mbedtls

Author	SHA1	Message	Date
Dave Rodgman	e2b772d1b6	Fix whitespace, missing const Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-30 10:25:45 +01:00
Dave Rodgman	5f3f0d06e6	Address minor review comments Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-30 10:25:45 +01:00
Nicholas Wilson	ca841d32db	Add test for mbedtls_x509write_crt_set_ext_key_usage, and fix reversed order Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-30 10:25:43 +01:00
Nicholas Wilson	8e5bdfbbcf	Improve programs/cert_write with a way to set extended key usages Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-30 10:08:43 +01:00
Dave Rodgman	0edfa9dd26	Merge pull request #6207 from daverodgman/ticket_time Fix type used for capturing TLS ticket generation time	2022-08-30 10:03:06 +01:00
Jerry Yu	e5834fd0d7	remove unnecessary test also optimize check sum Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-29 20:33:33 +08:00
Tom Cosgrove	d932de8857	Remove incorrect constant-time claim from doc for mbedtls_mpi_core_add_if() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-25 16:43:43 +01:00
Tom Cosgrove	ecbb124292	Fix incorrect parameter name in mbedtls_mpi_core_add_if() doc comment Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-25 10:13:44 +01:00
Jerry Yu	0baf907e11	remove `select_ciphersuite` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-25 11:21:04 +08:00
Jerry Yu	c5a23a0f12	fix various issues - code style - variable initialize - update comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-25 11:09:35 +08:00
Tom Cosgrove	b2c06f4acf	Remove stale comment, and fix whitespace issue Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-24 17:45:58 +01:00
Dave Rodgman	fac3ea5656	Merge pull request #6184 from leorosen/ssl_tls_curve_group_id_null_protect mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing	2022-08-24 15:16:45 +01:00
Tom Cosgrove	bcc13c943f	Add further missing whitespaces inside parentheses Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com> Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-24 15:08:16 +01:00
Tom Cosgrove	20c1137350	Fix coding style Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com> Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-24 15:06:13 +01:00
Dave Rodgman	5a28142410	Merge pull request #6189 from Kxuan/fix-ctr_drbg-uninit ctr_drbg: fix free uninitialized aes context	2022-08-24 14:58:44 +01:00
Tom Cosgrove	72594633a1	Apply the function parameter naming convention Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-24 11:51:58 +01:00
Tom Cosgrove	f0ffb1585a	Have mbedtls_mpi_montg_init() take the modulus, rather than just its least significant limb Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-24 11:17:15 +01:00
Tom Cosgrove	958fd3dc0c	Remove bignum_new.c, moving contents to bignum_core.c Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-24 11:08:51 +01:00
Tom Cosgrove	2523791d00	Better constant-time properties for mbedtls_mpi_core_montmul() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:32:22 +01:00
Tom Cosgrove	f88b47ea27	Remove 'const' qualifier from temporary for mpi_montmul() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:31:42 +01:00
Tom Cosgrove	4641ec6c52	Fix style following review comments Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:31:06 +01:00
Tom Cosgrove	40d229487d	Tidy up doc comments on existing function mpi_montmul() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:30:27 +01:00
Tom Cosgrove	9384284530	Use mbedtls_mpi_core_montmul() in mpi_montmul() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:29:32 +01:00
Tom Cosgrove	f334d9622b	Add unit tests for bignum_new.c:mbedtls_mpi_core_montmul() These tests are also used to test the existing mpi_montmul() function (which too is renamed with mbedtls_ prefix). Some of these are replays of captured invocations during unit test runs. Others are generated. They use a mixture of primes and odd numbers for N, with four randomly-generated cases for each N. The lines in the .data file were generated by the following script ``` #!/usr/bin/env perl # # mpi-test-core-montmul.pl - generate MPI tests in Perl for mbedtls_mpi_core_montmul() # use strict; use warnings; use Math::BigInt; use sort 'stable'; generate_tests(); sub generate_tests { generate_mbedtls_mpi_core_montmul(); } # XXX mbedtls_mpi_grow() and mbedtls_mpi_shrink() work in little-endian manner # \brief Montgomery multiplication: X = A * B * R^-1 mod N (HAC 14.36) # # \param[out] X The destination MPI, as a big endian array of length \p n. # On successful completion, X contains the result of # the multiplication A * B * R^-1 mod N where # R = (2^ciL)^n. # \param[in] A Big endian presentation of first operand. # Must have exactly \p n limbs. # \param[in] B Big endian presentation of second operand. # \param[in] B_len The number of limbs in \p B. # \param[in] N Big endian presentation of the modulus. # This must be odd and have exactly \p n limbs. # \param[in] n The number of limbs in \p X, \p A, \p N. # \param mm The Montgomery constant for \p N: -N^-1 mod 2^ciL. # This can be calculated by `mbedtls_mpi_montg_init()`. # \param[in,out] T Temporary storage of size at least 2n+1 limbs. # Its initial content is unused and # its final content is indeterminate. # # void mbedtls_mpi_core_montmul( mbedtls_mpi_uint X, # const mbedtls_mpi_uint A, # const mbedtls_mpi_uint B, size_t B_len, # const mbedtls_mpi_uint N, size_t n, # mbedtls_mpi_uint mm, mbedtls_mpi_uint T ); sub generate_mbedtls_mpi_core_montmul { my $sub_name = (caller(0))[3]; # e.g. main::generate_mbedtls_mpi_sub_mpi my ($ignore, $test_name) = split("main::generate_", $sub_name); my @cases = (); my @replay = ( # [ limbsAN_4, limbsB_4, limbsAN_8, limbsB_8, hexA, hexB, hexN, hexExpected ] [ 2, 1, 1, 1, "19", "1", "1D", "18" ], [ 2, 1, 1, 1, "7", "1", "9", "1" ], [ 2, 1, 1, 1, "4", "1", "9", "7" ], #montmul: #A.n = 3 #A.p = FFFE000000008004 # 0000000000007FFC # 0000000000000000 #B.n = 1 #B.p = 0000000000000001 #N.n = 3 #N.p = 0000000000000001 # 0000000000008000 # 0000000000000000 #mm = FFFFFFFFFFFFFFFF #res.n = 3 #res.p = EFFF9FFF3FFF8001 # 0000000000007FFF # 0000000000000000 #[ "MBEDTLS_HAVE_INT32", 3, 1, 3, "7FFCFFFE000000008004", "1", "80000000000000000001", "2000C001800100000000" ], #[ "MBEDTLS_HAVE_INT64", 3, 1, 3, "7FFCFFFE000000008004", "1", "80000000000000000001", "7FFFEFFF9FFF3FFF8001" ], [ 12, 1, 6, 1, "3C246D0E059A93A266288A7718419EC741661B474C58C032C5EDAF92709402B07CC8C7CE0B781C641A1EA8DB2F4343", "1", "66A198186C18C10B2F5ED9B522752A9830B69916E535C8F047518A889A43A594B6BED27A168D31D4A52F88925AA8F5", "36E139AEA55215609D2816998ED020BBBD96C37890F65171D948E9BC7CBAA4D9325D24D6A3C12710F10A09FA08AB87" ], #A.n = 5 #A.p = 340E918CE03C6211 # 9888165CB75BFA1F # FCCE74B999E470CA # 1E442976B0E63D64 # 0000000000000000 #B.n = 1 #B.p = 0000000000000001 #N.n = 4 #N.p = 8054B3D124D0E561 # 92A338655DCE4CA8 # E28581ECD892E0F5 # B3A119602EE213CD #mm = E41CFB909805815F #res.n = 5 #res.p = 0E65383B59F8CA5B # B103B17A2EEF84E6 # F23BC08FD0801C55 # 38EB7749F4A5DA80 # 0000000000000000 [ 8, 1, 4, 1, "1E442976B0E63D64FCCE74B999E470CA9888165CB75BFA1F340E918CE03C6211", "1", "B3A119602EE213CDE28581ECD892E0F592A338655DCE4CA88054B3D124D0E561", "38EB7749F4A5DA80F23BC08FD0801C55B103B17A2EEF84E60E65383B59F8CA5B" ], #A.n = 12 #A.p = 542306BCA7A2366E # D2780B2B4968F8D8 # CBDFC696104353E4 # 7776839B0AC9DB23 # B7E125BE407E7415 # D711917FD7537E13 # 82392870D6D08F87 # D83ED5FA38560FFB # 9994B0FED1D2A8D3 # 63C65413F57249F5 # 007CF5AC97304E0B # 0000000000000000 #B.n = 1 #B.p = 0000000000000001 #N.n = 11 #N.p = E1AD22CEB7BA0123 # 32B2A6AA42ADA923 # C56C62082912B661 # C6F0EAD752500A32 # DBC8D651793E93C9 # 0B2F60D99CC1950C # 5B4CDCB5734C58F9 # 09D3CB5BC5585472 # 9A2C2BE12ED487A8 # BE09A8111926AAA3 # 0284139EA19C139E #mm = C02E2164B293C975 #res.n = 12 #res.p = F6B14471839D8D31 # FF843ED3B17C44D7 # 1C3D52C7CB9E0BA6 # 82F3590C866BF9F8 # 49C371DB2A4FB164 # 964ECA2527A031ED # FAACEC6982E0E5BE # 1F70C4CB2426AEE1 # 2C92B02886267AB4 # 0630B14113BEAD74 # 01E4426A3D6C425F # 0000000000000000 [ 22, 1, 11, 1, "7CF5AC97304E0B63C65413F57249F59994B0FED1D2A8D3D83ED5FA38560FFB82392870D6D08F87D711917FD7537E13B7E125BE407E74157776839B0AC9DB23CBDFC696104353E4D2780B2B4968F8D8542306BCA7A2366E", "1", "284139EA19C139EBE09A8111926AAA39A2C2BE12ED487A809D3CB5BC55854725B4CDCB5734C58F90B2F60D99CC1950CDBC8D651793E93C9C6F0EAD752500A32C56C62082912B66132B2A6AA42ADA923E1AD22CEB7BA0123", "1E4426A3D6C425F0630B14113BEAD742C92B02886267AB41F70C4CB2426AEE1FAACEC6982E0E5BE964ECA2527A031ED49C371DB2A4FB16482F3590C866BF9F81C3D52C7CB9E0BA6FF843ED3B17C44D7F6B14471839D8D31" ], ); for my $c (@replay) { # For all of these, la4 = 2 * la8, so $xh4 == $xh8 (so we just have $xh) my ($la4, $lb4, $la8, $lb8, $ah, $bh, $nh, $xh) = @$c; # limbs(A), limbs(B), limbs(N), (A, B, N, expected) hex my $a = Math::BigInt->from_hex($ah); my $b = Math::BigInt->from_hex($bh); my $n = Math::BigInt->from_hex($nh); my $desc = "$test_name #NUMBER (replay)"; # mbedtls_mpi_core_montmul:mpiSize:limbs(A,N):limbs(B):<A>:<B>:<N>:<expected4>:<expected8> # (just repeat $xh, as la4 = 2 * la8, so $xh4 == $xh8) my $case = output($test_name, $la4, $lb4, $la8, $lb8, str($ah), str($bh), str($nh), str($xh), str($xh)); push(@cases, [$case, $desc]); } # see