mbedtls

Author	SHA1	Message	Date
Jerry Yu	f3b46b5082	Add debug message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:05 +08:00
Jerry Yu	d099cf0325	fix unused variable issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:47 +08:00
Jerry Yu	f55886a217	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:46 +08:00
Jerry Yu	6babfee178	remove out of scope codes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:46 +08:00
Jerry Yu	fb526693c1	Rename sig_alg cert_key check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:45 +08:00
Jerry Yu	f0cda410a4	remove default sig_hashes And add pss_rsae_* sig_algs to fix `Handshake TLS 1.3` test fails, which is part of `test_suite_ssl` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:45 +08:00
Jerry Yu	7ab7f2b184	Remove pkcs1 from certificate_verify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:44 +08:00
Jerry Yu	08524c55f9	remove pkcs1_* support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:44 +08:00
Jerry Yu	0ebce95785	create tls12/tls13 sig alg support check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:43 +08:00
Jerry Yu	f249ef7821	refactor get sig algo from pk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:40 +08:00
Ronald Cron	7898fd456a	Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server TLS 1.3 server: Send dummy change_cipher_spec records The internal CI PR-merge job ran successfully thus good to go.	2022-06-29 09:47:49 +02:00
Glenn Strauss	bd10c4e2af	Test accessors to config DN hints for cert request Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-29 02:54:28 -04:00
Gilles Peskine	d86abf2392	Merge pull request #5861 from wernerlewis/csr_subject_comma Fix output of commas and other special characters in X509 DN values	2022-06-28 21:00:49 +02:00
Glenn Strauss	999ef70b27	Add accessors to config DN hints for cert request mbedtls_ssl_conf_dn_hints() mbedtls_ssl_set_hs_dn_hints() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-28 12:43:59 -04:00
Neil Armstrong	9f1176a793	Move preferred_hash_for_sig_alg() check after ssl_pick_cert() and check if hash alg is supported with mbedtls_pk_can_do_ext() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:12:17 +02:00
Neil Armstrong	9f4606e6d2	Rename mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX in mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:12:17 +02:00
Neil Armstrong	0c9c10a401	Introduce mbedtls_ssl_get_ciphersuite_sig_pk_ext_alg() and use it in ssl_pick_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:10:48 +02:00
Gabor Mezei	f7044eaec8	Fix name Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 16:01:49 +02:00
Ronald Cron	e99ec7cb6a	Merge pull request #5908 from ronald-cron-arm/tls13-fixes-doc TLS 1.3: Fixes and add documentation Validated by the internal CI, no need to wait for the Open CI.	2022-06-28 12:16:17 +02:00
Gabor Mezei	96ae926572	Typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 11:56:26 +02:00
Gabor Mezei	5471912269	Move switching to handshake transform after sending CCS record Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 11:56:26 +02:00
Gabor Mezei	05ebf3be74	Revert "Do not encrypt CCS records" This reverts commit `96ec831385`. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 11:55:35 +02:00
Przemek Stekiel	4dc874453e	ssl_tls13_parse_certificate_verify(): optimize the code Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-28 11:05:42 +02:00
Manuel Pégourié-Gonnard	273453f126	Merge pull request #5983 from gstrauss/inline-mbedtls_x509_dn_get_next Inline mbedtls_x509_dn_get_next() in x509.h	2022-06-28 10:13:58 +02:00
Ronald Cron	11b5332ffc	tls13: Fix certificate extension size write Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	81a334fc02	tls13: Fix buffer overread checks in ssl_tls13_parse_alpn_ext() Some coding style alignement as well. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	7b8404608a	tls13: Rename ssl_tls13_write_hello_retry_request_coordinate Rename ssl_tls13_write_hello_retry_request_coordinate to ssl_tls13_prepare_hello_retry_request as it is more aligned with what the function does. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	fb508b8f21	tls13: Move state changes up to state main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	63dc463ed6	tls13: Simplify switch to the inbound handshake keys on server side Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	5afb904022	tls13: Move out of place handshake field reset Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	828aff6ead	tls13: Rename server_hello_coordinate to preprocess_server_hello Rename server_hello_coordinate to preprocess_server_hello as it is more aligned with what the function does. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	db5dfa1f1c	tls13: Move ServerHello fetch to the ServerHello top handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	9d6a545714	tls13: Re-organize EncryptedExtensions message parsing code Align the organization of the EncryptedExtensions message parsing code with the organization of the other message parsing codes. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	154d1b68d6	tls13: Fix wrong usage of MBEDTLS_SSL_CHK_BUF(_READ)_PTR macros Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	c80835943c	tls13: Fix pointer calculation before space check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	2827106199	tls13: Add missing buffer overread check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	b94854f8e3	Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests TLS 1.3: Enable and add tests	2022-06-28 09:15:17 +02:00
