yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
16878 commits 1 branch 0 tags 94 MiB
Commit graph

7189 commits

Author SHA1 Message Date
Gilles Peskine
8bb9b80d18
Merge pull request #4806 from hanno-arm/ssl_session_serialization_version 
Store TLS version in SSL session structure
 2021-08-02 12:45:55 +02:00
Hanno Becker
fa0d61e559 Fix typo 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-02 08:56:14 +01:00
Hanno Becker
dce50974bf Prefix "version" with "library" or "protocol" to avoid ambiguity 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-01 05:39:23 +01:00
Hanno Becker
37bdbe6c4d Remove mentions of truncated HMAC from ssl_tls.c 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-01 05:38:58 +01:00
Manuel Pégourié-Gonnard
8da9dc05e8
Merge pull request #4748 from TRodziewicz/re-introduce_ext_checks_for_psa_unlock-wipe_key_slot 
Re-introduction of key slot checks
 2021-07-29 13:45:57 +02:00
Manuel Pégourié-Gonnard
b637150dfe
Merge pull request #4730 from TRodziewicz/finish_removing_tls_1.0_and_1.1 
Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
 2021-07-27 09:42:53 +02:00
Hanno Becker
fadbdbb576 Store TLS version in SSL session structure 
Instances of `mbedtls_ssl_session` represent data enabling session resumption.

With the introduction of TLS 1.3, the format of this data changes. We therefore
need TLS-version field as part of `mbedtlsl_ssl_session` which allows distinguish
1.2 and 1.3 sessions.

This commit introduces such a TLS-version field to mbedtls_ssl_session.

The change has a few ramifications:

- Session serialization/deserialization routines need to be adjusted.

  This is achieved by adding the TLS-version after the header of
  Mbed TLS version+config, and by having the subsequent structure
  of the serialized data depend on the value of this field.

  The details are described in terms of the RFC 8446 presentation language.

  The 1.2 session (de)serialization are moved into static helper functions,
  while the top-level session (de)serialization only parses the Mbed TLS
  version+config header and the TLS-version field, and dispatches according
  to the found version.

  This way, it will be easy to add support for TLS 1.3 sessions in the future.

- Tests for session serialization need to be adjusted

- Once we add support for TLS 1.3, with runtime negotiation of 1.2 vs. 1.3,
  we will need to have some logic comparing the TLS version of the proposed session
  to the negotiated TLS version. For now, however, we only support TLS 1.2,
  and no such logic is needed. Instead, we just store the TLS version in the
  session structure at the same point when we populate mbedtls_ssl_context.minor_ver.

The change introduces some overlap between `mbedtls_ssl_session.minor_ver` and
`mbedtls_ssl_context.minor_ver`, which should be studied and potentially resolved.
However, with both fields being private and explicitly marked so, this can happen
in a later change.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-07-23 06:25:48 +01:00
Gilles Peskine
3b9bea0757
Merge pull request #4750 from yutotakano/fix-reserved-identifier-clash 
Replace reserved identifier clashes with suitable replacements
 2021-07-22 16:20:56 +02:00
Yuto Takano
538a0cbcf4 Replace _RR with prec_RR to prevent reserved identifier clashes 
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
 2021-07-14 10:20:09 +01:00
TRodziewicz
c9890e9a8c Rewording comments 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-14 10:16:26 +02:00
TRodziewicz
829fe7038d Correction to callback declaration and usage 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-13 12:23:12 +02:00
TRodziewicz
18cddc08c7 Reverting comments deleted in previous PR 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-13 12:19:15 +02:00
Yuto Takano
36c8ddc4cc Replace _B with B to prevent reserved identifier clashes 
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
 2021-07-12 16:02:07 +01:00
Archana
277572fa2b Fix coding style issue 
Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-07-12 09:00:57 +05:30
Archana
1d2e2bb8cc Add missing Curve448 support for PSA keys 
mbedtls_ecp_read_key and mbedtls_ecp_write_key are updated to include
support for Curve448 as prescribed by RFC 7748 §5.