mpi-modmul-gen.pl for the source of these test cases my @generate = ( # [ hexN, hexA, hexB, info ] [ "3", "2", "2", "" ], [ "3", "1", "2", "" ], [ "3", "2", "1", "" ], [ "7", "6", "5", "" ], [ "7", "3", "4", "" ], [ "7", "1", "6", "" ], [ "7", "5", "6", "" ], [ "B", "3", "4", "" ], [ "B", "7", "4", "" ], [ "B", "9", "7", "" ], [ "B", "2", "a", "" ], [ "29", "25", "16", "(0x29 is prime)" ], [ "29", "8", "28", "" ], [ "29", "18", "21", "" ], [ "29", "15", "f", "" ], [ "FF", "e2", "ea", "" ], [ "FF", "43", "72", "" ], [ "FF", "d8", "70", "" ], [ "FF", "3c", "7c", "" ], [ "101", "99", "b9", "(0x101 is prime)" ], [ "101", "65", "b2", "" ], [ "101", "81", "32", "" ], [ "101", "51", "dd", "" ], [ "38B", "d5", "143", "(0x38B is prime)" ], [ "38B", "3d", "387", "" ], [ "38B", "160", "2e5", "" ], [ "38B", "10f", "137", "" ], [ "8003", "7dac", "25a", "(0x8003 is prime)" ], [ "8003", "6f1c", "3286", "" ], [ "8003", "59ed", "2f3f", "" ], [ "8003", "6893", "736d", "" ], [ "10001", "d199", "2832", "(0x10001 is prime)" ], [ "10001", "c3b2", "3e5b", "" ], [ "10001", "abe4", "214e", "" ], [ "10001", "4360", "a05d", "" ], [ "7F7F7", "3f5a1", "165b2", "" ], [ "7F7F7", "3bd29", "37863", "" ], [ "7F7F7", "60c47", "64819", "" ], [ "7F7F7", "16584", "12c49", "" ], [ "800009", "1ff03f", "610347", "(0x800009 is prime)" ], [ "800009", "340fd5", "19812e", "" ], [ "800009", "3fe2e8", "4d0dc7", "" ], [ "800009", "40356", "e6392", "" ], [ "100002B", "dd8a1d", "266c0e", "(0x100002B is prime)" ], [ "100002B", "3fa1cb", "847fd6", "" ], [ "100002B", "5f439d", "5c3196", "" ], [ "100002B", "18d645", "f72dc6", "" ], [ "37EEE9D", "20051ad", "37def6e", "(0x37EEE9D is prime)" ], [ "37EEE9D", "2ec140b", "3580dbf", "" ], [ "37EEE9D", "1d91b46", "190d4fc", "" ], [ "37EEE9D", "34e488d", "1224d24", "" ], [ "8000000B", "2a4fe2cb", "263466a9", "(0x8000000B is prime)" ], [ "8000000B", "5643fe94", "29a1aefa", "" ], [ "8000000B", "29633513", "7b007ac4", "" ], [ "8000000B", "2439cef5", "5c9d5a47", "" ], [ "8CD626B9", "4de3cfaa", "50dea178", "(0x8CD626B9 is prime)" ], [ "8CD626B9", "b8b8563", "10dbbbac", "" ], [ "8CD626B9", "4e8a6151", "5574ec19", "" ], [ "8CD626B9", "69224878", "309cfc23", "" ], [ "10000000F", "fb6f7fb6", "afb05423", "(0x10000000F is prime)" ], [ "10000000F", "8391a243", "26034dcd", "" ], [ "10000000F", "d26b98c", "14b2d6aa", "" ], [ "10000000F", "6b9f1371", "a21daf1d", "" ], [ "174876E7E9", "9f49435ad", "c8264ade8", "0x174876E7E9 is prime (dec) 99999999977" ], [ "174876E7E9", "c402da434", "1fb427acf", "" ], [ "174876E7E9", "f6ebc2bb1", "1096d39f2a", "" ], [ "174876E7E9", "153b7f7b6b", "878fda8ff", "" ], [ "8000000017", "2c1adbb8d6", "4384d2d3c6", "(0x8000000017 is prime)" ], [ "8000000017", "2e4f9cf5fb", "794f3443d9", "" ], [ "8000000017", "149e495582", "3802b8f7b7", "" ], [ "8000000017", "7b9d49df82", "69c68a442a", "" ], [ "864CB9076D", "683a134600", "6dd80ea9f6", "(0x864CB9076D is prime)" ], [ "864CB9076D", "13a870ff0d", "59b099694a", "" ], [ "864CB9076D", "37d06b0e63", "4d2147e46f", "" ], [ "864CB9076D", "661714f8f4", "22e55df507", "" ], [ "F7F7F7F7F7", "2f0a96363", "52693307b4", "" ], [ "F7F7F7F7F7", "3c85078e64", "f2275ecb6d", "" ], [ "F7F7F7F7F7", "352dae68d1", "707775b4c6", "" ], [ "F7F7F7F7F7", "37ae0f3e0b", "912113040f", "" ], [ "1000000000F", "6dada15e31", "f58ed9eff7", "(0x1000000000F is prime)" ], [ "1000000000F", "69627a7c89", "cfb5ebd13d", "" ], [ "1000000000F", "a5e1ad239b", "afc030c731", "" ], [ "1000000000F", "f1cc45f4c5", "c64ad607c8", "" ], [ "800000000005", "2ebad87d2e31", "4c72d90bca78", "(0x800000000005 is prime)" ], [ "800000000005", "a30b3cc50d", "29ac4fe59490", "" ], [ "800000000005", "33674e9647b4", "5ec7ee7e72d3", "" ], [ "800000000005", "3d956f474f61", "74070040257d", "" ], [ "800795D9BA47", "48348e3717d6", "43fcb4399571", "(0x800795D9BA47 is prime)" ], [ "800795D9BA47", "5234c03cc99b", "2f3cccb87803", "" ], [ "800795D9BA47", "3ed13db194ab", "44b8f4ba7030", "" ], [ "800795D9BA47", "1c11e843bfdb", "95bd1b47b08", "" ], [ "1000000000015", "a81d11cb81fd", "1e5753a3f33d", "(0x1000000000015 is prime)" ], [ "1000000000015", "688c4db99232", "36fc0cf7ed", "" ], [ "1000000000015", "f0720cc07e07", "fc76140ed903", "" ], [ "1000000000015", "2ec61f8d17d1", "d270c85e36d2", "" ], [ "100000000000051", "6a24cd3ab63820", "ed4aad55e5e348", "(0x100000000000051 is prime)" ], [ "100000000000051", "e680c160d3b248", "31e0d8840ed510", "" ], [ "100000000000051", "a80637e9aebc38", "bb81decc4e1738", "" ], [ "100000000000051", "9afa5a59e9d630", "be9e65a6d42938", "" ], [ "ABCDEF0123456789", "ab5e104eeb71c000", "2cffbd639e9fea00", "" ], [ "ABCDEF0123456789", "197b867547f68a00", "44b796cf94654800", "" ], [ "ABCDEF0123456789", "329f9483a04f2c00", "9892f76961d0f000", "" ], [ "ABCDEF0123456789", "4a2e12dfb4545000", "1aa3e89a69794500", "" ], [ "25A55A46E5DA99C71C7", "8b9acdf013d140f000", "12e4ceaefabdf2b2f00", "0x25A55A46E5DA99C71C7 is the 3rd repunit prime (dec) 11111111111111111111111" ], [ "25A55A46E5DA99C71C7", "1b8d960ea277e3f5500", "14418aa980e37dd000", "" ], [ "25A55A46E5DA99C71C7", "7314524977e8075980", "8172fa45618ccd0d80", "" ], [ "25A55A46E5DA99C71C7", "ca14f031769be63580", "147a2f3cf2964ca9400", "" ], [ "314DC643FB763F2B8C0E2DE00879", "18532ba119d5cd0cf39735c0000", "25f9838e31634844924733000000", "0x314DC643FB763F2B8C0E2DE00879 is (dec)99999999977^3" ], [ "314DC643FB763F2B8C0E2DE00879", "a56e2d2517519e3970e70c40000", "ec27428d4bb380458588fa80000", "" ], [ "314DC643FB763F2B8C0E2DE00879", "1cb5e8257710e8653fff33a00000", "15fdd42fe440fd3a1d121380000", "" ], [ "314DC643FB763F2B8C0E2DE00879", "e50d07a65fc6f93e538ce040000", "1f4b059ca609f3ce597f61240000", "" ], [ "47BF19662275FA2F6845C74942ED1D852E521", "1ea3ade786a095d978d387f30df9f20000000", "127c448575f04af5a367a7be06c7da0000000", "0x47BF19662275FA2F6845C74942ED1D852E521 is (dec) 99999999977^4" ], [ "47BF19662275FA2F6845C74942ED1D852E521", "16e15b0ca82764e72e38357b1f10a20000000", "43e2355d8514bbe22b0838fdc3983a0000000", "" ], [ "47BF19662275FA2F6845C74942ED1D852E521", "be39332529d93f25c3d116c004c620000000", "5cccec42370a0a2c89c6772da801a0000000", "" ], [ "47BF19662275FA2F6845C74942ED1D852E521", "ecaa468d90de0eeda474d39b3e1fc0000000", "1e714554018de6dc0fe576bfd3b5660000000", "" ], [ "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "32298816711c5dce46f9ba06e775c4bedfc770e6700000000000000", "8ee751fd5fb24f0b4a653cb3a0c8b7d9e724574d168000000000000", "0x97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931 is (dec) 99999999977^6" ], [ "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "29213b9df3cfd15f4b428645b67b677c29d1378d810000000000000", "6cbb732c65e10a28872394dfdd1936d5171c3c3aac0000000000000", "" ], [ "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "6f18db06ad4abc52c0c50643dd13098abccd4a232f0000000000000", "7e6bf41f2a86098ad51f98dfc10490ba3e8081bc830000000000000", "" ], [ "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "62d3286cd706ad9d73caff63f1722775d7e8c731208000000000000", "530f7ba02ae2b04c2fe3e3d27ec095925631a6c2528000000000000", "" ], [ "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "a6c6503e3c031fdbf6009a89ed60582b7233c5a85de28b16000000000000000", "75c8ed18270b583f16d442a467d32bf95c5e491e9b8523798000000000000000", "0xDD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499 is (dec) 99999999977^7" ], [ "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "bf84d1f85cf6b51e04d2c8f4ffd03532d852053cf99b387d4000000000000000", "397ba5a743c349f4f28bc583ecd5f06e0a25f9c6d98f09134000000000000000", "" ], [ "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "6db11c3a4152ed1a2aa6fa34b0903ec82ea1b88908dcb482000000000000000", "ac8ac576a74ad6ca48f201bf89f77350ce86e821358d85920000000000000000", "" ], [ "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "3001d96d7fe8b733f33687646fc3017e3ac417eb32e0ec708000000000000000", "925ddbdac4174e8321a48a32f79640e8cf7ec6f46ea235a80000000000000000", "" ], [ "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", "1029048755f2e60dd98c8de6d9989226b6bb4f0db8e46bd1939de560000000000000000000", "51bb7270b2e25cec0301a03e8275213bb6c2f6e6ec93d4d46d36ca0000000000000000000", "0x141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41 is 99999999977^8" ], [ "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", "1c5337ff982b3ad6611257dbff5bbd7a9920ba2d4f5838a0cc681ce000000000000000000", "520c5d049ca4702031ba728591b665c4d4ccd3b2b86864d4c160fd2000000000000000000", "" ], [ "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", "57074dfa00e42f6555bae624b7f0209f218adf57f73ed34ab0ff90c000000000000000000", "41eb14b6c07bfd3d1fe4f4a610c17cc44fcfcda695db040e011065000000000000000000", "" ], [ "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", "d8ed7feed2fe855e6997ad6397f776158573d425031bf085a615784000000000000000000", "6f121dcd18c578ab5e229881006007bb6d319b179f11015fe958b9c000000000000000000", "" ], [ "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451", "2a462b156180ea5fe550d3758c764e06fae54e626b5f503265a09df76edbdfbfa1e6000000000000000000000000", "1136f41d1879fd4fb9e49e0943a46b6704d77c068ee237c3121f9071cfd3e6a00315800000000000000000000000", "0x2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451 is (dec) 99999999977^10" ], [ "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451", "c1ac3800dfb3c6954dea391d206200cf3c47f795bf4a5603b4cb88ae7e574de4740800000000000000000000000", "c0d16eda0549ede42fa0deb4635f7b7ce061fadea02ee4d85cba4c4f7096034193c800000000000000000000000", "" ], [ "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451", "19e45bb7633094d272588ad2e43bcb3ee341991c6731b6fa9d47c4018d7ce7bba5ee800000000000000000000000", "1e4f83166ae59f6b9cc8fd3e7677ed8bfc01bb99c98bd3eb084246b64c1e18c3365b800000000000000000000000", "" ], [ "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451", "1aa93395fad5f9b7f20b8f9028a054c0bb7c11bb8520e6a95e5a34f06cb70bcdd01a800000000000000000000000", "54b45afa5d4310192f8d224634242dd7dcfb342318df3d9bd37b4c614788ba13b8b000000000000000000000000", "" ], [ "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", "544f2628a28cfb5ce0a1b7180ee66b49716f1d9476c466c57f0c4b2308991784306d48f78686115ee19e25400000000000000000000000000000000", "677eb31ef8d66c120fa872a60cd47f6e10cbfdf94f90501bd7883cba03d185be0a0148d1625745e9c4c827300000000000000000000000000000000", "0x8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051 is prime, (dec) 10^143 + 3^4" ], [ "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", "76bb3470985174915e9993522aec989666908f9e8cf5cb9f037bf4aee33d8865cb6464174795d07e30015b80000000000000000000000000000000", "6aaaf60d5784dcef612d133613b179a317532ecca0eed40b8ad0c01e6d4a6d8c79a52af190abd51739009a900000000000000000000000000000000", "" ], [ "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", "6cfdd6e60912e441d2d1fc88f421b533f0103a5322ccd3f4db84861643ad63fd63d1d8cfbc1d498162786ba00000000000000000000000000000000", "1177246ec5e93814816465e7f8f248b350d954439d35b2b5d75d917218e7fd5fb4c2f6d0667f9467fdcf33400000000000000000000000000000000", "" ], [ "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", "7a09a0b0f8bbf8057116fb0277a9bdf3a91b5eaa8830d448081510d8973888be5a9f0ad04facb69aa3715f00000000000000000000000000000000", "764dec6c05a1c0d87b649efa5fd94c91ea28bffb4725d4ab4b33f1a3e8e3b314d799020e244a835a145ec9800000000000000000000000000000000", "" ], ); my %described = (); for my $g (@generate) { my ($nh, $ah, $bh, $info) = @$g; my $a = Math::BigInt->from_hex($ah); my $b = Math::BigInt->from_hex($bh); my $n = Math::BigInt->from_hex($nh); my $ln4 = mpi4s($n); my $la4 = mpi4s($a); my $lb4 = mpi4s($b); my $ln8 = mpi8s($n); my $la8 = mpi8s($a); my $lb8 = mpi8s($b); my $r4 = bound_mpi4($n->copy()); my $i4 = $r4->copy()->bmodinv($n); my $x4 = $a * $b * $i4; $x4->bmod($n); my $xh4 = Math::BigInt->new($x4)->to_hex(); my $r8 = bound_mpi8($n->copy()); my $i8 = $r8->copy()->bmodinv($n); my $x8 = $a * $b * $i8; $x8->bmod($n); my $xh8 = Math::BigInt->new($x8)->to_hex(); die("") if $la4 > $ln4 \|\| $la8 > $ln8; my $desc = "$test_name #NUMBER (gen)"; if ($ln4 > 1) { if (!$described{"2-MPI4"}) { $desc .= " (start of 2-MPI 4-byte bignums)"; $described{"2-MPI4"} = 1; } } if ($ln8 > 1) { if (!$described{"2-MPI8"}) { $desc .= " (start of 2-MPI 8-byte bignums)"; $described{"2-MPI8"} = 1; } } if (length($info) && !$described{$info}) { $desc .= " " . $info; $described{$info} = 1; } my $case = output($test_name, $ln4, $lb4, $ln8, $lb8, str($ah), str($bh), str($nh), str($xh4), str($xh8)); #push(@cases, [$case, $desc, "MBEDTLS_HAVE_INT64"]); -- now doing it differently push(@cases, [$case, $desc]); } output_cases("", @cases); } sub output_cases { my ($explain, @cases) = @_; my $count = 1; for my $c (@cases) { my ($case, $desc, $dep) = @$c; $desc =~ s/NUMBER/$count/; $count++; if (defined($explain) && $desc =~ /EXPLAIN/) { $desc =~ s/EXPLAIN/$explain/; $explain = ""; } my $depends = ""; $depends = "depends_on:$dep\n" if defined($dep) && length($dep); print <<EOF; $desc $depends$case EOF } } # The first number (a power of 2) that won't fit in the number of MPIs # needed for the given number sub bound_mpi4 { my $one = Math::BigInt->new(1); # blsft modifies caller return $one->blsft(bits_mpi4($_[0])); } sub bound_mpi8 { my $one = Math::BigInt->new(1); # blsft modifies caller return $one->blsft(bits_mpi8($_[0])); } # How many bits (a multiple of 32) needed to store the specified number # when using 4-byte MPIs sub bits_mpi4 { return 32 * mpi4s($_[0]); } # How many bits (a multiple of 64) needed to store the specified number # when using 8-byte MPIs sub bits_mpi8 { return 64 * mpi8s($_[0]); } # How many 4-byte MPIs needed to store the specified number sub mpi4s { my ($n) = @_; my $h = $n->to_hex(); return int((length($h) + 7) / 8); } # How many 8-byte MPIs needed to store the specified number sub mpi8s { my ($n) = @_; my $h = $n->to_hex(); return int((length($h) + 15) / 16); } sub output { #run_test(@_); return join(":", @_); } sub str { return '"' . $_[0] . '"'; } ``` The data for the generated test cases (@generate) for mpi-test-core-montmul.pl was created by ``` #!/usr/bin/env perl # # mpi-modmul-gen.pl - randomly generate test cases for mpi-test-core-montmul.pl # use strict; use warnings; use Math::BigInt; use sort 'stable'; my %seen = (); my @primes = ( "3", "7", "B", "29", "101", "38B", "8003", "10001", "800009", "100002B", "37EEE9D", "8000000B", "8CD626B9", # From here they require > 1 4-byte MPI "10000000F", "174876E7E9", "8000000017", "864CB9076D", "1000000000F", "800000000005", "800795D9BA47", "1000000000015", "100000000000051", # From here they require > 1 8-byte MPI "25A55A46E5DA99C71C7", # this is 11111111111111111111111 decimal # 10^143 + 3^4: (which is prime) # 100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081 "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", ); my %prime = map { $_ => 1 } @primes; my @moduli = ( [ "3", "" ], [ "7", "" ], [ "B", "" ], [ "29", "" ], [ "FF", "" ], [ "101", "" ], [ "38B", "" ], [ "8003", "" ], [ "10001", "" ], [ "7F7F7", "" ], [ "800009", "" ], [ "100002B", "" ], [ "37EEE9D", "" ], [ "8000000B", "" ], [ "8CD626B9", "" ], [ "10000000F", "" ], [ "174876E7E9", "0x174876E7E9 is prime (dec) 99999999977" ], [ "8000000017", "" ], [ "864CB9076D", "" ], [ "F7F7F7F7F7", "" ], [ "1000000000F", "" ], [ "800000000005", "" ], [ "800795D9BA47", "" ], [ "1000000000015", "" ], [ "100000000000051", "" ], [ "ABCDEF0123456789", "" ], [ "25A55A46E5DA99C71C7", "0x25A55A46E5DA99C71C7 is the 3rd repunit prime (dec) 11111111111111111111111" ], [ "314DC643FB763F2B8C0E2DE00879", "0x314DC643FB763F2B8C0E2DE00879 is (dec)99999999977^3" ], [ "47BF19662275FA2F6845C74942ED1D852E521", "0x47BF19662275FA2F6845C74942ED1D852E521 is (dec) 99999999977^4" ], [ "97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931", "0x97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931 is (dec) 99999999977^6" ], [ "DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499", "0xDD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499 is (dec) 99999999977^7" ], [ "141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41", "0x141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41 is 99999999977^8" ], [ "2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451", "0x2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451 is (dec) 99999999977^10" ], [ "8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051", "0x8335616AED761F1F7F44E6BD49E807B82E3BF2BF11BFA6AF813C808DBF33DBFA11DABD6E6144BEF37C6800000000000000000000000000000000051 is prime, (dec) 10^143 + 3^4" ], # 100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000081 ); #99999999977^2: #ibase=16 ; obase=10 ; 174876E7E9174876E7E9 #99999999977^3: #ibase=16 ; obase=10 ; 174876E7E9174876E7E9*174876E7E9 #99999999977^2: 21E19E0C58BACE25211 #99999999977^3: 314DC643FB763F2B8C0E2DE00879 #99999999977^4: 47BF19662275FA2F6845C74942ED1D852E521 #99999999977^5: 6867A5A664437D20ED7941408583AADA2193CE95695209 #99999999977^6: 97EDD86E4B5C4592C6D32064AC55C888A7245F07CA3CC455E07C931 #99999999977^7: DD15FE80B731872AC104DB37832F7E75A244AA2631BC87885B861E8F20375499 #99999999977^8: 141B8EBD9009F84C241879A1F680FACCED355DA36C498F73E96E880CF78EA5F96146380E41 #99999999977^9: 1D42AEA1837AA78C6339224E9B39A483E4AAAF12CE7752E1EA1681082CBC8AB056A36B6299557D7A029 #99999999977^10: 2A94608DE88B6D5E9F8920F5ABB06B24CC35AE1FBACC87D075C621C3E2833EC902713E40F51E3B3C214EDFABC451 my %mentioned = (); for my $mod (@moduli) { my ($nh, $info) = @$mod; my $n = Math::BigInt->from_hex($nh); my $xxx = $n->to_hex(); die("$xxx != $nh") unless lc($xxx) eq lc($nh); my $cases = ($n < 5) ? 3 : 4; for (my $case = 0; $case < $cases; $case++) { my ($a, $b); for ($a = 0; $a == 0; ) { $a = int(rand($n)); } for ($b = 0; $b == 0; ) { $b = int(rand($n)); } my $cstr = "$a\|$b\|$n"; if (exists($seen{$cstr})) { # don't repeat ourselves $case--; next; } $seen{$cstr} = 1; my $ah = Math::BigInt->new($a)->to_hex(); my $bh = Math::BigInt->new($b)->to_hex(); my $desc = ""; if (length($info)) { $desc = $info if !$mentioned{$info}; $mentioned{$info} = 1; } elsif (length($nh) > 1 && $prime{$nh} && !$mentioned{$nh}) { $desc = "(0x$nh is prime)"; $mentioned{$nh} = 1; } print <<EOF; [ "$nh", "$ah", "$bh", "$desc" ], EOF } } ``` Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:29:00 +01:00
Tom Cosgrove	79b70f6394	Make a public version of mpi_montg_init() in bignum_new.c and add unit tests The unit tests were created by capturing runs of the existing function during execution of existing unit tests. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:28:32 +01:00
