Commit graph

10811 commits

Author SHA1 Message Date
Ronald Cron
cada410365 tls13: srv: Postpone legacy session id copy
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the legacy session id.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
d540d995b2 tls13: srv: Postpone client random copy
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the client random
bytes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
6458239b36 tls13: srv: Move TLS version setting
When parsing the ClientHello message,
move the setting of the TLS version
to TLS 1.3 after the computation of
the end of the list of cipher suites.
At that point we are able to compute
the address and end address of the
list of extensions and thus able to
search and parse the supported_versions
extension to select which version
of the TLS protocol we are going to
negotiate.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
Ronald Cron
47dce630f4 tls13: Add function to search for a supported_versions extension
Move in a dedicated function the search for the
supported_versions extension in a list of
extensions, to be able to use it on server side
as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:17 +02:00
Minos Galanakis
00bd8925a7 bignum: Removed merge scaffolding.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-04-05 16:13:11 +01:00
Janos Follath
13c73de6de
Merge pull request #6233 from tom-cosgrove-arm/issue-6226-core-mul
Bignum: extract core_mul from the prototype
2023-04-04 13:36:22 +01:00
Ronald Cron
219f978097
Merge pull request #7059 from ronald-cron-arm/psa-crypto-misc
PSA cryptography miscellaneous
2023-04-04 10:54:03 +02:00
Valerio Setti
98680fc2ed ecp: revert changes to ECP module and test suite
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-04 10:22:59 +02:00
Valerio Setti
8eb552647f pk_wrap: fix sizing for private key buffer
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-04 10:20:53 +02:00
Gabor Mezei
d62605126d
Fix documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-04-03 17:32:55 +02:00
Valerio Setti
0fe1ee27e5 pk: add an alternative function for checking private/public key pairs
Instead of using the legacy mbedtls_ecp_check_pub_priv() function which
was based on ECP math, we add a new option named eckey_check_pair_psa()
which takes advantage of PSA.
Of course, this is available when MBEDTLS_USE_PSA_CRYPTO in enabled.

Tests were also fixed accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-03 15:00:21 +02:00
Gabor Mezei
6f182c33a8
Fix documentation
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-31 16:17:06 +02:00
Tom Cosgrove
6af26f3838
Tidy up, remove MPI_CORE(), apply the naming convention, and use the new mbedtls_mpi_core_mul()
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-31 16:16:00 +02:00
Hanno Becker
4ae890bbd0
Extract MPI_CORE(mul) from the prototype
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-31 16:10:34 +02:00
Dave Rodgman
b8f5ba826b
Merge pull request #6891 from yuhaoth/pr/add-milliseconds-platform-function
Add milliseconds platform time function
2023-03-31 11:47:37 +01:00
Ronald Cron
afbc7eda65 psa: Introduce PSA crypto core common symbols
When compiling some PSA core files of the
PSA cryptography repository, both the
Mbed TLS library and the PSA cryptography
core common.h are included and if they
define the same inline functions (same name),
the compilation fails.

Thus, inline functions prefixed by psa_crypto_
instead of mbedtls_ are defined in the
PSA cryptography core common.h header.

