yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
28845 commits 1 branch 0 tags 94 MiB
Commit graph

28845 commits

This branch
This branch
All branches
Author SHA1 Message Date
Pengyu Lv
e705f572f9 Add components to test crypto_full w/wo accelerated RSA 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-12-07 10:22:03 +08:00
Gilles Peskine
f3ccfddb45
Merge pull request #8615 from davidhorstmann-arm/fix-cast-potential-overflow 
Fix possible integer overflows
 2023-12-07 00:42:10 +00:00
Dave Rodgman
779819a4dd
Merge pull request #8613 from bensze01/valgrind-only-in-nightlies 
Do not run Valgrind tests in PR jobs
 2023-12-06 19:18:24 +00:00
Gilles Peskine
42d78c73b7
Merge pull request #8550 from gabor-mezei-arm/tf_psa_crypto_change_log_support 
Modify changelog assembly to work with tf-psa-crypto
 2023-12-06 18:25:49 +00:00
Gilles Peskine
57e401b39f
Merge pull request #8521 from valeriosetti/issue8441 
[G4] Make CTR-DRBG fall back on PSA when AES not built in
 2023-12-06 18:25:44 +00:00
David Horstmann
4749007f64 Fix possible integer overflows before widening 
When calculating a result to go into an mbedtls_ms_time_t, make sure
that arithmetic is performed at the final size to prevent overflow.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2023-12-06 17:22:53 +00:00
Valerio Setti
202bb71dcd ssl_tls12_server: do not export/import opaque keys 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-06 17:05:24 +01:00
Bence Szépkúti
0354d04d3c Do not run Valgrind tests in PR jobs 
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2023-12-06 16:14:37 +01:00
Valerio Setti
acd7bafcbb driver-only-build: update AEADs section 
Note: this section shouldn't actually be updated in #8357, but
rather in #8358 which is the wrapup related to cipher and AEADs
accelaration. As a consequence we start the AEAD section with
a disclaimer explaining that the information written there will
be updated soon by a follow up PR.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-06 15:17:12 +01:00
Manuel Pégourié-Gonnard
d9c69d12ac
Merge pull request #8513 from mschulz-at-hilscher/feature/explicitly-accessing-private-fields-in-benchmark 
Explicitly accessing private fields in benchmark
 2023-12-06 11:06:32 +00:00
Manuel Pégourié-Gonnard
ad4f0ada37
Merge pull request #8514 from mschulz-at-hilscher/fixes/uninitialized-variable-in-ssl_msg 
Fix uninitialized variable warnings in ssl_msg.c
 2023-12-06 11:06:03 +00:00
Valerio Setti
1e3fcc5692 config-tfm: fix typo in comment 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-06 11:56:08 +01:00
Valerio Setti
69402fd6a2 changelog: fix typos and working 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-06 11:32:10 +01:00
Xiaokang Qian
ae952174a7 Enable early data depend on whether the early data file exist 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 10:27:27 +00:00
Valerio Setti
2bd53667d6 pk: guard key enrollment function with PSA_CRYPTO_CLIENT 
Use key enrollment function only when MBEDTLS_PSA_CRYPTO_CLIENT
is enabled, i.e. when the Mbed TLS implementation of PSA Crypto
is being used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-06 11:24:50 +01:00
Jerry Yu
750e06743f remove misbehavior tests and code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:22:15 +08:00
Jerry Yu
95648b0134 Some minor improvement 
- move early data check to `prepare`
- avoid `((void) output_len)
- replace check with `session_ticket_allow`  in 2nd place

