mbedtls

Author	SHA1	Message	Date
Jerry Yu	95699e72f3	Add session ticket identity check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Jerry Yu	661dd943b6	Add dummy server name extension paser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Jerry Yu	e976492a11	Add session ticket tests for client Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Jerry Yu	e6527512d2	Add obfuscated_ticket_age write Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Jerry Yu	49d63f8c36	Implement generate resumption master secret Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Jerry Yu	db8c5faed7	Add getting session ticket for client - Move ssl_get_psk_to_offer to `ssl_tls13_client.c` - Rename to `ssl_tls13_get_psk_to_offer` - Add session ticket parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 23:24:25 +08:00
Ronald Cron	e00d6d6b55	Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation TLS 1.3: SRV: Finalize external PSK negotiation	2022-08-31 17:21:57 +02:00
Jerry Yu	1e05b6dd6d	fix coding style and unnecessary assignment Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-31 10:35:52 +08:00
Manuel Pégourié-Gonnard	bf22a2500b	Merge pull request #6208 from AndrzejKurek/tls-tests-no-md-structured Remove the dependency on MD from TLS 1.2 tests	2022-08-30 12:34:37 +02:00
Dave Rodgman	0edfa9dd26	Merge pull request #6207 from daverodgman/ticket_time Fix type used for capturing TLS ticket generation time	2022-08-30 10:03:06 +01:00
Jerry Yu	e5834fd0d7	remove unnecessary test also optimize check sum Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-29 20:33:33 +08:00
Jerry Yu	0baf907e11	remove `select_ciphersuite` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-25 11:21:04 +08:00
Jerry Yu	c5a23a0f12	fix various issues - code style - variable initialize - update comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-25 11:09:35 +08:00
Dave Rodgman	fac3ea5656	Merge pull request #6184 from leorosen/ssl_tls_curve_group_id_null_protect mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing	2022-08-24 15:16:45 +01:00
Tom Cosgrove	bcc13c943f	Add further missing whitespaces inside parentheses Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com> Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-24 15:08:16 +01:00
Tom Cosgrove	20c1137350	Fix coding style Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com> Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-24 15:06:13 +01:00
Dave Rodgman	5a28142410	Merge pull request #6189 from Kxuan/fix-ctr_drbg-uninit ctr_drbg: fix free uninitialized aes context	2022-08-24 14:58:44 +01:00
Jerry Yu	f35ba384ff	Add select ciphersuite entry function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-23 22:01:58 +08:00
Jerry Yu	dd1bef788e	Add ciphersuite_info check return null if no valid ciphersuite info Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-23 17:57:02 +08:00
Jerry Yu	29d9faa468	fix various issues. - comments issues - code format style issues - naming improvement. - error return improvements Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-23 17:53:43 +08:00
Andrzej Kurek	299b1d6c93	Remove unnecessary `psa/crypto.h` include This is now included in `legacy_or_psa.h`. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-23 05:42:33 -04:00
Andrzej Kurek	cccb044804	Style & formatting fixes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-23 05:26:02 -04:00
Janos Follath	645ff5b8ff	Merge pull request #6095 from gabor-mezei-arm/6016_add_new_modulus_and_residue_structures Add the new modulus and the residue structures with low level I/O operations	2022-08-23 09:02:43 +01:00
Andrzej Kurek	7e16ce3a72	Clarify TLS 1.2 dependencies with and without PSA crypto Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	8c95ac4500	Add missing dependencies / alternatives A number of places lacked the necessary dependencies on one of the used features: MD, key exchange with certificate, entropy, or ETM. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	25f271557b	Update SHA and MD5 dependencies in the SSL module The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO is defined and respective SHA / MD5 defines are missing. A new set of macros added in #6065 is used to reflect these dependencies. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	0ce592169e	Use hash_info_get_size in ssl_tls12_client This way the code does not rely on the MBEDTLS_MD_C define Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	a242e83b21	Rename the sha384 checksum context to reflect its purpose Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:02:04 -04:00
Gilles Peskine	e5018c97f9	Merge pull request #6195 from superna9999/6149-driver-only-hashes-ec-j-pake Driver-only hashes: EC J-PAKE	2022-08-22 17:28:15 +02:00