To ease the maintenance of the PSA cryptography
repository, introduce those symbols in Mbed TLS
as well and use them in PSA crypto core code
files instead of their Mbed TLS equivalent.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:57 +02:00
Ronald Cron
e6e6b75ad3 psa: Remove MBEDTLS_PSA_CRYPTO_DRIVERS configuration option
The support for the PSA crypto driver interface
is not optional anymore as the implementation of
the PSA cryptography interface has been restructured
around the PSA crypto driver interface (see
psa-crypto-implementation-structure.md). There is
thus no purpose for the configuration options
MBEDTLS_PSA_CRYPTO_DRIVERS anymore.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:07:54 +02:00
Ronald Cron
fe8e135816 psa: Remove unnecessary headers
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-03-31 09:01:45 +02:00
Paul Elliott
03d557db35
Merge pull request #6900 from AndrzejKurek/san-dirname
Add support for directoryName subjectAltName
2023-03-30 18:37:26 +01:00
Janos Follath
54118a1720
Merge pull request #7352 from gabor-mezei-arm/6349_fix_merge
Remove obsolete ecp_fix_negative function
2023-03-30 14:48:13 +01:00
Andrzej Kurek
5f0c6e82fb Add missing deallocation of subject alt name
Since mbedtls_x509_get_name allocates memory
when parsing a directoryName, deallocation
has to be performed if anything fails in the
meantime.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:40:38 -04:00
Andrzej Kurek
bf8ccd8109 Adjust error reporting in x509 SAN parsing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:03:01 -04:00
Andrzej Kurek
d40c2b65a6 Introduce proper memory management for SANs
DirectoryName parsing performs allocation that has to be handled.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:03:01 -04:00
Andrzej Kurek
e12b01d31b Add support for directoryName subjectAltName
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-03-29 11:03:01 -04:00
Gabor Mezei
df9c029dd5
Remove obsolete ecp_fix_negative function
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-28 18:43:07 +02:00
Valerio Setti
46423164c1 tls12_client: remove unnecessary parentheses
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
77a904c761 ssl: remove useless guard
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:48 +02:00
Valerio Setti
9affb73e44 psa_crypto: fix guard for mbedtls_ecc_group_of_psa()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Valerio Setti
1fa5c56863 ssl_tls: fix guard symbols for EC accelerated tests
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-28 16:26:47 +02:00
Gabor Mezei
514806bbe9
Add a second round of carry reduction for P192 fast reduction
The first round of carry reduction can generate a carry so a
second round is needed.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-28 15:09:34 +02:00
Paul Elliott
f04848cc3b Revert "Add generated files"
This reverts commit df2b5da57f.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-27 21:20:52 +01:00
Paul Elliott
d01a3bca05 Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback
Mbed TLS 3.4.0
2023-03-27 18:09:49 +01:00
Janos Follath
445c3bfcac
Merge pull request #7222 from minosgalanakis/bignum/6851_extract_Secp384r1_fast_reduction
Bignum:  Extract secp384r1 fast reduction from the prototype
2023-03-27 16:56:30 +01:00
Valerio Setti
ab9dc667ff psa_util: fix for correctly computing elements in array
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-27 11:25:10 -04:00
Gabor Mezei
2f73edbbc4
Prevent mpi_mod_write from corrupting the input
Allocate a working buffer to store the converted value needed for the
mpi_mod_write function.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2023-03-27 15:53:14 +02:00
Manuel Pégourié-Gonnard
93302422fd Fix instances of old feature macros being used
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data

Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
4011eb49dc Fix entropy-related feature macros
Was causing testing disparities picked by analyze_outcomes.py

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
5cd4b6403b Use MD-light in entropy.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Minos Galanakis
f9fca53cb4 ecp_curves: Updated ecp_mod_p384_raw documentation
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-03-23 12:17:17 +00:00
Paul Elliott
df2b5da57f Add generated files
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-23 10:58:43 +00:00
Paul Elliott
db67e99bbf Bump library, libcrypto and libx509 versions
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-23 10:57:39 +00:00
Valerio Setti
226f9b903f ssl_tls: fix guard in ssl_misc.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-23 09:28:51 +01:00
Pengyu Lv
5038a38695 ssl_cache: Return standard mbedtls error code
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-23 15:53:43 +08:00
Minos Galanakis
68d64a10b6 ecp_curves: Re-introduced mbedtls_ecp_fix_negative()
This patch re-introduces `mbedtls_ecp_fix_negative` and
appropriately adjusts its' define guards.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-03-22 11:28:15 +00:00
Valerio Setti
080a22ba75 ssl_tls13: use PSA_WANT_ALG_ECDH as symbol for marking ECDH capability
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
0c8ec3983e ssl_tls: fix proper guards for accelerated ECDH
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Valerio Setti
90df310d89 ssl_tls13: fix guards for accel ECDH
These changes fix all failures found in test_suite_ssl