Tom Cosgrove	268f96b0ef	Fix Windows builds, which were getting "possible loss of data" "bignum_new.c(61,52): warning C4244: 'function': conversion from 'mbedtls_mpi_uint' to 'unsigned int', possible loss of data" Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:17:26 +01:00
Tom Cosgrove	7e655f7b4c	Use new mbedtls_mpi_core_sub() instead of old static mpi_sub_hlp() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:15:44 +01:00
Tom Cosgrove	90c426b932	Tidy up, removing MPI_CORE(), and using the new mbedtls_mpi_core_mla() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 16:15:19 +01:00
Jerry Yu	f35ba384ff	Add select ciphersuite entry function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-23 22:01:58 +08:00
Hanno Becker	71f4b0dda6	Add bignum_new.c starting with MPI_CORE(montmul) for Montgomery multiplication Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 12:09:35 +01:00
Tom Cosgrove	82d3f1e824	Remove bignum_internal.h, moving contents to bignum_core.h Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-23 12:01:39 +01:00
Jerry Yu	dd1bef788e	Add ciphersuite_info check return null if no valid ciphersuite info Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-23 17:57:02 +08:00
Jerry Yu	29d9faa468	fix various issues. - comments issues - code format style issues - naming improvement. - error return improvements Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-23 17:53:43 +08:00
Andrzej Kurek	299b1d6c93	Remove unnecessary `psa/crypto.h` include This is now included in `legacy_or_psa.h`. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-23 05:42:33 -04:00
Andrzej Kurek	cccb044804	Style & formatting fixes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-23 05:26:02 -04:00
Janos Follath	645ff5b8ff	Merge pull request #6095 from gabor-mezei-arm/6016_add_new_modulus_and_residue_structures Add the new modulus and the residue structures with low level I/O operations	2022-08-23 09:02:43 +01:00
Andrzej Kurek	7e16ce3a72	Clarify TLS 1.2 dependencies with and without PSA crypto Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	8c95ac4500	Add missing dependencies / alternatives A number of places lacked the necessary dependencies on one of the used features: MD, key exchange with certificate, entropy, or ETM. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	25f271557b	Update SHA and MD5 dependencies in the SSL module The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO is defined and respective SHA / MD5 defines are missing. A new set of macros added in #6065 is used to reflect these dependencies. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	0ce592169e	Use hash_info_get_size in ssl_tls12_client This way the code does not rely on the MBEDTLS_MD_C define Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Andrzej Kurek	a242e83b21	Rename the sha384 checksum context to reflect its purpose Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:02:04 -04:00
Gilles Peskine	e5018c97f9	Merge pull request #6195 from superna9999/6149-driver-only-hashes-ec-j-pake Driver-only hashes: EC J-PAKE	2022-08-22 17:28:15 +02:00
Gilles Peskine	20ebaac85e	Merge pull request #6211 from tom-cosgrove-arm/explicit-warning-re-ct-conditions-not-0-or-1 Be explicit about constant time bignum functions that must take a 0 or 1 condition value	2022-08-22 17:24:04 +02:00
Gilles Peskine	03f1c39ac7	Merge pull request #6171 from mprse/md_x509_test Driver-only hashes: X.509	2022-08-22 17:18:47 +02:00
Janos Follath	2e328c8591	Remove confusing const qualifier Since a is not a pointer, it is passed by value and declaring it const doesn’t make any sense and on the first read can make me miss the fact that a is not a pointer. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-22 11:19:10 +01:00
Janos Follath	c459641ad1	Bignum: add missing limb qualifiers Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-22 10:04:52 +01:00
Janos Follath	af3f39c01c	Fix typos Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com> Co-authored-by: Werner Lewis <Werner.Lewis@arm.com> Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-22 09:08:04 +01:00
Jerry Yu	5725f1cf3a	Align ciphersuite with overwrite. Selected ciphersuite MUST be same with ciphsersuite of PSK. Overwrite the old ciphersuite with the one of PSK. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 17:50:27 +08:00
Jerry Yu	01e42d2d4c	fix issues in export handshake psk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 13:00:07 +08:00
Jerry Yu	9f7f646b11	Revert "remove psk key when ephemeral selected" This reverts commit `5c28e7aa0e`. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:59:17 +08:00
Jerry Yu	e9d4fc09a3	fix binder value security issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:59:17 +08:00
Jerry Yu	24b8c813c4	fix comments and wrong initial value issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:55:45 +08:00
Jerry Yu	5d01c05d93	fix various issues - wrong typo in comments - replace psk null check with key_exchange_mode check - set psk NULL when error return in export hs psk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:55:01 +08:00
Jerry Yu	6cf6b47b5c	fix format and comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:54:53 +08:00
Dave Rodgman	beb4fc0723	Merge pull request #6185 from leorosen/tls12_server_null_on_missing_key ssl_tls12_server: fix potential NULL-dereferencing if local certifica…	2022-08-19 20:22:59 +01:00
Leonid Rozenboim	19e5973566	mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing Avoid the shorthand practice of the form 'x = func(foo)->bar' which exposes the code to NULL pointer de-referencing when the 'func()' returns a NULL pointer. The first chunk is for when the curve group code is not recognized by the library, and is cleanly rejected if offered. The second chunk addresses the unlikely case of an internal error: if 'mbedtls_pk_can_do()' returns TRUE, it should rule out 'mbedtls_pk_ec()' returning a NULL, unless there is a regression. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-08-19 11:49:22 -07:00
Janos Follath	a95f204cd3	Improve documentation Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com> Co-authored-by: Werner Lewis <werner.wmlewis@gmail.com> Co-authored-by: Minos Galanakis <minos.galanakis@arm.com> Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-19 13:11:22 +01:00
Janos Follath	ca5688e10c	Improve coding style Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com> Co-authored-by: Werner Lewis <werner.wmlewis@gmail.com> Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-19 13:11:22 +01:00
Janos Follath	b7a88eca42	Bignum: Apply naming conventions Numbers: - A, B for mbedtls_mpi_uint* operands - a, b for mbedtls_mpi_uint operands - X or x for result - HAC references where applicable Lengths: - Reserve size or length for length/size in bytes or byte buffers. - For length of mbedtls_mpi_uint* buffers use limbs - Length parameters are qualified if possible (eg. input_length or a_limbs) Setup functions: - The parameters match the corresponding structure member's name - The structure to set up is a standard lower case name even if in other functions different naming conventions would apply Scope of changes/conventions: - bignum_core - bignum_mod - bignum_mod_raw Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-19 13:11:22 +01:00
Janos Follath	6b8a4ad0d8	Bignum: update const qualifiers While at it, mark parameters based on their role. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-19 13:11:22 +01:00
Dave Rodgman	c947751a5f	Fix ECDSA signature verification edge-case For R and S equal to 1, ensure the public key is checked for validity. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-19 11:16:37 +01:00
Neil Armstrong	ecaba1c9b2	Make use of PSA crypto hash if MBEDTLS_MD_C isn't defined Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-19 11:49:22 +02:00
Neil Armstrong	0d76341eac	Remove md_info by md_type in ecjpake context, use mbedtls_hash_info_get_size() to get hash length Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-08-19 11:49:22 +02:00
Przemek Stekiel	bc3906c58f	pem_pbkdf1(): optimize psa version Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:36:57 +02:00
