mbedtls

Author	SHA1	Message	Date
Gilles Peskine	449bd8303e	Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-11 14:50:10 +01:00
Valerio Setti	a0b97bc803	fix wrong type in debug message Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-09 19:10:32 +01:00
Valerio Setti	1e868ccbac	fix several typos and extra blank spaces Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-09 17:59:46 +01:00
Valerio Setti	2b5d3ded1f	remove remaining occurencies of mbedtls_ecc_group_to_psa() from TLS Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-09 11:04:52 +01:00
Valerio Setti	40d9ca907b	tls: remove useless legacy function Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-04 16:08:04 +01:00
Valerio Setti	18c9fed857	tls: remove dependency from mbedtls_ecp_curve functions Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-03 13:03:34 +01:00
Manuel Pégourié-Gonnard	4064a82802	Merge pull request #5600 from yuhaoth/pr/refactor-cookie-members-of-handshake Refactor cookie members of handshake	2022-12-14 10:55:34 +01:00
Tom Cosgrove	ed4f59eec3	Fix another typo where 'PSK' was 'PKS' Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-05 12:07:50 +00:00
Jerry Yu	e01304f6d8	fix type conversion issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-05 19:58:46 +08:00
Jerry Yu	ac5ca5a0ea	Refactor cookie members of handshake struct Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-05 19:58:45 +08:00
Tom Cosgrove	1797b05602	Fix typos prior to release Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-04 17:19:59 +00:00
Manuel Pégourié-Gonnard	ffc330fafa	Merge pull request #6264 from hannestschofenig/rfc9146_2 CID update to RFC 9146	2022-11-29 09:25:14 +01:00
Manuel Pégourié-Gonnard	ef25a99f20	Merge pull request #6533 from valeriosetti/issue5847 Use PSA EC-JPAKE in TLS (1.2) - Part 2	2022-11-23 13:27:30 +01:00
Valerio Setti	5151bdf46e	tls: psa_pake: add missing braces Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-21 14:30:02 +01:00
Valerio Setti	61ea17d30a	tls: psa_pake: fix return values in parse functions Ensure they all belong to the MBEDTLS_ERR_SSL_* group Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-18 12:11:00 +01:00
Valerio Setti	6b3dab03b5	tls: psa_pake: use a single function for round one and two in key exchange read/write Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 17:14:54 +01:00
Valerio Setti	9bed8ec5d8	tls: psa_pake: make round two reading function symmatric to the writing one Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:36:19 +01:00
Valerio Setti	a08b1a40a0	tls: psa_pake: move move key exchange read/write functions to ssl_tls.c Inlined functions might cause the compiled code to have different sizes depending on the usage and this not acceptable in some cases. Therefore read/write functions used in the initial key exchange are moved to a standard C file. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:34:59 +01:00
Andrzej Kurek	ec71b0937f	Introduce a test for single signature algorithm correctness The value of the first sent signature algorithm is overwritten. This test forces only a single algorithm to be sent and then validates that the client received such algorithm. 04 03 is the expected value for SECP256R1_SHA256. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-11-17 14:58:14 +00:00
Valerio Setti	02c25b5f83	tls12: psa_pake: use common code for parsing/writing round one and round two data Share a common parsing code for both server and client for parsing round one and two. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-16 13:56:12 +01:00
Dave Rodgman	d384b64dd2	Merge branch 'development' into rfc9146_2 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-14 17:43:15 +00:00
Neil Armstrong	ca7d506556	Use PSA PAKE API when MBEDTLS_USE_PSA_CRYPTO is selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com> Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-08 10:58:45 +01:00
Glenn Strauss	a4b4041219	Shared code to free x509 structs Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-10-28 12:51:35 -04:00
Gilles Peskine	88f5fd9099	Merge pull request #6479 from AndrzejKurek/depends-py-no-psa Enable running depends.py in a configuration without MBEDTLS_USE_PSA_CRYPTO and remove perl dependency scripts	2022-10-26 20:02:57 +02:00
Gilles Peskine	744fd37d23	Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0 Fix unusual macros	2022-10-25 19:55:29 +02:00
Andrzej Kurek	468c50656e	Fix key exchange dependencies for ssl_parse_server_ecdh_params Resulting from particular configs in which this code is used. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-24 15:55:18 -04:00
