yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
16504 commits 1 branch 0 tags 94 MiB
Commit graph

4734 commits

Author SHA1 Message Date
Hanno Becker
9ed1ba5926 Rename MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE 
New name MBEDTLS_ERR_SSL_BAD_CERTIFICATE

Also, replace some instances of MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
by MBEDTLS_ERR_SSL_DECODE_ERROR and MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER
as fit.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
5697af0d3d Remove MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
cbc8f6fd5d Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
a0ca87eb68 Remove MBEDTLS_ERR_SSL_BAD_HS_FINISHED 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
d200296f17 Remove MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
d934a2aafc Remove MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
d3eec78258 Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
666b5b45f7 Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
029cc2f97b Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
b24e74bff7 Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP error code 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
d01fc5f583 Introduce MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE error code 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
241c19707b Remove MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
bc00044279 Rename MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION 
New name is MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
93636cce4a Add MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
2fe5f61e1a Add generic codes for syntactic and semantic message parsing errors 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Janos Follath
8a88f6274c
Merge pull request #4726 from athoelke/at-pbkdf2-doc-fixes 
Fixes for PBKDF2 documentation
 2021-06-28 09:47:57 +01:00
Andrew Thoelke
52d18cd9a4
Remove trailing space 
Signed-off-by: Andrew Thoelke <andrew.thoelke@arm.com>
 2021-06-25 11:03:57 +01:00
Ronald Cron
3698fa1043
Merge pull request #4673 from gilles-peskine-arm/psa_crypto_spm-from_platform_h 
Fix and test the MBEDTLS_PSA_CRYPTO_SPM build
 2021-06-25 09:01:08 +02:00
Gilles Peskine
1fed4b8324
Merge pull request #4720 from gilles-peskine-arm/gcm-finish-outlen 
Add output_length parameter to mbedtls_gcm_finish
 2021-06-24 20:02:40 +02:00
Andrew Thoelke
a0f4b595c5
Fixes for PBKDF2 documentation 
Fix typos in the PBKDF2 documentation

Correct the constraints on PSA_KEY_USAGE_DERIVE and PSA_KEY_USAGE_VERIFY_DERIVATION, aligning them with the note against psa_key_derivation_input_key(). All key inputs must have the required usage flag to permit output or verification.

Correct the constraints on PSA_KEY_DERIVATION_INPUT_SECRET and PSA_KEY_DERIVATION_INPUT_PASSWORD, aligning them with 4feb611. psa_key_derivation_verify_key() does not require the secret/password input to be a key.

Signed-off-by: Andrew Thoelke <andrew.thoelke@arm.com>
 2021-06-24 16:47:14 +01:00
Gilles Peskine
fedd52ca19
Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation 
Require matching hashlen in RSA functions: implementation
 2021-06-24 10:28:20 +02:00
Gilles Peskine
5a7be10419 Add output_length parameter to mbedtls_gcm_finish 
Without this parameter, it would be hard for callers to know how many bytes
of output the function wrote into the output buffer. It would be possible,
since the cumulated output must have the same length as the cumulated input,
but it would be cumbersome for the caller to keep track.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-23 21:51:32 +02:00
Gilles Peskine
f06b92d724
Merge pull request #4567 from mstarzyk-mobica/gcm_ad 
Enable multiple calls to mbedtls_gcm_update_ad
 2021-06-23 19:36:23 +02:00
Dave Rodgman
cb17fc34cf
Merge pull request #4671 from mpg/x509-crt-profile-public 
Make the fields of mbedtls_x509_crt_profile public
 2021-06-23 16:06:12 +01:00
Ronald Cron
4f7cc1bb63
Merge pull request #4713 from gilles-peskine-arm/psa-storage-format-test-lifetimes-3.0 
PSA storage format: test lifetimes
Almost straightforward of #4392 thus merging with only one approval.
 2021-06-23 15:22:03 +02:00
Ronald Cron
44a0ae920c
Merge pull request #4710 from mstarzyk-mobica/ccm_taglen 
Add missing tag_len in ccm api.
PR-4710-merge TLS Testing  run successfully and the failure in PR-4710-head TLS Testing are CI problems thus merging.
 2021-06-23 14:20:26 +02:00
Gilles Peskine
91466c8d3f Hopefully clarify the example 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-23 13:53:56 +02:00
Gilles Peskine
52bb83e6ad Fix mbedtls_svc_key_id_is_null when KEY_ID_ENCODES_OWNER 
A null key id is a null key id even when it has an owner attached to it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-23 13:53:56 +02:00
Gilles Peskine
d133bb2909 New macro PSA_KEY_LIFETIME_IS_READ_ONLY 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-23 13:43:08 +02:00
Mateusz Starzyk
82c48c992c Adjust tag_len documentation for the mbedtls_ccm_finish(). 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-06-23 12:39:40 +02:00
Gilles Peskine
c9d86a05ce
Merge pull request #4665 from yanesca/issue-3990-fix_psa_verify_with_alt 
Fix PSA RSA PSS verify with ALT implementations
 2021-06-23 11:47:38 +02:00
Mateusz Starzyk
98d45b90b0 Add missing tag_len in ccm api. 
Function ccm_set_lengths requires tag_len argument for
the B[0] calculation.

Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-06-23 10:49:22 +02:00
Gilles Peskine
e9bc857327
Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export 
Implement modified key export API for Mbed TLS 3.0
 2021-06-22 18:52:37 +02:00
Gilles Peskine
9dbbc297a3 PK signature function: require exact hash length 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-22 18:39:41 +02:00
Manuel Pégourié-Gonnard
e7885e5441 RSA: Require hashlen to match md_alg when applicable 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-22 12:29:27 +02:00
Manuel Pégourié-Gonnard
3e7ddb2bb6
Merge pull request #4604 from gilles-peskine-arm/default-hashes-curves-3.0 
Update the default hash and curve selection for X.509 and TLS
 2021-06-22 12:08:37 +02:00
Manuel Pégourié-Gonnard
508d3a5824
Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext 
Remove truncated HMAC extension
 2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard
a805d57261
Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA 
Remove MD2, MD4, RC4, Blowfish and XTEA
 2021-06-22 09:27:41 +02:00
Janos Follath
b795332401 mbedtls_rsa_rsassa_pss_*: improve documentation 
Hashes used in RSA-PSS encoding (EMSA-PSS-ENCODE, see §9.1.1 in RFC
8017):

- H1: Hashing the message (step 2)
- H2: Hashing in the salt (step 6)
- H3: Mask generation function (step 9)

According to the standard:

- H1 and H2 MUST be done by the same hash function
- H3 is RECOMMENDED to be the same as the hash used for H1 and H2.

According to the implementation:

- H1 happens outside of the function call. It might or might not happen
and the implementation might or might not be aware of the hash used.
- H2 happens inside the function call, consistency with H1 is not
enforced and might not even be possible to detect.
- H3 is done with the same hash as H2 (with the exception of
mbedtls_rsassa_pss_verify_ext(), which takes a dedicated parameter for
the hash used in the MGF).

Issues with the documentation:

- The comments weren't always clear about the three hashes involved and
often only mentioned two of them (which two varied from function to
function).
- The documentation was giving the impression that the standard
recommends aligning H2 and H1 (which is not a recommendation but a
must).

Signed-off-by: Janos Follath <janos.follath@arm.com>
 2021-06-21 10:39:04 +01:00
Hanno Becker
d8f32e72b4 Move export callback and context to the end of SSL context 
This saves some code when compiling for Thumb, where access to
fields with offset index > 127 requires intermediate address
computations. Frequently used fields should therefore be located
at the top of the structure, while less frequently used ones --
such as the export callback -- can be moved to the back.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Hanno Becker
e0dad720ee Remove return value from key export callback 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Hanno Becker
7e6c178b6d Make key export callback and context connection-specific 
Fixes #2188

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Hanno Becker
22b34f75cd Remote key export identifier used for TLS < 1.2. 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Hanno Becker
ddc739cac4 Add missing documentation for key export callback parameters 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Hanno Becker
457d61602f Define and implement new key export API for Mbed TLS 3.0 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Hanno Becker
2d6e6f8fec Remove '_ext' suffix from SSL key exporter API 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Hanno Becker
78ba2af7c2 Remove old key export API 
Seems to be an oversight that this wasn't marked deprecated.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard
9a32d45819
Merge pull request #4517 from hanno-arm/ticket_api_3_0 
Implement 3.0-API for SSL session resumption
 2021-06-18 18:34:45 +02:00
Manuel Pégourié-Gonnard
ae35830295
Merge pull request #4661 from mpg/make-blinding-mandatory 
Make blinding mandatory
 2021-06-18 18:32:13 +02:00
Dave Rodgman
8c8166a7f1
Merge pull request #4640 from TRodziewicz/move_part_of_timing_module_out_of_the_library_and_to_test 
Move part of timing module out of the library
 2021-06-18 16:35:58 +01:00