Przemek Stekiel	bf01c64e9d	oid.c: unify dependencies (VIA_MD_OR_PSA->VIA_LOWLEVEL_OR_PSA) * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing reference -> drivers * x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	4146525ce9	Fix compilation guard (comment) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	0cd6f08e6f	pem.c: fix style issues (redundant spaces) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	d23a4efe2c	pem.c: remove redundant compilation guard If MBEDTLS_MD5_C is not defined MBEDTLS_USE_PSA_CRYPTO must be defined due to PEM_RFC1421. * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing reference -> drivers * x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	c410ccc528	Include psa/crypto.h in legacy_or_psa.h It is needed for PSA_WANT_ALG_xxxx symbols * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing reference -> drivers * x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	4092ff9ba9	pem.c: add internal macro to increase code readability * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing reference -> drivers * x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	829e97d029	Fix include order Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	76b753bbb7	Change the dependencies in pem.c to xxx_BASED_ON_USE_PSA and related files This is done to be able to bild test_psa_crypto_config_accel_hash component where MD5 is only available accelerated (PSA_WANT_ALG_MD5 is enabled and MBEDTLS_MD5_C is disabled) but MBEDTLS_USE_PSA_CRYPTO is disabled. So the build should not attempt to enable pem_pbkdf1. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	81799fd9d8	pem.c, test_suite_pem: fix dependency MBEDTLS_HAS_ALG_MD5_VIA_MD_OR_PSA->MBEDTLS_HAS_ALG_MD5_VIA_LOWLEVEL_OR_PSA * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 * Comparing reference -> drivers * x509parse: total 723; skipped 89 -> 89 x509write: total 41; skipped 3 -> 3 pem: total 13; skipped 0 -> 0 oid: total 28; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	be92bee58a	pem.c: Fix conditional compilation flags Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	a68d08f7d1	pem.c: adjust for bulid without md Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	de81028f00	Adjust dependencies in library/oid.c * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Przemek Stekiel	fd18366965	Adjust declared dependencies in library/x509* * Comparing before-default -> after-default * x509parse: total 723; skipped 26 -> 26 x509write: total 41; skipped 8 -> 8 * Comparing before-full -> after-full * x509parse: total 723; skipped 25 -> 25 x509write: total 41; skipped 0 -> 0 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-19 10:15:56 +02:00
Ronald Cron	f3f6b0a5c3	Merge pull request #6123 from yuhaoth/pr/finialize-tls13-serialize_session_save_load TLS 1.3:finalize tls13 serialize session save and load	2022-08-19 08:16:05 +02:00
Leonid Rozenboim	70dfd4c8ac	ssl_tls12_server: fix potential NULL-dereferencing if local certificate was not set. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-08-18 14:39:37 -07:00
Tom Cosgrove	583816caaf	Be explicit about constant time bignum functions that must take a 0 or 1 condition value Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-08-18 14:09:18 +01:00
Dave Rodgman	92cd8642fa	Merge pull request #6090 from hanno-arm/fix_bnmul_arm_v7a Remove encoding width suffix from Arm bignum assembly	2022-08-18 08:48:03 +01:00
Jerry Yu	e28d9745a1	fix coding style issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-18 15:44:03 +08:00
Jerry Yu	3419107e8d	Add checks for ticket and resumption_key fields From RFC 8446 and the definition of session, we should check the length. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-18 11:28:41 +08:00
Dave Rodgman	86c333e79e	Add explicit cast to satisfy compiler Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-17 16:57:26 +01:00
Jerry Yu	e36fdd676c	Change signature of tls13_session_save Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-17 21:50:25 +08:00
Dave Rodgman	392f714153	Fix type used for capturing TLS ticket generation time Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-08-17 12:38:24 +01:00
Dave Rodgman	a7448bf19d	Merge pull request #6141 from mpg/driver-hashes-rsa-v21 Driver hashes rsa v21	2022-08-16 09:52:39 +01:00
Janos Follath	cc93908b88	Bignum: Declare loop variable in loop head In the new bignum files (bignum_core.c, bignum_mod_raw.c and bignum_mod.c) the loop variables are declared in the loop head wherever this change is beneficial. There are loops where the loop variable is used after the end of the loop (this might not be good practice, but that is out of scope for this commit) and others where there are several loop variables and declaring them there would hurt readability. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-15 12:08:49 +01:00
Janos Follath	620c58ced9	Bignum: make const placement consistent Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-15 11:58:42 +01:00
Janos Follath	ed5c8d3d1e	Bignum: make modulus value const The modulus value won't change during normal operations, make this clear in the struct and the function signatures. This won't prevent the caller from modifying the passed buffer, but might give a hint and reinforces the message of the documentation. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-15 11:50:22 +01:00
Janos Follath	138f51c5c8	Fix alphabetic order in makefiles Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-15 11:38:30 +01:00
Gabor Mezei	fd65e82753	Rename structure elements Use better names for structure elements and adopting the convention of the other modules. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 18:09:12 +02:00
Gabor Mezei	c414ba3fc0	Simplify code Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 17:59:53 +02:00
Gabor Mezei	5a5c0c5f0a	Move the declaration of variables to their scope of usage Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 15:40:09 +02:00
Gabor Mezei	7f93264ab1	Change struct element order Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 15:37:27 +02:00
Gabor Mezei	89e31460db	Typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 15:36:56 +02:00
Dave Rodgman	7b1be55484	Merge pull request #5993 from eliteraspberries/android-soname Allow non-versioned library soname.	2022-08-12 13:49:55 +01:00
Gabor Mezei	5f56df44f0	Remove redundant check Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 14:41:54 +02:00
Gabor Mezei	bf9da1dfb1	Do not read if output pointer is NULL Skip reading if output pointer is NULL even if the length of the input buffer is 0. The memory sanitizer will mark this as an error. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-12 14:11:56 +02:00
Mansour Moufid	6a8673092f	Allow non-versioned library soname. Signed-off-by: Mansour Moufid <mansourmoufid@gmail.com>	2022-08-12 11:02:01 +01:00
Janos Follath	6318468183	Improve bignum documentation Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-11 17:42:59 +01:00
Janos Follath	a30b4e5692	Bignum: remove duplicate documentation from source These functions have full documentation in the header. Maintaing two copies does not worth the effort and having an out of sync reduced duplicate is not helpful. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-11 17:15:18 +01:00
Janos Follath	2ab2d3e3e9	Inline mpi_core_clear() This used to resize MPIs in the legacy interface, which is not needed/possible as the new interface has fixed size MPIs. Inlining this function makes the code easier to read and maintain, while there is no obvious drawback to it. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-11 16:16:49 +01:00
Janos Follath	56a10f97ba	Bignum: remove unnecessary NULL pointer checks A null pointer dereference, or null pointer plus small offset, is a clean runtime error in most environments. So it's not particularly useful to protect against this. While at it make a null pointer check that is actually necessary more robust. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-11 15:19:00 +01:00
Janos Follath	296ea66442	Bignum: clean up use of enums - Made use of enums in struct and function declaration - All enums are handled by switch case now - If the switch does nothing on default, omit the default case to make compiler warnings more powerful - The two enums are now disjoint and the value 1 is skipped to make mistakes easier to detect Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-11 14:58:29 +01:00
Jerry Yu	5c28e7aa0e	remove psk key when ephemeral selected ephemeral is selected, `handshake->psk` must be removed. Otherwise the encrypt key will be caculate fail. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	56acc9421c	Write key_share base on key_exchange mode. In ServerHello, write key share should base on key_exchange mode, not base on configuration. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	f0bad2554a	Continue check next psk key when binder mismatch with matched identity and mismatch binder, should check next psk key. Exit with error will break multi-psk cases. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	32e1370fbc	Add config check for pre_shared_key parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	e95c8af266	Align ciphersuite with psk key With OpenSSL and GnuTLS client, if the MAC of ciphersuite does not match selected binder, client will reject connection. This change is to select ciphersuite base on algo of psk binder. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	ccc68a466e	change handshake psk key type for tls13 PSK key type of TLS1.3 must be HKDF_EXTRACT and the algo is decided when create binder Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Ronald Cron	295d93ebe8	Add psk handshake with gnutls Signed-off-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Jerry Yu	40f3771e18	Add handshake psk export function. Rename `ssl_tls13_get_psk` and export the function. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-11 21:25:35 +08:00