Ronald Cron	d29e13eb1b	tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
David Horstmann	b21bbef061	Refactor macro-spanning if in ssl_tls12_client.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-06 18:00:51 +01:00
Gilles Peskine	945b23c46f	Include platform.h unconditionally: automatic part We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and to define ad hoc replacements for mbedtls_xxx functions on a case-by-case basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this complication was to allow building individual source modules without copying platform.h. This is not something we support or recommend anymore, so get rid of the complication: include platform.h unconditionally. There should be no change in behavior since just including the header should not change the behavior of a program. This commit replaces most occurrences of conditional inclusion of platform.h, using the following code: ``` perl -i -0777 -pe 's!#if.\n#include "mbedtls/platform.h"\n(#else.\n(#define (mbedtls\|MBEDTLS)_.\n\|#include <(stdarg\|stddef\|stdio\|stdlib\|string\|time)\.h>\n))?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"') ``` Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-09-15 20:33:07 +02:00
Hannes Tschofenig	fd6cca4448	CID update to RFC 9146 The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content. Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>	2022-09-07 17:15:05 +02:00
Przemek Stekiel	40afdd2791	Make use of MBEDTLS_MAX_HASH_SIZE macro Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-09-06 14:18:45 +02:00
Andrzej Kurek	0ce592169e	Use hash_info_get_size in ssl_tls12_client This way the code does not rely on the MBEDTLS_MD_C define Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Dave Rodgman	953ce3962f	Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12 Add rsa pss rsae for tls12	2022-08-09 10:21:45 +01:00
Dave Rodgman	27036c9e28	Merge pull request #6142 from tom-cosgrove-arm/fix-comments-in-docs-and-comments Fix a/an typos in doxygen and other comments	2022-07-29 12:59:05 +01:00
Jerry Yu	c3bf748dc7	fix vertical alignment Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-29 10:27:17 +08:00
Jerry Yu	95b743ca17	Rename get_pk_type_and_md_alg The function is for both tls12 and tls13 now. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Jerry Yu	693a47ab1d	add rsa_pss_rsae_* support in tls12 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Tom Cosgrove	ce7f18c00b	Fix a/an typos in doxygen and other comments Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-07-28 05:50:56 +01:00
Thomas Daubney	20f89a9605	Remove uses of SSL compression Remove or modify current uses of session compression. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-07-26 16:13:03 +01:00
Jerry Yu	a357cf4d4c	Rename new_session_ticket state Both client and server side use `MBEDTLS_SSL_NEW_SESSION_TICKET` now Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Ronald Cron	ce7d76e2ee	Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr	2022-07-11 10:22:37 +02:00
Paul Elliott	6e80e09bd1	Merge pull request #5915 from AndrzejKurek/cid-resumption-clash Fix DTLS 1.2 session resumption	2022-07-06 15:03:36 +01:00
Andrzej Kurek	21b50808cd	Clarify the need for calling mbedtls_ssl_derive_keys after extension parsing Use a more straightforward condition to note that session resumption is happening. Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-06 03:26:55 -04:00
Glenn Strauss	bd10c4e2af	Test accessors to config DN hints for cert request Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-29 02:54:28 -04:00
Manuel Pégourié-Gonnard	a3115dc0e6	Mark static int SSL functions CHECK_RETURN_CRITICAL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:52 +02:00
Manuel Pégourié-Gonnard	66b0d61718	Add comments when can_do() is safe to use Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Andrzej Kurek	7cf872557a	Rearrange the session resumption code Previously, the transforms were populated before extension parsing, which resulted in the client rejecting a server hello that contained a connection ID. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-14 08:26:19 -04:00
Shaun Case	8b0ecbccf4	Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. Signed-off-by: Shaun Case <warmsocks@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-11 21:25:51 +01:00
Neil Armstrong	8ecd66884f	Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-05 14:01:49 +02:00
Neil Armstrong	80f6f32495	Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-05-04 11:08:41 +02:00

1 2

92 commits