mbedtls

Author	SHA1	Message	Date
Przemyslaw Stekiel	c499e33ed0	ssl_msg.c: Change message in MBEDTLS_SSL_DEBUG_RET() to be the failed function name instead current function name Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-07 15:12:05 +01:00
Przemyslaw Stekiel	c8a06feae6	ssl_msg.c: Optimize null/stream cipher decryption/encryption Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-07 10:52:47 +01:00
Przemyslaw Stekiel	98ef6dca68	Remove redundant new lines Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-07 08:04:39 +01:00
Przemyslaw Stekiel	8c010eb467	Fix comments, code style, remove debug code Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel	6b2eedd25f	ssl_msg.c: add debug code for psa failures Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 14:55:14 +01:00
Przemyslaw Stekiel	d66387f8fa	Init psa status to PSA_ERROR_CORRUPTION_DETECTED Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel	b97556e8d1	mbedtls_ssl_encrypt/decrypt_buf: remove dead code Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-03 09:16:29 +01:00
Przemyslaw Stekiel	77aec8d181	Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel	be47ecf5e2	mbedtls_ssl_get_record_expansion: use same condidion set as for non-psa build Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 17:50:00 +01:00
Przemyslaw Stekiel	89dad93a78	Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel	399ed51185	Fix condition in mbedtls_ssl_get_record_expansion Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel	1d714479a3	mbedtls_ssl_get_record_expansion: rework switch statement for psa As PSA_ALG_IS_AEAD( transform->psa_alg ) can't be used as switch labels (switch labels must be constant expressions, they have to be evaluated at compile time) refactor switch to "if else" statement. Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	e88477844c	Adapt the mbed tls mode: ccm or gcm or cachapoly to psa version mode == MBEDTLS_MODE_CCM \|\| mode == MBEDTLS_GCM \|\| mode == MBEDTLS_CHACHAPOLY is equivalent to PSA_ALG_IS_AEAD( alg ). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	221b52791e	ssl_msg.c: fix parm in call to mbedtls_ssl_decrypt_buf() Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	6be9cf542f	Cleanup the code Use conditional compilation for psa and mbedtls code (MBEDTLS_USE_PSA_CRYPTO). Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	d4eab57933	Skip psa encryption/decryption for null cipher Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	ce09e7d868	Use psa_status_to_mbedtls() for psa error case Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	1fe065b235	Fix conditional compilation (MBEDTLS_USE_PSA_CRYPTO) Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	2e9711f766	mbedtls_ssl_decrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_decrypt_ext() with PSA calls Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel	b37fae122c	mbedtls_ssl_encrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_encrypt_ext() with PSA calls Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	ce37d11c67	mbedtls_ssl_transform_free(): fix destruction of psa keys Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel	8f80fb9b1d	Adapt in mbedtls_ssl_transform_init() and mbedtls_ssl_transform_free() after extending mbedtls_ssl_transform struct Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-01-31 15:38:28 +01:00
Dave Rodgman	050ad4bb50	Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac Check HMAC return values	2021-12-13 10:51:27 +00:00
Gilles Peskine	ecf6bebb9c	Catch failures of md_hmac operations Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that their return values should be checked. Do check the return values in our code. We were already doing that everywhere for hash calculations, but not for HMAC calculations. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-11 15:00:57 +01:00
Gilles Peskine	d5ba50e239	Zeroize local MAC variables Zeroize local MAC variables used for CBC+HMAC cipher suites. In encryption, this is just good hygiene but probably not needed for security since the data protected by the MAC that could leak is about to be transmitted anyway. In DTLS decryption, this could be a security issue since an adversary could learn the MAC of data that they were trying to inject. At least with encrypt-then-MAC, the adversary could then easily inject a datagram with a corrected packet. TLS would still be safe since the receiver would close the connection after the bad MAC. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-11 14:59:45 +01:00
Ronald Cron	6f135e1148	Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:47:55 +01:00
Ronald Cron	7e38cba993	Add incoming ChangeCipherSpec filtering in TLS 1.3 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Gabor Mezei	be7b21da22	Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module	2021-11-24 10:44:13 +01:00
Jerry Yu	a1a568c2f6	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-11-09 10:17:21 +08:00
Jerry Yu	1ca80f7ca5	fix comment issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-11-08 10:45:16 +08:00
Jerry Yu	47413c2c8f	fix wrong version header for tls1.3 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-30 20:23:37 +08:00
Gabor Mezei	22c9a6fccc	Rename internal header constant_time.h to constant_time_internal.h Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-20 12:15:20 +02:00
Gabor Mezei	90437e3762	Rename constant-time functions to have mbedtls_ct prefix Rename functions to better suite with the module name. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-20 11:59:27 +02:00
Gabor Mezei	765862c4f3	Move mbedtls_cf_memcmp to a new public header Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-19 12:22:25 +02:00
Ronald Cron	e23bba04ee	Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils TLS 1.3: ServerHello: add utils functions used by ServerHello Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012) thus we can consider that this PR passed CI.	2021-10-11 11:01:11 +02:00
Jerry Yu	fd320e9a6e	Replace zeroize with memset Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 21:52:41 +08:00
Jerry Yu	ae0b2e2a2f	Rename counter_len Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 15:40:14 +08:00
Jerry Yu	c1ddeef53a	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 15:40:14 +08:00
Jerry Yu	d96a5c2d86	Fix wrong usage of counter len macro Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-29 17:46:51 +08:00
gabor-mezei-arm	4602564d7a	Unify memcmp functions Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:33:47 +02:00
gabor-mezei-arm	9c1203fd67	Delete ssl_invasive.h due to duplicated function declarations All function declaration provided by ssl_invasive.h is needed only for testing purposes and all of them are provided by constant_time.h as well. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:44 +02:00
gabor-mezei-arm	1349ffde84	Move mbedtls_cf_hmac function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:44 +02:00
gabor-mezei-arm	0e7f71e1a9	Move mbedtls_cf_memcpy_offset function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:44 +02:00
gabor-mezei-arm	dee0fd33f1	Move mbedtls_cf_memcpy_if_eq function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:28:43 +02:00
gabor-mezei-arm	8d1d5fd204	Move mbedtls_cf_size_bool_eq function to the constant-time module There were multiple functions called mbedtls_cf_size_bool_eq. They had exactly the same behavior, so move the one in bignum.c and remove the other. Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:20:07 +02:00
gabor-mezei-arm	16fc57bcc4	Move mbedtls_cf_size_mask_ge function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:16:14 +02:00
gabor-mezei-arm	c76227d808	Move mbedtls_cf_size_mask_lt function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:16:14 +02:00
gabor-mezei-arm	3733bf805a	Move mbedtls_cf_size_mask function to the constant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:16:14 +02:00
gabor-mezei-arm	db9a38c672	Move contatnt-time memcmp functions to the contant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:16:14 +02:00
gabor-mezei-arm	9fa43ce238	Rename function to have suitable name Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:14:47 +02:00

1 2 3 4

179 commits