Test suites have been updated to validate curve448 under Montgomery
curves.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-07-12 08:02:54 +05:30
TRodziewicz
299510e889 Correction to comments and changelog removed 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-09 16:55:11 +02:00
TRodziewicz
7871c2e736 Adding new macro for tests failing 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-09 14:27:04 +02:00
David Horstmann
44f6390c32 Remove redundant hash len check 
Remove a check in rsa_rsassa_pkcs1_v15_encode() that
is not needed because the same check is performed
earlier. This check was added in #4707.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-07-08 12:46:26 +01:00
TRodziewicz
458280e67c Correction to outdated comment 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-07 11:33:06 +02:00
Dave Rodgman
45419c1ee5 Revert "Add auto-generated files" 
This reverts commit 3e84187132.
 2021-07-06 20:44:59 +01:00
TRodziewicz
345165c1f7 Reverting deleted macros 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-06 13:42:11 +02:00
TRodziewicz
302ed2bf7d Reverting the TLS 1.3 compatibility 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-05 16:55:27 +02:00
TRodziewicz
d9be65277d Corrections to the new functions names and error message wording 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-05 15:16:00 +02:00
TRodziewicz
053b99b90b Re-introduction of key slot chekcs 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-07-05 12:06:03 +02:00
Dave Rodgman
527b82a34c Bump .so version numbers to stay ahead of 2.x 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-07-02 15:19:38 +01:00
Dave Rodgman
3e84187132 Add auto-generated files 
Add files generated by running make generated_files

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-07-01 09:45:38 +01:00
Dave Rodgman
7601657418 Bump library version numbers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-30 23:09:51 +01:00
Dave Rodgman
34d8cd2892 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.0.0rc0-pr 2021-06-30 22:51:02 +01:00
Dave Rodgman
9f5774f56d
Merge pull request #4739 from gabor-mezei-arm/3258_fp30_implement_one-shot_MAC_and_cipher 
Implement one-shot cipher
 2021-06-30 17:04:23 +01:00
Dave Rodgman
0a7ff4a4e2
Merge pull request #4741 from gabor-mezei-arm/3267_fp30_sign_verify_key_policies 
Key policy extension for PSA_KEY_USAGE_SIGN/VERIFY_HASH
 2021-06-30 14:50:57 +01:00
gabor-mezei-arm
5ce25d7806
Remove obsolete comment 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-30 10:46:00 +02:00
Dave Rodgman
dc1a3b2d70
Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0 
Cleanup SSL error code space
 2021-06-30 09:02:55 +01:00
gabor-mezei-arm
00e54f1133
Fix minor issues 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:55:25 +02:00
gabor-mezei-arm
6158e283cc
Check the return status of the functions first 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:55:24 +02:00
gabor-mezei-arm
58c1727775
Add buffer overflow check 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:55:24 +02:00
gabor-mezei-arm
3f860e4c18
Remove invalid buffer overflow check 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:55:24 +02:00
gabor-mezei-arm
47a8e14bb7
Typo 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:01 +02:00
gabor-mezei-arm
0a93b665f7
Fix possible unreachable code 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:01 +02:00
gabor-mezei-arm
90fceea268
Update documentation 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:01 +02:00
gabor-mezei-arm
258ae07fb0
Add checks for buffer size 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
e5ff8f430c
Use local variable instead of an ouput parameter 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
6f4e5bbe37
Initialize output buffer length to 0 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
0dfeaaf5c9
Remove confising comments 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
9951b50b8a
Remove comments 
These comment cannot bring more information than the code does.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
42cdb2a90b
Fix struct initialization 
Fix initialization of mbedtls_psa_cipher_operation_t by not initializing the mbedtls_cipher_context_t typed field completely.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
a9449a0b07
Dispatch cipher functions through the driver interface 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:48:59 +02:00
gabor-mezei-arm
ba0fa75eae
Implement one-shot cipher 
Implement one-shot cipher APIs, psa_cipher_encrypt and psa_cipher_decrypt, introduced in PSA Crypto API 1.0.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:14:34 +02:00
gabor-mezei-arm
95180fe808
Fix comment 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 17:06:33 +02:00
gabor-mezei-arm
43110b6b2c Do key usage policy extension when loading keys 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 17:05:49 +02:00
Dave Rodgman
39bd5a655e Address review comment 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 15:25:21 +01:00