Gilles Peskine	20ebaac85e	Merge pull request #6211 from tom-cosgrove-arm/explicit-warning-re-ct-conditions-not-0-or-1 Be explicit about constant time bignum functions that must take a 0 or 1 condition value	2022-08-22 17:24:04 +02:00
Gilles Peskine	03f1c39ac7	Merge pull request #6171 from mprse/md_x509_test Driver-only hashes: X.509	2022-08-22 17:18:47 +02:00
Janos Follath	2e328c8591	Remove confusing const qualifier Since a is not a pointer, it is passed by value and declaring it const doesn’t make any sense and on the first read can make me miss the fact that a is not a pointer. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-22 11:19:10 +01:00
Janos Follath	c459641ad1	Bignum: add missing limb qualifiers Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-22 10:04:52 +01:00
Janos Follath	af3f39c01c	Fix typos Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com> Co-authored-by: Werner Lewis <Werner.Lewis@arm.com> Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-22 09:08:04 +01:00
Jerry Yu	5725f1cf3a	Align ciphersuite with overwrite. Selected ciphersuite MUST be same with ciphsersuite of PSK. Overwrite the old ciphersuite with the one of PSK. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 17:50:27 +08:00
Jerry Yu	01e42d2d4c	fix issues in export handshake psk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 13:00:07 +08:00
Jerry Yu	9f7f646b11	Revert "remove psk key when ephemeral selected" This reverts commit `5c28e7aa0e`. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:59:17 +08:00
Jerry Yu	e9d4fc09a3	fix binder value security issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:59:17 +08:00
Jerry Yu	24b8c813c4	fix comments and wrong initial value issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:55:45 +08:00
Jerry Yu	5d01c05d93	fix various issues - wrong typo in comments - replace psk null check with key_exchange_mode check - set psk NULL when error return in export hs psk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:55:01 +08:00
Jerry Yu	6cf6b47b5c	fix format and comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:54:53 +08:00
Dave Rodgman	beb4fc0723	Merge pull request #6185 from leorosen/tls12_server_null_on_missing_key ssl_tls12_server: fix potential NULL-dereferencing if local certifica…	2022-08-19 20:22:59 +01:00
Leonid Rozenboim	19e5973566	mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing Avoid the shorthand practice of the form 'x = func(foo)->bar' which exposes the code to NULL pointer de-referencing when the 'func()' returns a NULL pointer. The first chunk is for when the curve group code is not recognized by the library, and is cleanly rejected if offered. The second chunk addresses the unlikely case of an internal error: if 'mbedtls_pk_can_do()' returns TRUE, it should rule out 'mbedtls_pk_ec()' returning a NULL, unless there is a regression. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-08-19 11:49:22 -07:00
Janos Follath	a95f204cd3	Improve documentation Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com> Co-authored-by: Werner Lewis <werner.wmlewis@gmail.com> Co-authored-by: Minos Galanakis <minos.galanakis@arm.com> Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-19 13:11:22 +01:00
Janos Follath	ca5688e10c	Improve coding style Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com> Co-authored-by: Werner Lewis <werner.wmlewis@gmail.com> Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-19 13:11:22 +01:00
Janos Follath	b7a88eca42	Bignum: Apply naming conventions Numbers: - A, B for mbedtls_mpi_uint* operands - a, b for mbedtls_mpi_uint operands - X or x for result - HAC references where applicable Lengths: - Reserve size or length for length/size in bytes or byte buffers. - For length of mbedtls_mpi_uint* buffers use limbs - Length parameters are qualified if possible (eg. input_length or a_limbs) Setup functions: - The parameters match the corresponding structure member's name - The structure to set up is a standard lower case name even if in other functions different naming conventions would apply Scope of changes/conventions: - bignum_core - bignum_mod - bignum_mod_raw Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-19 13:11:22 +01:00
Janos Follath	6b8a4ad0d8	Bignum: update const qualifiers While at it, mark parameters based on their role. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-19 13:11:22 +01:00
Neil Armstrong	ecaba1c9b2	Make use of PSA crypto hash if MBEDTLS_MD_C isn't defined Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-19 11:49:22 +02:00
Neil Armstrong	0d76341eac	Remove md_info by md_type in ecjpake context, use mbedtls_hash_info_get_size() to get hash length Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-19 11:49:22 +02:00
Przemek Stekiel	bc3906c58f	pem_pbkdf1(): optimize psa version Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:36:57 +02:00

1 2 3 4 5 ...

9283 commits