yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
16522 commits 1 branch 0 tags 94 MiB
Commit graph

7108 commits

Author SHA1 Message Date
Dave Rodgman
bed8927538 Correct some TLS alerts and error codes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 12:06:44 +01:00
Dave Rodgman
bb05cd09b7 Remove MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 10:41:06 +01:00
Dave Rodgman
53c8689e88 Introduce new TLS error codes 
Introduce new codes:
* MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION
* MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL

These are returned when the corresponding alert is raised.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 10:02:06 +01:00
Dave Rodgman
096c41111e Remove MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 09:52:06 +01:00
Dave Rodgman
43fcb8d7c1 Address review feedback 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 08:57:19 +01:00
Dave Rodgman
e8dbd53966 Update error code for cert parsing failure 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-28 12:35:08 +01:00
Dave Rodgman
5f8c18b0d0 Update error code from ssl_parse_signature_algorithm 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-28 12:35:08 +01:00
Dave Rodgman
8f127397f8 Update alert message for parsing PSK hint 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
77b4a6592a Address review feedback 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
2fc9a652bc Address review feedback 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
90d59dddf5 Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
c3411d4041 Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
9ed1ba5926 Rename MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE 
New name MBEDTLS_ERR_SSL_BAD_CERTIFICATE

Also, replace some instances of MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
by MBEDTLS_ERR_SSL_DECODE_ERROR and MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER
as fit.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
5697af0d3d Remove MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
cbc8f6fd5d Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
a0ca87eb68 Remove MBEDTLS_ERR_SSL_BAD_HS_FINISHED 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
d934a2aafc Remove MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
d3eec78258 Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
666b5b45f7 Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
029cc2f97b Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
b24e74bff7 Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP error code 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
241c19707b Remove MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
bc00044279 Rename MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION 
New name is MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Dave Rodgman
10bda58b49
Merge pull request #4259 from CJKay/cmake-config 
Add CMake package config file
 2021-06-25 20:32:13 +01:00
Dave Rodgman
63ad854de8
Merge pull request #4712 from daverodgman/psa_cipher_and_mac_abort_on_error 
Psa cipher and mac abort on error
 2021-06-25 15:39:59 +01:00
Dave Rodgman
90d1cb83a0 Use more standard label name 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-25 09:09:02 +01:00
Ronald Cron
3698fa1043
Merge pull request #4673 from gilles-peskine-arm/psa_crypto_spm-from_platform_h 
Fix and test the MBEDTLS_PSA_CRYPTO_SPM build
 2021-06-25 09:01:08 +02:00
Gilles Peskine
1fed4b8324
Merge pull request #4720 from gilles-peskine-arm/gcm-finish-outlen 
Add output_length parameter to mbedtls_gcm_finish
 2021-06-24 20:02:40 +02:00
Dave Rodgman
8036bddb01 Tidy up logic in psa_mac_sign_finish 
Simplify the logic in psa_mac_sign_finish.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-24 16:19:08 +01:00
Dave Rodgman
b5dd7c794d Correct coding style issues 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-24 16:17:43 +01:00
Dave Rodgman
54648243cd Call abort on error in psa_mac/cipher setup 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-24 11:49:45 +01:00
Dave Rodgman
685b6a742b Update multipart hash operations to abort on error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-24 11:49:14 +01:00
Gilles Peskine
fedd52ca19
Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation 
Require matching hashlen in RSA functions: implementation
 2021-06-24 10:28:20 +02:00
Gilles Peskine
5a7be10419 Add output_length parameter to mbedtls_gcm_finish 
Without this parameter, it would be hard for callers to know how many bytes
of output the function wrote into the output buffer. It would be possible,
since the cumulated output must have the same length as the cumulated input,
but it would be cumbersome for the caller to keep track.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-23 21:51:32 +02:00
Dave Rodgman
38e62aebc3 Update cipher and mac functions to abort on error 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-23 18:59:17 +01:00
Gilles Peskine
f06b92d724
Merge pull request #4567 from mstarzyk-mobica/gcm_ad 
Enable multiple calls to mbedtls_gcm_update_ad
 2021-06-23 19:36:23 +02:00
Dave Rodgman
cb17fc34cf
Merge pull request #4671 from mpg/x509-crt-profile-public 
Make the fields of mbedtls_x509_crt_profile public
 2021-06-23 16:06:12 +01:00
Ronald Cron
4f7cc1bb63
Merge pull request #4713 from gilles-peskine-arm/psa-storage-format-test-lifetimes-3.0 
PSA storage format: test lifetimes
Almost straightforward of #4392 thus merging with only one approval.
 2021-06-23 15:22:03 +02:00
Janos Follath
aa5938edb3
Merge pull request #4703 from gilles-peskine-arm/mpi_montmul-null-3.0 
Fix several bugs with the value 0 in bignum
 2021-06-23 13:40:14 +01:00
Mateusz Starzyk
939a54cda3 Fix typos and style issues. 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-06-23 14:30:15 +02:00
Gilles Peskine
f9a046ecb5 Remove duplicate wipe call in psa_destroy_key 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-23 13:53:56 +02:00
Gilles Peskine
6687cd07f3 Refuse to destroy read-only keys 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-23 13:44:35 +02:00
Gilles Peskine
87bc91c13b Forbid creating a read-only key 
The persistence level PSA_KEY_PERSISTENCE_READ_ONLY can now only be used
as intended, for keys that cannot be modified through normal use of the API.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-23 13:43:08 +02:00
Gilles Peskine
f5f07c847a Fix mbedtls_psa_get_stats for keys with fancy lifetimes 
mbedtls_psa_get_stats() was written back before lifetimes were
structured as persistence and location. Fix its classification of
volatile external keys and internal keys with a non-default
persistence.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-23 13:43:08 +02:00
Gilles Peskine
c9d86a05ce
Merge pull request #4665 from yanesca/issue-3990-fix_psa_verify_with_alt 
Fix PSA RSA PSS verify with ALT implementations
 2021-06-23 11:47:38 +02:00
Gilles Peskine
e9bc857327
Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export 
Implement modified key export API for Mbed TLS 3.0
 2021-06-22 18:52:37 +02:00
Gilles Peskine
6e3187b212 RSA: Use hashlen as the hash input size as documented 
Where hashlen was previously ignored when the hash length could be
inferred from an md_alg parameter, the two must now match.

Adapt the existing tests accordingly. Adapt the sample programs accordingly.

This commit does not add any negative testing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-22 18:39:53 +02:00
Gilles Peskine
b09c7eea97 Correct some statements about the ordering of A and B 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-22 12:47:21 +02:00
Gilles Peskine
4d3fd36c44 Clarification in a comment 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-22 12:47:21 +02:00
Gilles Peskine
4169c32d6c Simplify is-zero check 
The loop exits early iff there is a nonzero limb, so i==0 means that
all limbs are 0, whether the number of limbs is 0 or not.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-06-22 12:47:21 +02:00