a904c761	ssl: remove useless guard Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-28 16:26:48 +02:00
Valerio Setti	1fa5c56863	ssl_tls: fix guard symbols for EC accelerated tests Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-28 16:26:47 +02:00
Tom Cosgrove	6ef9bb3d74	Implement and use MBEDTLS_STATIC_ASSERT() Fixes #3693 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-03-08 14:19:51 +00:00
Andrzej Kurek	8a045ce5e6	Unify PSA to Mbed TLS error translation Move all error translation utilities to psa_util.c. Introduce macros and functions to avoid having a local copy of the error translating function in each place. Identify overlapping errors and introduce a generic function. Provide a single macro for all error translations (unless one file needs a couple of different ones). Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-03-03 05:23:44 -05:00
Manuel Pégourié-Gonnard	b8b07aa24a	Handle errors from functions that now return int A few functions were changed from returning void to returning int three commits ago. Make sure their callers check the return values. This commits was basically a matter of declaring newly-int-returning functions MBEDTLS_CHECK_RETURN_CRITICAL and then fixing the resulting warnings. A few functions had to be made int in the process; they were applied the same process as well. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-21 15:39:12 +01:00
Gilles Peskine	449bd8303e	Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-11 14:50:10 +01:00
Valerio Setti	1e868ccbac	fix several typos and extra blank spaces Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-09 17:59:46 +01:00
Valerio Setti	2b5d3ded1f	remove remaining occurencies of mbedtls_ecc_group_to_psa() from TLS Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-09 11:04:52 +01:00
Valerio Setti	40d9ca907b	tls: remove useless legacy function Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-04 16:08:04 +01:00
Valerio Setti	18c9fed857	tls: remove dependency from mbedtls_ecp_curve functions Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-03 13:03:34 +01:00
Jerry Yu	ac5ca5a0ea	Refactor cookie members of handshake struct Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-05 19:58:45 +08:00
Manuel Pégourié-Gonnard	ffc330fafa	Merge pull request #6264 from hannestschofenig/rfc9146_2 CID update to RFC 9146	2022-11-29 09:25:14 +01:00
Manuel Pégourié-Gonnard	ef25a99f20	Merge pull request #6533 from valeriosetti/issue5847 Use PSA EC-JPAKE in TLS (1.2) - Part 2	2022-11-23 13:27:30 +01:00
Valerio Setti	819de86895	tls: removed extra white spaces and other minor fix Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 18:05:19 +01:00
Valerio Setti	6b3dab03b5	tls: psa_pake: use a single function for round one and two in key exchange read/write Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 17:14:54 +01:00
Valerio Setti	9bed8ec5d8	tls: psa_pake: make round two reading function symmatric to the writing one Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:36:19 +01:00
Valerio Setti	a988364767	tls: psa_pake: fix missing new round one parsing function on tls12 server Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:35:02 +01:00
Valerio Setti	a08b1a40a0	tls: psa_pake: move move key exchange read/write functions to ssl_tls.c Inlined functions might cause the compiled code to have different sizes depending on the usage and this not acceptable in some cases. Therefore read/write functions used in the initial key exchange are moved to a standard C file. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:34:59 +01:00
Paul Elliott	96a0fd951f	Fix signature algorithms list entry getting overwritten by length. Fix bug whereby the supported signature algorithm list sent by the server in the certificate request would not leave enough space for the length to be written, and thus the first element would get overwritten, leaving two random bytes in the last entry. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-11-17 14:58:14 +00:00
Valerio Setti	6f1b5741ae	tls12: psa_pake: simplify EC info parsing in server's 2nd round Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-16 14:50:13 +01:00
Valerio Setti	02c25b5f83	tls12: psa_pake: use common code for parsing/writing round one and round two data Share a common parsing code for both server and client for parsing round one and two. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-16 13:56:12 +01:00
Dave Rodgman	d384b64dd2	Merge branch 'development' into rfc9146_2 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-14 17:43:15 +00:00
Neil Armstrong	ca7d506556	Use PSA PAKE API when MBEDTLS_USE_PSA_CRYPTO is selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com> Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-08 10:58:45 +01:00
Gilles Peskine	744fd37d23	Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0 Fix unusual macros	2022-10-25 19:55:29 +02:00

1 2 3

143 commits