mbedtls

Author	SHA1	Message	Date
Andrzej Kurek	7763829c5c	Add missing ifdef when calculating operation capacity Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-16 12:24:52 -04:00
Andrzej Kurek	3c4c514302	Remove `PSA_ALG_IS_TLS12_ECJPAKE_TO_PMS` Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-16 07:24:14 -04:00
Andrzej Kurek	b093650033	Add proper capacity calculation for EC J-PAKE to PMS KDF Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-16 07:13:00 -04:00
Andrzej Kurek	702776f7cc	Restrict the EC J-PAKE to PMS input type to secret Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-16 06:22:44 -04:00
Andrzej Kurek	d60907b85d	Define ECJPAKE_TO_PMS in config_psa only if SHA_256 is available Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-14 14:57:51 -04:00
Andrzej Kurek	08d34b8693	Add an EC J-PAKE KDF to transform K -> SHA256(K.X) for TLS 1.2 TLS uses it to derive the session secret. The algorithm takes a serialized point in an uncompressed form, extracts the X coordinate and computes SHA256 of it. It is only expected to work with P-256. Fixes #5978. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-14 08:39:26 -04:00
Andrzej Kurek	216baca131	pkcs5: improve error handling Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:15:34 -04:00
Andrzej Kurek	e3d544c58f	Minor PKCS5 improvements Add consts, more elegant size calculation and variable initialization. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:07:15 -04:00
Andrzej Kurek	3d0dfb99c9	Change the pkcs5_pbkdf2_hmac deprecation approach The shared part has now been extracted and will be used regardless of the deprecation define. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:07:15 -04:00
Andrzej Kurek	f000471c66	Add missing MD dependency for pkcs5_pbkdf2_hmac Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:07:15 -04:00
Andrzej Kurek	ed98e95c81	Adjust pkcs5 test dependencies Hashing via PSA is now supported Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:03:25 -04:00
Andrzej Kurek	890e78ae66	Deprecate mbedtls_pkcs5_pbkdf2_hmac Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:03:25 -04:00
Andrzej Kurek	dd36c76f09	Provide a version of pkcs5_pbkdf2_hmac without MD usage Use the new implementation locally Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-02 04:03:25 -04:00
Manuel Pégourié-Gonnard	97fc247d6a	Merge pull request #6232 from AndrzejKurek/pkcs12-no-md Remove MD dependency from pkcs12 module	2022-09-02 09:43:13 +02:00
Andrzej Kurek	e16e6edfce	Remove the dependency on MD_MAX_SIZE from PKCS12 Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-01 08:57:59 -04:00
Andrzej Kurek	7bd12c5d5e	Remove MD dependency from pkcs12 module Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-01 08:57:41 -04:00
Ronald Cron	e00d6d6b55	Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation TLS 1.3: SRV: Finalize external PSK negotiation	2022-08-31 17:21:57 +02:00
Jerry Yu	1e05b6dd6d	fix coding style and unnecessary assignment Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 10:35:52 +08:00
Manuel Pégourié-Gonnard	bf22a2500b	Merge pull request #6208 from AndrzejKurek/tls-tests-no-md-structured Remove the dependency on MD from TLS 1.2 tests	2022-08-30 12:34:37 +02:00
Dave Rodgman	0edfa9dd26	Merge pull request #6207 from daverodgman/ticket_time Fix type used for capturing TLS ticket generation time	2022-08-30 10:03:06 +01:00
Jerry Yu	e5834fd0d7	remove unnecessary test also optimize check sum Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-29 20:33:33 +08:00
Jerry Yu	0baf907e11	remove `select_ciphersuite` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-25 11:21:04 +08:00
Jerry Yu	c5a23a0f12	fix various issues - code style - variable initialize - update comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-25 11:09:35 +08:00
Dave Rodgman	fac3ea5656	Merge pull request #6184 from leorosen/ssl_tls_curve_group_id_null_protect mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing	2022-08-24 15:16:45 +01:00
Tom Cosgrove	bcc13c943f	Add further missing whitespaces inside parentheses Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com> Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-24 15:08:16 +01:00
Tom Cosgrove	20c1137350	Fix coding style Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com> Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-24 15:06:13 +01:00