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-22 10:48:34 +01:00
Minos Galanakis
37f4cb6d0e ecp_curves: Minor rework for p384
This patch adjusts formatting, documentation and testing.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-03-21 15:46:50 +00:00
Minos Galanakis
6fb105fb2e ecp_curves: Ported prototypes
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-03-21 15:41:26 +00:00
Paul Elliott
f1eb5e2a04 Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-03-21 15:35:17 +00:00
Manuel Pégourié-Gonnard
7224086ebc Remove legacy_or_psa.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
bef824d394 SSL: use MD_CAN macros
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
a946489efd X.509: use MD_CAN macros
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
ebef58d301 OID + misc crypto: use MD_CAN and fix failures
After this, only PK, X.509 and TLS remain to be done.

Deterministic uses HMAC-DRBG which uses MD, so it needs crypto_init()
when using a driver-only hash.

Also, remove a special-purpose macro that's no longer needed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
a5f04621bd PKCS5: use MD_CAN macros
sed -i -f md.sed library/pkcs5.c tests/suites/test_suite_pkcs5* include/mbedtls/pkcs5.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
49e67f814f PKCS5: always use MD
As a consequence, MD_C is now enabled in component accel_hash_use_psa.

Fix guards in X.509 info function to avoid this causing a failure now.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
c1f10441e0 RSA: use MD_CAN macros
sed -i -f md.sed library/rsa.c tests/suites/test_suite_rsa* include/mbedtls/rsa.h tests/suites/test_suite_pkcs1_v*

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
fb8d90a2db RSA: always use MD light
Note: already auto-enabled in build_info.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
52d02a85d3 PEM: use MD_CAN macros
sed -i -f md.sed library/pem.c tests/suites/test_suite_pem* include/mbedtls/pem.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
1c2008fa37 PEM: always use MD light
Note: PEM_PARSE already auto-enables MD_LIGHT in build_info.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
be97afe5d4 PKCS12: always use MD light
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
b2eb1f7456 ECJPAKE: use MD_CAN macros
sed -i -f md.sed \
    library/ecjpake.c \
    include/medtls/ecjpake.h \
    tests/suites/test_suite_ecjpake.*

With md.sed as follows:

s/\bMBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA_BASED_ON_USE_PSA\b/MBEDTLS_MD_CAN_SHA512/g

s/\bMBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_MD_OR_PSA\b/MBEDTLS_MD_CAN_SHA512/g

s/\bMBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_HAS_ALG_RIPEMD160_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_HAS_ALG_SHA_1_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_HAS_ALG_SHA_224_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_HAS_ALG_SHA_256_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_HAS_ALG_SHA_384_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_HAS_ALG_SHA_512_VIA_LOWLEVEL_OR_PSA\b/MBEDTLS_MD_CAN_SHA512/g

s/\bMBEDTLS_MD5_C\b/MBEDTLS_MD_CAN_MD5/g
s/\bMBEDTLS_RIPEMD160_C\b/MBEDTLS_MD_CAN_RIPEMD160/g
s/\bMBEDTLS_SHA1_C\b/MBEDTLS_MD_CAN_SHA1/g
s/\bMBEDTLS_SHA224_C\b/MBEDTLS_MD_CAN_SHA224/g
s/\bMBEDTLS_SHA256_C\b/MBEDTLS_MD_CAN_SHA256/g
s/\bMBEDTLS_SHA384_C\b/MBEDTLS_MD_CAN_SHA384/g
s/\bMBEDTLS_SHA512_C\b/MBEDTLS_MD_CAN_SHA512/g

