yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
19209 commits 1 branch 0 tags 94 MiB
Commit graph

5082 commits

Author SHA1 Message Date
Ronald Cron
de1adee51a Rename ssl_cli/srv.c 
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512 
Add rsae sha384 sha512
 2022-03-29 14:01:51 +02:00
Manuel Pégourié-Gonnard
cefa904759
Merge pull request #5622 from paul-elliott-arm/timing_delay_accessor 
Accessor for mbedtls_timing_delay_context final delay
 2022-03-25 09:14:41 +01:00
Jerry Yu
e6e73d63ec fix comments issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-24 13:07:28 +08:00
Manuel Pégourié-Gonnard
5e4bf95d09
Merge pull request #5602 from superna9999/5174-md-hmac-dtls-cookies 
MD: HMAC in DTLS cookies
 2022-03-23 13:05:24 +01:00
Neil Armstrong
488a40eecb Rename psa_hmac to psa_hmac_key in mbedtls_ssl_cookie_ctx 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-22 10:41:38 +01:00
Neil Armstrong
c0db7623ec Also guard include of mbedtls/threading.h in ssl_cookie.h when USE_PSA_CRYPTO is set 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-22 10:38:58 +01:00
Jerry Yu
406cf27cb5 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:14:53 +08:00
Jerry Yu
b02ee18e64 replace use_psa_crypto with psa_crypto_c 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu
704cfd2a86 fix comments and style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:35 +08:00
Jerry Yu
718a9b4a3f fix doxgen fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
bc18c23531 Guard pk_sign_ext with PSA_CRYPTO_C 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
79c004148d Add PSA && TLS1_3 check_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
8beb9e173d Change prototype of pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
d69439aa61 add mbedtls_pk_sign_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Paul Elliott
b9af2db4cf Add accessor for timing final delay 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-03-21 15:26:19 +00:00
Manuel Pégourié-Gonnard
7c92fe966a
Merge pull request #5614 from gabor-mezei-arm/5203_tls_cipher_tickets_use_psa_for_protection 
TLS Cipher 2a: tickets: use PSA for protection
 2022-03-17 09:50:09 +01:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless 
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
 2022-03-15 16:43:19 +00:00
Dave Rodgman
868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal 
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
 2022-03-14 12:57:37 +00:00
Manuel Pégourié-Gonnard
c11bffe989
Merge pull request #5139 from mprse/key_der_ecc 
PSA: implement key derivation for ECC keys
 2022-03-14 09:17:13 +01:00
Gabor Mezei
2a02051286
Use PSA in TLS ticket handling 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 17:09:59 +01:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data 
server certificate selection callback
 2022-03-10 11:51:42 +01:00
Glenn Strauss
9bff95f051 Adjust comment describing mbedtls_ssl_set_hs_own_cert() 
mbedtls_ssl_set_hs_own_cert() is callable from the certificate selection
callback.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-03-10 04:45:27 -05:00
Manuel Pégourié-Gonnard
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c 
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
 2022-03-08 11:43:45 +01:00
Neil Armstrong
7cd0270d6c Drop mutex in mbedtls_ssl_cookie_ctx when PSA is used 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
Neil Armstrong
77b69ab971 Remove non-PSA MAC key in mbedtls_ssl_cookie_ctx 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 14:45:45 +01:00
Daniel Axtens
f071024bf8 Do not include time.h without MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 05:07:45 -05:00
Neil Armstrong
bca99ee0ac Add PSA key in mbedtls_ssl_cookie_ctx 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 10:20:20 +01:00
Przemek Stekiel
3f076dfb6d Fix comments for conditional compilation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-04 09:36:46 +01:00
Gilles Peskine
1f13e984ad
Merge pull request #5529 from superna9999/5514-translate-psa-errs-to-mbedtls 
Rename, move and refine PSA to mbedtls PK errors mappings
 2022-03-03 13:30:29 +01:00
Gilles Peskine
d929dbbb25
Merge pull request #5368 from mfil/feature/additional_md_getters 
Add function to get message digest info from context
 2022-03-02 16:44:26 +01:00
Neil Armstrong
19915c2c00 Rename error translation functions and move them to library/pk_wrap.* 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-01 15:21:02 +01:00
Gilles Peskine
f48bd4bccb
Merge pull request #5371 from AndrzejKurek/doxygen-duplicate-parameter-docs 
doxygen: merge multiple descriptions of the same return codes
 2022-02-28 17:09:45 +01:00
Gilles Peskine
0037fcd6c7
Merge pull request #4910 from gilles-peskine-arm/check_config-chachapoly-development 
Add check_config checks for AEAD
 2022-02-28 17:07:48 +01:00
Glenn Strauss
0ebf24a668 Adjust comment describing mbedtls_ssl_conf_sni() 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Glenn Strauss
6989407261 Add accessor to retrieve SNI during handshake 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Glenn Strauss
36872dbd0b Provide means to reset handshake cert list 
Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null.  Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:48 -05:00
Glenn Strauss
2ed95279c0 Add server certificate selection callback 
https://github.com/ARMmbed/mbedtls/issues/5430

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 17:31:49 -05:00
Neil Armstrong
3f9cef4547 Remove actual and use new PSA to mbedtls PK errors mapping functions 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 15:44:39 +01:00
Neil Armstrong
ea761963c5 Add specialized PSA to mbedtls PK/RSA error mapping function 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 14:37:00 +01:00
Neil Armstrong
cd501f406e Add specialized PSA to mbedtls PK/ECDSA error mapping function 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 14:37:00 +01:00
Neil Armstrong
a3fdfb4925 Introduce new PSA to mbedtls PK error mapping function 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-22 14:37:00 +01:00
Przemyslaw Stekiel
6d3d18b2dc psa_generate_derived_key_internal, psa_generate_derived_ecc_key_weierstrass_helper: optimize the code 
Perform the following optimizations:
- fix used flags for conditional compilation
- remove redundant N variable
- move loop used to generate valid k value to helper function
- fix initial value of status
- fix comments

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-22 13:35:27 +01:00
Gilles Peskine
57bf02bd58 ssl_conf_{min,max}_version documentation: update for 1.3 and improve 
Mention that TLS 1.3 is supported, in addition to (D)TLS 1.2.

Improve and clarify the documentation. In particular, emphasise that the
minor version numbers are the internal numbers which are off by one from the
human numbers.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:02 +01:00
Gilles Peskine
ce4f00de69 Reference get_version_number from the conf_xxx_version documentation 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:02 +01:00
Gilles Peskine
d44e050339 get_version_number documentation: explicitly mention VERSION_UNKNOWN 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:02 +01:00
Gilles Peskine
ded2a42ac1 Use a union instead of casts 
Same intended semantics, no casts.

Limitation: this doesn't work on architectures where
sizeof(uintptr_t) < sizeof(void*), which is somewhat weird but possible if
pointers contain redundant information.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:02 +01:00
Gilles Peskine
1e265d2e68 Fix swapped documentation of set_user_data_{n,p} 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:02 +01:00
Gilles Peskine
49d7ddf7f3 Serializing a context does not save the user data 
The user data is typically a pointer to a data structure or a handle which
may no longer be valid after the session is restored. If the user data needs
to be preserved, let the application do it. This way, it is a conscious
decision for the application to save/restore either the pointer/handle
itself or the object it refers to.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00
Gilles Peskine
80dae04f24 Make user_data fields private 
Add accessor functions.

Add unit tests for the accessor functions.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-21 15:14:01 +01:00