Dave Rodgman	5a28142410	Merge pull request #6189 from Kxuan/fix-ctr_drbg-uninit ctr_drbg: fix free uninitialized aes context	2022-08-24 14:58:44 +01:00
Jerry Yu	f35ba384ff	Add select ciphersuite entry function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-23 22:01:58 +08:00
Jerry Yu	dd1bef788e	Add ciphersuite_info check return null if no valid ciphersuite info Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-23 17:57:02 +08:00
Jerry Yu	29d9faa468	fix various issues. - comments issues - code format style issues - naming improvement. - error return improvements Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-23 17:53:43 +08:00
Andrzej Kurek	299b1d6c93	Remove unnecessary `psa/crypto.h` include This is now included in `legacy_or_psa.h`. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-23 05:42:33 -04:00
Andrzej Kurek	cccb044804	Style & formatting fixes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-23 05:26:02 -04:00
Janos Follath	645ff5b8ff	Merge pull request #6095 from gabor-mezei-arm/6016_add_new_modulus_and_residue_structures Add the new modulus and the residue structures with low level I/O operations	2022-08-23 09:02:43 +01:00
Andrzej Kurek	7e16ce3a72	Clarify TLS 1.2 dependencies with and without PSA crypto Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	8c95ac4500	Add missing dependencies / alternatives A number of places lacked the necessary dependencies on one of the used features: MD, key exchange with certificate, entropy, or ETM. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	25f271557b	Update SHA and MD5 dependencies in the SSL module The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO is defined and respective SHA / MD5 defines are missing. A new set of macros added in #6065 is used to reflect these dependencies. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	0ce592169e	Use hash_info_get_size in ssl_tls12_client This way the code does not rely on the MBEDTLS_MD_C define Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	a242e83b21	Rename the sha384 checksum context to reflect its purpose Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:02:04 -04:00
Gilles Peskine	e5018c97f9	Merge pull request #6195 from superna9999/6149-driver-only-hashes-ec-j-pake Driver-only hashes: EC J-PAKE	2022-08-22 17:28:15 +02:00
Gilles Peskine	20ebaac85e	Merge pull request #6211 from tom-cosgrove-arm/explicit-warning-re-ct-conditions-not-0-or-1 Be explicit about constant time bignum functions that must take a 0 or 1 condition value	2022-08-22 17:24:04 +02:00
Gilles Peskine	03f1c39ac7	Merge pull request #6171 from mprse/md_x509_test Driver-only hashes: X.509	2022-08-22 17:18:47 +02:00
Janos Follath	2e328c8591	Remove confusing const qualifier Since a is not a pointer, it is passed by value and declaring it const doesn’t make any sense and on the first read can make me miss the fact that a is not a pointer. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-22 11:19:10 +01:00
Janos Follath	c459641ad1	Bignum: add missing limb qualifiers Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-22 10:04:52 +01:00
Janos Follath	af3f39c01c	Fix typos Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com> Co-authored-by: Werner Lewis <Werner.Lewis@arm.com> Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-22 09:08:04 +01:00
Jerry Yu	5725f1cf3a	Align ciphersuite with overwrite. Selected ciphersuite MUST be same with ciphsersuite of PSK. Overwrite the old ciphersuite with the one of PSK. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 17:50:27 +08:00
Jerry Yu	01e42d2d4c	fix issues in export handshake psk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 13:00:07 +08:00
Jerry Yu	9f7f646b11	Revert "remove psk key when ephemeral selected" This reverts commit `5c28e7aa0e`. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:59:17 +08:00
Jerry Yu	e9d4fc09a3	fix binder value security issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:59:17 +08:00
Jerry Yu	24b8c813c4	fix comments and wrong initial value issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:55:45 +08:00
Jerry Yu	5d01c05d93	fix various issues - wrong typo in comments - replace psk null check with key_exchange_mode check - set psk NULL when error return in export hs psk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:55:01 +08:00

1 2 3 4 5 ...

9293 commits