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
41bc8b6b1e ECJPAKE: always use MD light
This enables access to all available hashes, instead of the previous
situation where you had to choose by including MD_C or not.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:28:00 +01:00
Manuel Pégourié-Gonnard
e0e161b54a
Merge pull request #7296 from valeriosetti/issue7253-part1
driver-only ECDH: enable ECDH-based TLS 1.2 key exchanges -- part 1
2023-03-21 16:09:02 +01:00
Dave Rodgman
3543806026
Merge pull request #7190 from yanrayw/6197_rsa_get_padding_hashID
RSA: provide interface to retrieve padding mode and hash_id
2023-03-20 18:34:53 +00:00
Dave Rodgman
d3b6e92967
Merge pull request #997 from gilles-peskine-arm/aesni-intrinsics
Implement AESNI with intrinsics
2023-03-20 18:20:51 +00:00
Dave Rodgman
c5807a6fa8
Merge pull request #6918 from yuhaoth/pr/add-gcm-with-armv8-crypto-extension
Add GCM  with armv8 crypto extension
2023-03-20 14:45:14 +00:00
Valerio Setti
5d1f29e700 ssl_tls: fix guards for accelerated ECDH
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-03-20 14:02:07 +01:00
Manuel Pégourié-Gonnard
c9ef476431
Merge pull request #7192 from joerchan/psa-update-mbedtls
psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys
2023-03-20 09:47:07 +01:00
Manuel Pégourié-Gonnard
14c194aae9
Merge pull request #7271 from mpg/use-md-light
Use md light
2023-03-20 09:01:16 +01:00
Dave Rodgman
f918d42332 Tidy up ARMCE terminology
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-03-17 17:52:23 +00:00
Gilles Peskine
36b9e47eed Fix preprocessor conditional
This was intended as an if-else-if chain. Make it so.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-17 17:31:18 +01:00
Gilles Peskine
30e9f2a293 Finish sentence in comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-17 17:29:58 +01:00
Manuel Pégourié-Gonnard
3831637e85 Handle dependency on ECP_C in ECC KDF
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 15:21:26 +01:00
Joakim Andersson
bb576febb2 psa_crypto: Fix psa_key_derivation_output_key ECC without builtin keys
Fix psa_key_derivation_output_key not being able to derive ECC keys
without MBEDTLS_BUILTIN ECC key types enabled.
The PSA crypto drivers can generate these keys without requiring the
builtin key types.

Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>
2023-03-17 15:21:26 +01:00
Yanray Wang
d41684e8bc rsa.c: rename getter function of hash_id
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-03-17 18:57:42 +08:00
Dave Rodgman
0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing
Add parsing for Record Size Limit extension in TLS 1.3
2023-03-17 10:18:34 +00:00
Paul Elliott
9f02a4177b
Merge pull request #7009 from mprse/csr_write_san
Added ability to include the SubjectAltName extension to a CSR - v.2
2023-03-17 10:07:27 +00:00
Manuel Pégourié-Gonnard
b33ef74d44 Use MD_LIGHT, not sha1.h, in RSA selftest
Same note as previous commit regarding guards.

Note that we could auto-enable MD_LIGHT only when SELF_TEST is defined,
and even only when SHA1_C is defined too, but somewhere down the line
we'll want to auto-enable it for the sake of other RSA function (not in
selftest and could use any hash), so there's little point in optimizing
the temporary condition, let's use the simple one upfront.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:28 +01:00
Manuel Pégourié-Gonnard
8316209c02 Use MD_LIGHT rather than md5.h in pem.c
But, for now, still guard things with MBEDTLS_MD5_C, as md.c can only
compute MD5 hashes when MBEDTLS_MD5_C is defined. We'll change the
guards once that has changed.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-17 09:43:27 +01:00
Manuel Pégourié-Gonnard
ec000c1a00
Merge pull request #7242 from mpg/md-dispatch-psa
Implement MD dispatch to PSA
2023-03-17 09:42:40 +01:00
Janos Follath
c18cd0c8e6
Merge pull request #7230 from gabor-mezei-arm/6850_Secp256r1_fast_reduction
Extract Secp256r1 fast reduction from the prototype
2023-03-16 19:43:25 +00:00
Gilles Peskine
9c682e724a AESNI: Overhaul implementation selection
Have clearly separated code to:
* determine whether the assembly-based implementation is available;
* determine whether the intrinsics-based implementation is available;
* select one of the available implementations if any.

Now MBEDTLS_AESNI_HAVE_CODE can be the single interface for aes.c and
aesni.c to determine which AESNI is built.

