yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
19212 commits 1 branch 0 tags 94 MiB
Commit graph

8401 commits

Author SHA1 Message Date
Ronald Cron
8540cf66ac ssl_tls.c: Propose PKCS1 v1.5 signatures with SHA_384/512 
In case of TLS 1.3 and hybrid TLS 1.2/1.3, propose
PKCS1 v1.5 signatures with SHA_384/512 not only
SHA_256. There is no point in not proposing them
if they are available.

In TLS 1.3 those could be useful for certificate
signature verification.

In hybrid TLS 1.2/1.3 this allows to propose for
TLS 1.2 the same set of signature algorithms.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron
60ff79424e ssl_tls13_client.c: alpn: Miscellanous minor improvements 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron
13d8ea1dd9 ssl_tls13_client.c: alpn: Loop only once over protocol names 
This has although the benefit of getting rid of a
potential integer overflow (though very unlikely
and probably harmless).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron
a0855a6d13 ssl_tls13_client.c: alpn: Add missing return value assignment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron
de1adee51a Rename ssl_cli/srv.c 
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512 
Add rsae sha384 sha512
 2022-03-29 14:01:51 +02:00
Manuel Pégourié-Gonnard
39f2f73e69
Merge pull request #5630 from ronald-cron-arm/restore-full-compat-testing 
Restore full TLS compatibility testing
 2022-03-28 18:31:17 +02:00
Ronald Cron
e44d8e7eea
Merge pull request #5369 from xkqian/add_2nd_client_hello 
Add 2nd client hello
 2022-03-28 12:18:41 +02:00
Ronald Cron
fb39f15fa1 ssl_tls.c: Use ETM status only in CBC mode case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-25 16:50:18 +01:00
Ronald Cron
862902dd57 ssl_srv.c: Mark ETM as disabled if cipher is not CBC 
Encrypt-Then-Mac (ETM) is supported in Mbed TLS TLS
1.2 server only for the CBC cipher mode thus make it
clear in the SSL context.

The previous code was ok as long as the check of
the ETM status was done only in the case of the CBC
cipher mode but fragile as #5573 revealed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-25 16:50:18 +01:00
Manuel Pégourié-Gonnard
cefa904759
Merge pull request #5622 from paul-elliott-arm/timing_delay_accessor 
Accessor for mbedtls_timing_delay_context final delay
 2022-03-25 09:14:41 +01:00
XiaokangQian
20438976f9 Change comments and styles base on review 
Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 08:09:29 +00:00
XiaokangQian
c02768a399 Replace ssl->handshake with handshake in write_cookie_ext() 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
9b93c0dd8d Change cookie parameters for dtls and tls 1.3 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
25c9c9023c Refine cookie len to fix compile issues 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
9deb90f74e Change parameter names and code style 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
5e3c947841 Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
233397ef88 Update code base on comments 
Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data
Change code styles and comments
Fix cookie write issues

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian
0b64eedba8 Add cookies write in client hello 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
Ronald Cron
90045241e7
Merge pull request #5659 from yuhaoth/pr/fix-wrong-check-certificate-verify 
TLS1.3: Fix incorrect check for certificate verify
 2022-03-25 08:35:41 +01:00
Jerry Yu
6c6f10265d fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-25 11:09:50 +08:00
Jerry Yu
bd1b3278b1 Remove useless code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-24 13:07:28 +08:00
Jerry Yu
e26acee896 Refactor guards for sig algs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 21:01:33 +08:00
Jerry Yu
f8aa9a44aa fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 20:54:38 +08:00
Manuel Pégourié-Gonnard
5e4bf95d09
Merge pull request #5602 from superna9999/5174-md-hmac-dtls-cookies 
MD: HMAC in DTLS cookies
 2022-03-23 13:05:24 +01:00
Jerry Yu
8c3388620d create sig_alg decode function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 13:34:04 +08:00
Jerry Yu
0c23fc39c3 fix various guards issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 12:20:01 +08:00
Jerry Yu
7533982f68 guard pk_error_from_psa_ecdsa with USE_PSA_CRYPTO 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 12:06:31 +08:00
Jerry Yu
e010de4be3 Rename ctx to rsa_ctx 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 11:45:55 +08:00
Jerry Yu
fb0621d841 fix pk_sign_ext issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 11:42:06 +08:00
Jerry Yu
cef3f33012 Guard rsa sig algs with rsa_c and pkcs1_v{15,21} 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 23:16:42 +08:00
Jerry Yu
e91a51a539 Refactor get_sig_alg_from pk 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 21:42:50 +08:00
Jerry Yu
bf455e7516 rename pk_psa_rsa_sign_ext param 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 21:39:41 +08:00
Jerry Yu
3616533d26 tls13:remove ec check from validate certification 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 19:46:05 +08:00
Neil Armstrong
488a40eecb Rename psa_hmac to psa_hmac_key in mbedtls_ssl_cookie_ctx 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-22 10:41:38 +01:00
Jerry Yu
dddf5a0e18 Refactor get_sig_alg_from_pk 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:47:19 +08:00
Jerry Yu
89107d1bc2 fix ci fail without RSA_C 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:14:53 +08:00
Jerry Yu
406cf27cb5 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:14:53 +08:00
Jerry Yu
848ecce990 fix wrong typo in function name 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:14:52 +08:00
Jerry Yu
07869e804c fix psa crypto test fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu
b02ee18e64 replace use_psa_crypto with psa_crypto_c 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu
b6875bc17a change rsa_pss salt type 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu
704cfd2a86 fix comments and style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu
718a9b4a3f fix doxgen fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
1d172a3483 Add pk_psa_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
8beb9e173d Change prototype of pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
67eced0132 replace pk_sign with pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
d69439aa61 add mbedtls_pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
3a58b462b6 add pss_rsae_sha{384,512} 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
bfcfe74b4e add signature algorithm debug helper 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:33 +08:00