Glenn Strauss	01d2f52a32	Inline mbedtls_x509_dn_get_next() in x509.h Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-27 14:20:07 -04:00
Dave Rodgman	f5b7082f6e	Merge pull request #5811 from polhenarejos/bug_x448 Fix order value for curve x448	2022-06-27 13:47:24 +01:00
Werner Lewis	9b0e940135	Fix case where final special char exceeds buffer Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-27 12:01:22 +01:00
Przemek Stekiel	9e30fc94f3	Remove redundant spaces Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-27 12:48:35 +02:00
Werner Lewis	b33dacdb50	Fix parsing of special chars in X509 DN values Use escape mechanism defined in RFC 1779 when parsing commas and other special characters in X509 DN values. Resolves failures when generating a certificate with a CSR containing a comma in subject value. Fixes #769. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-27 11:19:50 +01:00
Przemek Stekiel	6a5e01858f	ssl_tls13_parse_certificate_verify(): remove md dependency Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-27 11:53:13 +02:00
Przemek Stekiel	6230d0d398	mbedtls_x509_sig_alg_gets(): remove md dependency Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-27 11:19:04 +02:00
Ronald Cron	cf600bc07c	Comment fixes Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:49 +02:00
Ronald Cron	2b1a43c101	tls13: Add missing overread check in Certificate msg parsing. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:49 +02:00
Ronald Cron	ad8c17b9c6	tls: Add overread/overwrite check failure tracking Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:49 +02:00
Ronald Cron	e3dac4aaa1	tls13: Add Certificate msg parsing tests with invalid vector lengths Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:42 +02:00
Ronald Cron	07040bb179	Merge pull request #5951 from xkqian/tls13_add_alpn Add ALPN extension to the server side	2022-06-27 08:33:03 +02:00
Ronald Cron	9738a8d0fd	Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks TLS 1.3: Fix certificate key usage checks	2022-06-27 08:32:17 +02:00
Paul Elliott	668b31f210	Fix the wrong variable being used for TLS record size checks Fix an issue whereby a variable was used to check the size of incoming TLS records against the configured maximum prior to it being set to the right value. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-06-24 20:09:37 +01:00
Ronald Cron	1938588e80	tls13: Align some debug messages with TLS 1.2 ones Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
XiaokangQian	0b776e282a	Change some comments for alpn Change-Id: Idf066e94cede9d26aa41d632c3a81dafcee38587 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-24 09:04:59 +00:00
Manuel Pégourié-Gonnard	93a7f7d7f8	Merge pull request #5954 from wernerlewis/x509_next_merged Add mbedtls_x509_dn_get_next function	2022-06-24 09:59:22 +02:00
XiaokangQian	95d5f549f1	Fix coding styles Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-24 05:42:15 +00:00
Przemek Stekiel	1b0ebdf363	Zeroize hkdf_label buffer Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-23 09:22:49 +02:00
Przemek Stekiel	38ab400dc4	Adapt code to be consistent with the existing code - init status to error - use simple assignment to status - fix code style (spaces) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-23 09:05:40 +02:00
XiaokangQian	c740345c5b	Adress review comments Change Code styles Add test cases Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-23 03:24:12 +00:00
Gabor Mezei	96ec831385	Do not encrypt CCS records According to the TLS 1.3 standard the CCS records must be unencrypted. When a record is not encrypted the counter, used in the dynamic IV creation, is not incremented. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-22 17:07:21 +02:00
Gabor Mezei	7b39bf178e	Send dummy change_cipher_spec records from TLS 1.3 server Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-22 17:07:21 +02:00
XiaokangQian	acb3992251	Add ALPN extension to the server side CustomizedGitHooks: yes Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-22 06:34:58 +00:00
Przemek Stekiel	d5ae365b97	Use PSA HKDF-Extrat/Expand algs instead mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_xpand() Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-21 07:22:33 +02:00
Przemek Stekiel	88e7101d03	Remove mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_expand() Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-21 07:22:33 +02:00
Manuel Pégourié-Gonnard	a82a8b9f4b	Mark internal int SSL functions CHECK_RETURN_CRITICAL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:55 +02:00
Manuel Pégourié-Gonnard	a3115dc0e6	Mark static int SSL functions CHECK_RETURN_CRITICAL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:52 +02:00
Manuel Pégourié-Gonnard	66b0d61718	Add comments when can_do() is safe to use Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard	b64fb62ead	Fix unchecked return value from internal function Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Gilles Peskine	e0469b5908	Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix Add a client hello cookie_len overflow test	2022-06-20 19:35:54 +02:00
Gilles Peskine	36aeb7f163	Merge pull request #5834 from mprse/HKDF_1 HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms	2022-06-20 15:27:46 +02:00
Werner Lewis	b3acb053fb	Add mbedtls_x509_dn_get_next function Allow iteration through relative DNs when X509 name contains multi- value RDNs. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-17 16:40:55 +01:00