Change the implementation selection: now, if both implementations are
available, always prefer assembly. Before, the intrinsics were used if
available. This preference is to minimize disruption, and will likely
be revised in a later minor release.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:21:33 +01:00
Gilles Peskine
0de8f853f0 Clean up AES context alignment code
Use a single auxiliary function to determine rk_offset, covering both
setkey_enc and setkey_dec, covering both AESNI and PADLOCK. For AESNI, only
build this when using the intrinsics-based implementation, since the
assembly implementation supports unaligned access.

Simplify "do we need to realign?" to "is the desired offset now equal to
the current offset?".

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 17:14:59 +01:00
Dave Rodgman
3ac99fdf07
Merge pull request #7301 from gilles-peskine-arm/msan-explicit_bzero
Fix Msan failure with explicit_bzero
2023-03-16 14:55:18 +00:00
Gilles Peskine
0f454e4642 Use consistent guards for padlock code
The padlock feature is enabled if
```
defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_HAVE_X86)
```
with the second macro coming from `padlock.h`. The availability of the
macro `MBEDTLS_PADLOCK_ALIGN16` is coincidentally equivalent to
`MBEDTLS_HAVE_X86` but this is not meaningful.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 14:58:46 +01:00
Dave Rodgman
680dbd46ae
Merge pull request #7270 from DemiMarie/oid-fix
Fix segfault in mbedtls_oid_get_numeric_string
2023-03-16 12:21:36 +00:00
Gilles Peskine
148cad134a Fix unaligned access if the context is moved during operation
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 13:08:42 +01:00
Gilles Peskine
d0185f78c0 Fix typo in comment
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 13:08:18 +01:00
Gilles Peskine
0cd9ab7107 Fix code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 13:06:14 +01:00
Gilles Peskine
a8d2ff3fdf Fix Msan failure with explicit_bzero
On some platforms, including modern Linux, Clang with Msan does not
recognize that explicit_bzero() writes well-defined content to its output
buffer. For us, this causes CMAC operations to fail in Msan builds when
mbedtls_platform_zeroize() is implemented over explicit_bzero(). Fix this.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-03-16 10:53:46 +01:00
Manuel Pégourié-Gonnard
f48b1f810e Rename internal function to something clearer
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard
39a376a417 Finish removing HMAC from MD-light
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
9b14639342 Dispatch according to init status.
We shouldn't dispatch to PSA when drivers have not been initialized yet.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
7abdf7eee5 Add utility function to check for drivers init
This will be used in the next commit.

While at it, move driver initialization before RNG init - this will be
handy when the entropy module wants to use drivers for hashes.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard
d8ea37f1a3 Add engine field to context structure
For multi-part operations, we want to make the decision to use PSA or
not only once, during setup(), and remember it afterwards. This supports
the introduction, in the next few commits, of a dynamic component to
that decision: has the PSA driver sub-system been initialized yet?

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:50 +01:00
Gilles Peskine
12612e5ab4 Implement md over PSA
When MBEDTLS_MD_xxx_VIA_PSA is enabled (by mbdetls/md.h), route calls to xxx
over PSA rather than through the built-in implementation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:50 +01:00
Gilles Peskine
83d9e09b15 Switch metadata functions to the PSA-aware availability symbols
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-16 09:46:50 +01:00
Pengyu Lv
b1895899f1 ssl_cache: Improve some comments
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-16 14:33:28 +08:00
Demi Marie Obenour
889534a4d2 Fix segfault in mbedtls_oid_get_numeric_string
When passed an empty OID, mbedtls_oid_get_numeric_string would read one
byte from the zero-sized buffer and return an error code that depends on
its value.  This is demonstrated by the test suite changes, which
check that an OID with length zero and an invalid buffer pointer does
not cause Mbed TLS to segfault.

Also check that second and subsequent subidentifiers are terminated, and
add a test case for that.  Furthermore, stop relying on integer division
by 40, use the same loop for both the first and subsequent
subidentifiers, and add additional tests.

Signed-off-by: Demi Marie Obenour <demiobenour@gmail.com>
2023-03-16 01:06:41 -04:00