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:21:16 +08:00
Jerry Yu
c59c586ac4 change prototype of write_early_data_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:21:15 +08:00
Jerry Yu
163e12f7ff remove assignment for session->max_early_data_size 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:21:09 +08:00
Jerry Yu
ebe1de62f9 fix various issue 
- rename connection time variable
- remove unnecessary comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:20:25 +08:00
Jerry Yu
9e7f9bc253 Add missing debug message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:20:22 +08:00
Jerry Yu
db97163ac7 add ticket max_early_data_size check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:20:13 +08:00
Jerry Yu
5233539d9f share write_early_data_ext function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:50 +08:00
Jerry Yu
0069abc141 improve comments of new session ticket 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:46 +08:00
Jerry Yu
1a160703f8 set max_early_data_size of ticket to keep consistent 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:43 +08:00
Jerry Yu
f135bac89c Add max_early_data_size check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:39 +08:00
Jerry Yu
930ce4cfac Revert "change max_early_data_size source" 
This reverts commit 3d8d6a770f3a0f3045820970bc4a5d6ee7df8e10.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:36 +08:00
Jerry Yu
2f5d93b1c9 Revert "set init value for max_early_data_size in session" 
This reverts commit 8b02d75ed1af883e135979d24e38c0847e66fede.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:33 +08:00
Jerry Yu
d450fd25ae change max_early_data_size source 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:31 +08:00
Jerry Yu
525990fb62 set init value for max_early_data_size in session 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:28 +08:00
Jerry Yu
db6fda71e5 improve early data comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:17:51 +08:00
Jerry Yu
10795a0c3b replace ticket permission set 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:17:48 +08:00
Jerry Yu
c2b1bc4fb6 replace early data permission check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:17:46 +08:00
Jerry Yu
4da7c22cd6 add early data flag check function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:17:44 +08:00
Jerry Yu
ea96ac3da9 fix various issues 
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:17:37 +08:00
Jerry Yu
3db60dfe5e rename nst early data write function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:16:56 +08:00
Jerry Yu
391c943340 Add tests for ticket early data permission bit 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:16:48 +08:00
Jerry Yu
3c2b21ed0e Enable multi max_early_data_size value for connections 
For test purpose, we set different value for each
session

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:14:56 +08:00
Jerry Yu
fceddb310e Add early data permission check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:14:54 +08:00
Jerry Yu
01da35e2c8 add early data extension of NST 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:14:52 +08:00
Valerio Setti
bced8bc8d7 ssl_tls12_server: export/import PK parsed key in TLS side 
Instead of setting both algorithm and enrollement algorithm in the
PK module when parsing the key:

- for Weierstrass keys we only set ECDSA algorithm,
- for Montgomery keys we don't set any algorithm.

Reasons:
- PK module can only do ECDSA and not ECDH
- ECDH is only used in TLS
- Montgomery keys cannot be used to do ECDSA, while Weierstrass ones
  can do both ECDSA and ECDH.

So the idea is that once TLS needs the key to do ECDH (either Weierstrass
and Montgomery), it exports the one parsed from the PK module and then
re-imports it setting proper algorithm and flags. In this way the TLS
module will own the new key so it will be its duty to clear it on
exit.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-06 10:40:47 +01:00
Xiaokang Qian
611c717c02 Sync the early_data option with internal parameters in ssl_client2 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 09:24:58 +00:00
Valerio Setti
fbbafa0d2d pkparse: do not set key algorithm for Montgomery keys in pk_ecc_set_key() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-06 10:07:34 +01:00
Xiaokang Qian
f8fe11d14d Remove the generic file read functions and simply the early data read 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 07:40:50 +00:00
Ronald Cron
40f3f1c36f
Merge pull request #7058 from yuhaoth/pr/tls13-early-data-parsing-0-rtt-data 
TLS 1.3 EarlyData SRV: Parsing 0-RTT data
 2023-12-06 06:47:32 +00:00
Xiaokang Qian
eaebedb30b Refine the detect code to enable early data or not 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 02:55:16 +00:00
Xiaokang Qian
b1db72923e Rename the generic read functions to ssl_read_file_text 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 02:33:38 +00:00
Xiaokang Qian
6c678d7543 Improve the comments of early data input 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 02:20:51 +00:00
Gilles Peskine
9f55e8e442 Add a section about ALT implementations 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-12-05 22:21:09 +01:00
Jerry Yu
42020fb186 revert output message which used by testing 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-05 17:35:53 +08:00