Przemek Stekiel	71bf28bb34	Fix include file path Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Przemek Stekiel	f98b57f231	Initialize status/ret to error value Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Przemek Stekiel	2aae040615	make ret_from_status() global function and move it to has_info.[ch] Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Przemek Stekiel	712bb9c5af	Use more suitable function for checking if hash is supported Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard	79b99f47a1	Fix definition of MD_OR_PSA macros The code will make the decision based on availability of MD, not of MD+this_hash. The later would only be possible at runtime (the hash isn't known until then, that's the whole point of MD), so we'd need to have both MD-based and PSA-based code paths in a single build, which would have a very negative impact on code size. So, instead, we choose based on the presence of MD, which is know at compile time, so we only have one of the two code paths in each build. Adjust the macros so that they match the logic of the code using them. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:50:06 +02:00
Manuel Pégourié-Gonnard	077ba8489d	PKCS#1 v2.1 now builds with PSA if no MD_C Test coverage not there yet, as the entire test_suite_pkcs1_v21 is skipped so far - dependencies to be adjusted in a future commit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	faa3b4e0c3	Get rid of md_info outside helper functions Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	35c09e4824	Introduce compute_hash() function This allows callers not to worry with md_info and makes it easier to provide a PSA version for when MD_C is not available. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	f701acc088	Extract common code into hash_mprime() This will also make it easier to provide a PSA-based version for when MD is not available. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	f3a6755450	Simplify callers of mgf_mask() Some of them no longer need md_ctx, some of those no longer need the exit dance that was used to free it, or need it on a smaller scope. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Manuel Pégourié-Gonnard	259c213545	Tune API of internal function mgf_mask in RSA This is a first step towards making a version of this function that uses PSA when MD is not available. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-08-11 12:47:02 +02:00
Dave Rodgman	8a9f88899d	Merge pull request #6186 from leorosen/ssl_tls_null_on_invalid_code ssl_tls: avoid the appearance of a potential NULL dereferencing	2022-08-11 10:12:34 +01:00
kXuan	9ac6b28e27	ctr_drbg: remove mbedtls_aes_init call from mbedtls_ctr_drbg_seed Since `11e9310` add mbedtls_aes_init call in mbedtls_ctr_drbg_init, it should not init aes_ctx again in mbedtls_ctr_drbg_seed. Signed-off-by: kXuan <kxuanobj@gmail.com>	2022-08-11 16:38:45 +08:00
Janos Follath	d0895708e2	Bignum: move internal constants to headers Now that the check_names script allows it, we can do so. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-10 13:32:16 +01:00
kXuan	11e9310fd1	ctr_drbg: fix free uninitialized aes context Application may enabled AES_ALT and define mbedtls_aes_context by its own. The initial state of user-defined mbedtls_aes_context may not all byte zero. In mbedtls_ctr_drbg_init, the code set all byte to zero, including the AES context nested in the ctr_drbg context. And in mbedtls_ctr_drbg_free, the code calls mbedtls_aes_free on an AES context without calling mbedtls_aes_init. If user-defined AES context requires an non-zero init, the mbedtls_aes_free call in mbedtls_ctr_drbg_free is illegal. This patch fix this issue by add mbedtls_aes_init in mbedtls_ctr_drbg_init. So aes context will always be initialized to correct state. Signed-off-by: kXuan <kxuanobj@gmail.com>	2022-08-10 16:43:28 +08:00
Leonid Rozenboim	e9d8dcdbf5	ssl_tls: avoid the appearance of a potential NULL dereferencing Looking at the bigger picture it is clear that if `ssl->session` is NULL, there will be a failure much earlier, and that is well protected from, however, the practice of dereferencing a pointer which has not been verified in prior for validity goes against secure coding practices. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-08-09 12:34:30 -07:00
Janos Follath	c47c0569d4	Remove VALIDATE macros from bignum_core.c They are deprecated and are declared to be empty anyway. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-09 13:54:43 +01:00
Janos Follath	d1baedb786	Bignum: extract bignum_mod.h functions Extract functions declared in bignum_mod.h into a source file with a matching name. We are doing this because: - This is a general best practice/convention - We hope that this will make resolving merge conflicts in the future easier - Having them in a unified source file is a premature optimisation at this point This makes library/bignum_new.c empty and therefore it is deleted. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-09 13:44:53 +01:00
Janos Follath	0ded631879	Bignum: extract bignum_mod_raw.h functions Extract functions declared in bignum_mod_raw.h into a source file with a matching name. We are doing this because: - This is a general best practice/convention - We hope that this will make resolving merge conflicts in the future easier - Having them in a unified source file is a premature optimisation at this point Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-09 13:34:54 +01:00
Janos Follath	3ca0775e59	Bignum: extract bignum_core.h functions Extract functions declared in bignum_core.h into a source file with a matching name. We are doing this because: - This is a general best practice/convention - We hope that this will make resolving merge conflicts in the future easier - Having them in a unified source file is a premature optimisation at this point Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-09 11:45:47 +01:00
Dave Rodgman	f421d45869	Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype Fix build error due to missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled	2022-08-09 11:27:42 +01:00
Dave Rodgman	953ce3962f	Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12 Add rsa pss rsae for tls12	2022-08-09 10:21:45 +01:00
Janos Follath	dae1147596	Improve Bignum documentation Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-08 11:50:02 +01:00
Janos Follath	8ff0729dd7	Fix typos in Bignum documentation Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-08 08:39:52 +01:00
Gabor Mezei	6666914b76	Revert "Move Bignum macros to common header" This reverts commit 62c5901f0a5061a8825e19c77f88c91fea235078. Reverting commit due the macros are meant to be local and not following the naming convention. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:10:51 +01:00
Gabor Mezei	37b06360b3	Add documentation for new bignum functions Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:10:51 +01:00
Gabor Mezei	c0b9304f92	Use value as numerical value instead of bitfield value Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:08:53 +01:00
Gabor Mezei	d8f5bc2d3d	Free the correct struct element Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:08:53 +01:00
Gabor Mezei	535f36d203	Unify parameter naming Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:08:53 +01:00
Gabor Mezei	e66b1d47ed	Typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	8b718b5a66	Add bounds check to residue input Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	23bdeca64d	Add core constant time comparison Unfortunately reusing the new function from the signed constant time comparison is not trivial. One option would be to do temporary conditional swaps which would prevent qualifying input to const. Another way would be to add an additional flag for the sign and make it an integral part of the computation, which would defeat the purpose of having an unsigned core comparison. Going with two separate function for now and the signed version can be retired/compiled out with the legacy API eventually. The new function in theory could be placed into either `library/constant_time.c` or `library/bignum_new.c`. Going with the first as the other functions in the second are not constant time yet and this distinction seems more valuable for new (as opposed to belonging to the `_core` functions. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	5f016650d7	Reuse Bignum core I/O functions Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	91dc67d31c	Allow (NULL, 0) as a representation of 0 - We don't check for NULL pointers this deep in the library - Accessing a NULL pointer when the limb number is 0 as a mistake is the very similar to any other out of bounds access - We could potentially mandate at least 1 limb representation for 0 but we either would need to enforce it or the implementation would be less robust. - Allowing zero limb representation - (NULL, 0) in particular - for zero is present in the legacy interface, if we disallow it, the compatibility code will need to deal with this (more code size and opportunities for mistakes) In summary, interpreting (NULL, 0) as the number zero in the core interface is the least of the two evils. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	4670f88991	Reuse Bignum helper functions Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	4614b9ad1b	Move Bignum macros to common header Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:08:52 +01:00