Ronald Cron	30c5a2520e	tls13: Fix certificate key usage checks Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-17 08:49:52 +02:00
Ronald Cron	ca3c6a5698	Merge pull request #5817 from xkqian/tls13_add_server_name Tls13 add server name	2022-06-16 08:30:09 +02:00
Andrzej Kurek	755ddff25c	Fix print format in a debug message Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-15 07:32:02 -04:00
Andrzej Kurek	cbe14ec967	Improve variable extracting operations by using MBEDTLS_GET macros Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-15 07:17:28 -04:00
XiaokangQian	75fe8c7e54	Change place of ssl_tls13_check_ephemeral_key_exchange Change-Id: Id49172f7375e2a0771ad1216fb7eead808f0db3e Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-15 09:42:45 +00:00
XiaokangQian	fb665a8452	Adress the comments about styles and pick_cert Change-Id: Iee89a27aaea6ebc8eb01c6c9985487f081ef7343 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-15 03:57:21 +00:00
Andrzej Kurek	7cf872557a	Rearrange the session resumption code Previously, the transforms were populated before extension parsing, which resulted in the client rejecting a server hello that contained a connection ID. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-14 08:26:19 -04:00
Przemek Stekiel	69c4679b22	Adapt macro name to meet requested criteria: MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF->BUILTIN_ALG_ANY_HKDF Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-14 11:13:32 +02:00
XiaokangQian	07aad0710c	Refine function name ssl_tls13_pick_key_cert Change-Id: I821e1485d9cfcca88fa3e18d345766ea48c64250 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-14 05:35:09 +00:00
XiaokangQian	81802f43a2	Select certificate base on the received signature list Change-Id: Ife707db7fcfdb1e761ba86804cbf5dd766a5ee33 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-13 03:58:06 +00:00
Gilles Peskine	321a08944b	Fix bug whereby 0 was written as 0200 rather than 020100 0200 is not just non-DER, it's completely invalid, since there has to be a sign bit. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-10 20:13:33 +02:00
Gilles Peskine	ae25bb043c	Fix null pointer dereference in mpi_mod_int(0, 2) Fix a null pointer dereference when performing some operations on zero represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or mbedtls_mpi_write_string() in base 2. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 19:32:46 +02:00
Przemek Stekiel	75fe3fb1d7	psa_crypto.c: add MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF macro to limit number of #if conditions Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-09 14:44:55 +02:00
Andrzej Kurek	b58cf0d172	Split a debug message into two - for clarity Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-08 11:53:59 -04:00
Andrzej Kurek	078e9bcda6	Add the mbedtls prefix to ssl_check_dtls_clihlo_cookie Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-08 11:47:33 -04:00
Dave Rodgman	11930699f1	Merge pull request #5827 from wernerlewis/time_utc Use ASN1 UTC tags for dates before 2000	2022-06-08 13:54:19 +01:00
Paul Elliott	5f2bc754d6	Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests Pr/add-tls13-moving-state-tests	2022-06-08 13:39:52 +01:00
Manuel Pégourié-Gonnard	3a833271aa	Merge pull request #5727 from SiliconLabs/feature/PSEC-3207-TLS13-hashing-HMAC-to-PSA Feature psec-3207 move TLS13 hashing and hmac to psa	2022-06-08 11:53:35 +02:00
XiaokangQian	96287d98d8	Remove the certificate key check against the received signature Change-Id: I07d8d46c58dec499f96cb7307fc0af15149d9df7 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-08 08:37:53 +00:00
pespacek	d9aaf768b5	Fixing CI complains. Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-08 09:44:11 +02:00
XiaokangQian	9850fa8e8d	Refine ssl_tls13_pick_cert() Change-Id: I5448095e280d8968b20ade8b304d139e399e54f1 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-08 07:02:41 +00:00
pespacek	b06acd734b	Fixing PSA return status Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-07 13:07:21 +02:00
XiaokangQian	23c5be6b94	Enable SNI test for both tls12 and tls13 Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-07 09:43:13 +00:00
Ronald Cron	209cae9c42	tls13: server: Fix state update in CLIENT_CERTIFICATE The state should be updated only if the handler returns in success. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-07 10:58:22 +02:00
pespacek	670913f4dc	Fixing return value for ssl_tls13_write_certificate_body() Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-07 10:53:39 +02:00
Andrzej Kurek	cfb01948c8	Add cookie parsing tests to test_suite_ssl Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-06 15:29:15 -04:00
Andrzej Kurek	c8183cc492	Add missing sid_len in calculations of cookie sizes This could lead to a potential buffer overread with small MBEDTLS_SSL_IN_CONTENT_LEN. Change the bound calculations so that it is apparent what lengths and sizes are used. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-06 15:28:56 -04:00
Gilles Peskine	364fd8bb71	More SSL debug messages for ClientHello parsing In particular, be verbose when checking the ClientHello cookie in a possible DTLS reconnection. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-06 14:25:41 -04:00
Dave Rodgman	5e03d9e601	Merge pull request #5837 from robert-shade/robert-shade/add_subdirectory_support Allow building as a subdir	2022-06-06 14:11:06 +01:00
Przemek Stekiel	b57a44bf9b	is_kdf_alg_supported: Adapt impl to new build flags for HKDF EXTRACT/EXPAND Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-06 11:26:43 +02:00

1 2 3 4 5 ...

9026 commits