Janos Follath	f1d617deb8	Add tests for big endian core I/O The test case where there were extra limbs in the MPI failed and this commit contains the corresponding fix as well. (We used to use the minimum required limbs instead of the actual limbs present.) Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:06:31 +01:00
Janos Follath	ba5c139e4c	Add more validation to modulus life cycle Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:03:56 +01:00
Janos Follath	281ccda8a5	Clean up mpi_mod_init/free Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:03:56 +01:00
Janos Follath	5005edb36c	Fix typos Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-08-05 17:03:56 +01:00
Gabor Mezei	c5328cf9a6	Add a set of I/O functions for the modulus structure Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:03:56 +01:00
Gabor Mezei	b903070cec	Add a set of I/O functions Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:03:56 +01:00
Gabor Mezei	0c655572dc	Build the new bignum_new.c file Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:03:56 +01:00
Gabor Mezei	f049dbfe94	Add the new modulus and the residue structures Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-08-05 17:03:56 +01:00
Gilles Peskine	b3edc1576c	Merge pull request #2602 from edsiper/crt-symlink x509_crt: handle properly broken links when looking for certificates	2022-08-03 13:05:29 +02:00
Gilles Peskine	07e7fe516b	Merge pull request #6088 from tuvshinzayaArm/validation_remove_change_curve Validation remove and change in files related to curve in library	2022-08-03 13:05:16 +02:00
Gilles Peskine	7e1ee0f04b	Merge pull request #6114 from mman/development Use double quotes to include private header file psa_crypto_cipher.h	2022-08-03 13:04:57 +02:00
Martin Man	4741e0b56c	Use double quotes to include private header file psa_crypto_cipher.h Signed-off-by: Martin Man <mman@martinman.net> Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>	2022-08-02 12:44:35 +02:00
Aditya Patwardhan	3096f331ee	Fix missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled Added the changelog.d entry Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>	2022-08-02 11:15:18 +05:30
Dave Rodgman	919ff15ecf	Merge pull request #4686 from Kazuyuki-Kimura/patch_#2020 Fixed a bug that the little-endian Microblaze does not work when MBEDTLS_HAVE_ASM is defined	2022-07-29 17:08:11 +01:00
Dave Rodgman	27036c9e28	Merge pull request #6142 from tom-cosgrove-arm/fix-comments-in-docs-and-comments Fix a/an typos in doxygen and other comments	2022-07-29 12:59:05 +01:00
Jerry Yu	c3bf748dc7	fix vertical alignment Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-29 10:27:17 +08:00
Jerry Yu	09a99fcf8a	Add rsa_pss_rsae_* sig algos for tls12 default Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Jerry Yu	379b1ff3a5	remove useless comment Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Jerry Yu	95b743ca17	Rename get_pk_type_and_md_alg The function is for both tls12 and tls13 now. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Jerry Yu	693a47ab1d	add rsa_pss_rsae_* support in tls12 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-28 23:08:00 +08:00
Tuvshinzaya Erdenekhuu	86669de348	Broke 2 long lines Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-28 10:31:16 +01:00
Dave Rodgman	aba26d0099	Merge pull request #5963 from tom-daubney-arm/remove_ssl_compression_new Remove use of SSL session compression	2022-07-28 10:28:23 +01:00
Manuel Pégourié-Gonnard	f6b8c3297a	Merge pull request #6065 from mpg/explore2 Driver-only hashes: RSA 1.5 and PK + strategy doc	2022-07-28 10:43:38 +02:00
Tom Cosgrove	ce7f18c00b	Fix a/an typos in doxygen and other comments Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-07-28 05:50:56 +01:00
Manuel Pégourié-Gonnard	68429fc44d	Fix a few more typos Update link while at it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-27 20:44:02 +02:00
Tuvshinzaya Erdenekhuu	22f3654324	Remove NULL pointer validation in ecp.c Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 15:21:48 +01:00
Tuvshinzaya Erdenekhuu	a891f83803	Re-introduce ENUM validation in ecjpake.c Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 15:20:08 +01:00
Tuvshinzaya Erdenekhuu	2b1ecdaf4e	Remove NULL pointer validation in ecjpake.c Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 15:20:08 +01:00
Tuvshinzaya Erdenekhuu	f69cac784a	Reintroduce enum validation ecdh.c Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 14:43:38 +01:00
Tuvshinzaya Erdenekhuu	7857caadcd	Remove NULL pointer validation in ecdh.c Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 14:40:47 +01:00
Tuvshinzaya Erdenekhuu	375950f119	Remove NULL pointer validations in ecdsa.c Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>	2022-07-27 14:28:20 +01:00
Thomas Daubney	31e03a8e15	Replace hard-coded zeroes for constant Replace two occurances of hard-coded zero for MBEDTLS_SSL_COMPRESS_NULL in TLS 1.3 code. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-07-26 16:13:23 +01:00
Thomas Daubney	54e38ea9cd	Remove remaining references to compression in docs Some references to compression exist in the docs. This commit removes those instances. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-07-26 16:13:23 +01:00
Thomas Daubney	20f89a9605	Remove uses of SSL compression Remove or modify current uses of session compression. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2022-07-26 16:13:03 +01:00
Manuel Pégourié-Gonnard	de9ffe37ab	Fix typos in hash_info.[ch] Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-26 10:20:52 +02:00
Ronald Cron	e579ece305	Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load TLS 1.3: Add serialize session save load I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in #6123. Thus I am ok to merge it as it is.	2022-07-23 08:57:11 +02:00
Ronald Cron	340c559cb3	Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.	2022-07-23 08:50:45 +02:00
Jerry Yu	13ab81d5ac	Add handshake failure in pre_shared_key withou psk_kex_modes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:17:11 +08:00
Jerry Yu	bc7c1a4260	fix typo/format/name issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:09:40 +08:00
Jerry Yu	438ddd835b	Add tls13 session save/load Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:08:43 +08:00
Jerry Yu	a66fecebe7	Add endpoint/ticket_flag field for session Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:08:43 +08:00
Jerry Yu	6f1db3fc92	fix format and potential non-PSK fail issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 23:05:59 +08:00
Jerry Yu	ce6ed7076a	Change the order of key_exchange determine Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 21:49:53 +08:00
Jerry Yu	ba9b6e9e53	fix unkown identity case Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 21:45:05 +08:00
Jerry Yu	568ec2502a	fix format/name issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 21:27:34 +08:00
Jerry Yu	2f0abc94d8	fix typo/type/format issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-22 19:34:48 +08:00
Ronald Cron	4beb870fa8	Merge pull request #6064 from xkqian/tls13_add_psk Add psk code to tls13 client side	2022-07-22 11:35:05 +02:00
Dave Rodgman	a948f0588c	Merge pull request #1986 from jacmet/bn_mul-fix-x86-pic-compilation-for-gcc-4 bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5	2022-07-21 17:34:48 +01:00
Jerry Yu	77f0148e11	Add psk/psk_ephemeral key exchange check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 23:27:22 +08:00
Ronald Cron	32578b3bd0	Merge pull request #6069 from yuhaoth/pr/add-tls13-write-new-session-ticket TLS 1.3:add tls13 write new session ticket Validated by the internal CI and Travis.	2022-07-21 16:17:35 +02:00
XiaokangQian	bee71453b2	Improve the buffer pointer check in write pre_shared key Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	3ad67bf4e3	Rename functions and add test messages Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	7c12d31813	Refine comments for psk related code Change-Id: Iff5c176bb902919abc8d4fb78a185aa68704a791 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	8698195566	Address comments of various issues Improve comments Change coding style Rename functions Change-Id: Ia111aef303932cfeee693431c3d48f90342b32e5 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	adab9a6440	Fix transcript issues and add cases against openssl Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	008d2bf80b	Address comments in psk client review Improve comments Refine cipher suite related code in psk Refine get_psk_offered() Change-Id: Ic3b0b5f86eb1e71f11bb499961aa8494284f1840 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
XiaokangQian	eb69aee6af	Add psk code to tls13 client side Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-07-21 15:30:04 +02:00
Manuel Pégourié-Gonnard	73692b7537	Rework macros expressing dependencies Fix usage with sed: s/MBEDTLS_OR_PSA_WANT_$[A-Z_0-9]$/MBEDTLS_HAS_\1_VIA_LOWLEVEL_OR_PSA/ s/MBEDTLS_USE_PSA_WANT_$[A-Z_0-9]$/MBEDTLS_HAS_\1_VIA_MD_OR_PSA_BASED_ON_USE_PSA/ Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-21 12:11:53 +02:00
Jerry Yu	96a2e368dc	TLS 1.3: Add pre-shared-key multiple psk parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 18:00:13 +08:00
Jerry Yu	6119715e05	Change type cast to size_t Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:28:02 +08:00
Jerry Yu	1c9247cff4	TLS 1.3: Add pre_share_key last ext check From RFC, pre_share_key must be the last one. Add check for it. And with/without psk, it should be check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	352cd7db59	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	daf375aa8b	fix issues of check_binder_match Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	bb852029f4	fix naming issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	6e74a7e3c7	Add check return flags Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	997549353e	fix various code format issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	032b15ce5e	Add write selected_identity Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	1c105560b4	add offered psks parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Jerry Yu	6dcd18d55b	export hdr checksum function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 16:19:50 +08:00
Ronald Cron	bc817bac76	TLS 1.3: Limit scope of tls13_kex_modes handshake field Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-21 09:43:53 +02:00
Jerry Yu	fca4d579a4	fix various issues - unnecessary comments - format issue - improve readability Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-21 10:37:48 +08:00
Ronald Cron	799077177b	TLS 1.3: Use selected key exchange mode field Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-20 17:49:58 +02:00
Ronald Cron	853854958f	TLS 1.3: Add selected key exchange mode field Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-20 17:49:22 +02:00
Ronald Cron	7f9ccfeccc	TLS 1.3: Remove unnecessary key exchange mode check If there is a PSK involved in the key exchange and thus no certificate we do not go through the MBEDTLS_SSL_CERTIFICATE_REQUEST state thus there is no reason to check that in the coordination function of that state. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-20 17:47:23 +02:00
Ronald Cron	2d8b7ac898	TLS 1.3: Fix selected key exchange mode check ECDHE operations have to be done in ephemeral and PSK-ephemeral key exchange mode, not just ephemeral key exhange mode. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-07-20 17:46:58 +02:00
Dave Rodgman	fa40b02da3	Remove use of lstat lstat is not available on some platforms (e.g. Ubuntu 16.04). In this particular case stat is sufficient. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-20 16:10:33 +01:00
Jerry Yu	6cb4fcd1a5	Remove key exchange mode check. This change does not meet RFC requirements. It should be revert after key exchange mode issue fixed Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 22:41:00 +08:00
Jerry Yu	e67bef4aba	Add tls13 write new session ticket Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 22:41:00 +08:00
Jerry Yu	251a12e942	Add dummy session save Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 22:40:59 +08:00
Dave Rodgman	7085aa42ee	Merge pull request #5896 from wernerlewis/aes_shallow_copy Refactor AES context to be shallow-copyable	2022-07-20 15:16:37 +01:00
Dave Rodgman	103f8b6506	Spelling and grammar improvements Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-20 14:37:08 +01:00
Dave Rodgman	935154ef04	Don't increase failure count for dangling symlinks Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-20 14:37:07 +01:00
Eduardo Silva	e1bfffc4f6	x509_crt: handle properly broken links when looking for certificates On non-windows environments, when loading certificates from a given path through mbedtls_x509_crt_parse_path() function, if a symbolic link is found and is broken (meaning the target file don't exists), the function is returning MBEDTLS_ERR_X509_FILE_IO_ERROR which is not honoring the default behavior of just skip the bad certificate file and increase the counter of wrong files. The problem have been raised many times in our open source project called Fluent Bit which depends on MbedTLS: https://github.com/fluent/fluent-bit/issues/843#issuecomment-486388209 The expected behavior is that if a simple certificate cannot be processed, it should just be skipped. This patch implements a workaround with lstat(2) and stat(2) to determinate first if the entry found in the directory is a symbolic link or not, if is a simbolic link, do a proper stat(2) for the target file, otherwise process normally. Upon find a broken symbolic link it will increase the counter of not processed certificates. Signed-off-by: Eduardo Silva <eduardo@treaure-data.com>	2022-07-20 14:36:12 +01:00
Jerry Yu	3afdf36de7	Add hash length check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 18:12:08 +08:00
Jerry Yu	0a430c8aaf	Rename resumption_key and the hardcode len `resumption_key` is better name. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	b14413804a	Remove ticket_flags It should be added later. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	08aed4def9	fix comments and time_t type issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	a0446a0344	Add check_return flag Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	4e6c42a533	fix various issues - wrong typo - unnecessary comments/debug code - wrong location Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	cb3b1396f3	move resume psk ticket computation to end Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	af2c0c8dd6	fix various comment/format issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	a357cf4d4c	Rename new_session_ticket state Both client and server side use `MBEDTLS_SSL_NEW_SESSION_TICKET` now Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	f8a4994ec7	Add tls13 new session ticket parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	c62ae5f539	Add new session ticket message check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Jerry Yu	a270f67340	Add tls13 session fields Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-20 11:07:29 +08:00
Manuel Pégourié-Gonnard	d82a9edc63	Rm now-duplicate helper function Again, the guards are slightly different, let's see in the CI if this causes any trouble. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard	130fa4d376	Rm local helper now that a global one is available There is a small difference: the global function only works for hashes that are included in the build, while the old one worked for all hashes regardless of whether they were enabled or not. We'll see in the CI is this causes any issues. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard	abac037a7b	Migrate from old inline to new actual function. This is mostly: sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \ library/.c tests/suites/.function This should be good for code size as the old inline function was used from 10 translation units inside the library, so we have 10 copies at least. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 21:28:38 +02:00
Manuel Pégourié-Gonnard	4772884133	New internal module for managing hash information Using static inline functions is bad for code size; the function from md_internal.h was already used from 3 different C files, so already was copied at least 3 times in the library, and this would only get worse over time. Use actual functions, and also share the actual data between them. Provide a consistent set of operations. Conversion to/from human-readable string was omitted for now but could be added later if needed. In the future, this can be used to replace other similar (inline) functions that are currently scattered, including (but perhaps not limited to): - mbedtls_psa_translate_md() from psa_util.h - mbedtls_md_info_from_psa() (indirectly) from psa_crypto_hash.h - get_md_alg_from_psa() from psa_crypto_rsa.c Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 21:28:38 +02:00
Peter Korsgaard	c0546e351f	bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5 Fixes #1910 With ebx added to the MULADDC_STOP clobber list to fix #1550, the inline assembly fails to build with GCC < 5 in PIC mode with the following error: include/mbedtls/bn_mul.h:46:13: error: PIC register clobbered by ‘ebx’ in ‘asm’ This is because older GCC versions treated the x86 ebx register (which is used for the GOT) as a fixed reserved register when building as PIC. This is fixed by an improved register allocator in GCC 5+. From the release notes: Register allocation improvements: Reuse of the PIC hard register, instead of using a fixed register, was implemented on x86/x86-64 targets. This improves generated PIC code performance as more hard registers can be used. https://www.gnu.org/software/gcc/gcc-5/changes.html As a workaround, detect this situation and disable the inline assembly, similar to the MULADDC_CANNOT_USE_R7 logic. Signed-off-by: Peter Korsgaard <peter@korsgaard.com>	2022-07-18 17:31:13 +01:00
Manuel Pégourié-Gonnard	1c402a4217	Remove macro that's no longer used It was only used in test_suite_pk which was fixed to no longer compute hashes in a temporary buffer. Also, it's not entirely clear is this macro was really a good idea: perhaps it's better for each user to have an explicit #if defined(MBEDTSL_USE_PSA_CRYPTO) and use either MBEDTLS_MD_MAX_SIZE or PSA_HASH_MAX_SIZE in each branch of that #if. So, removing it for the time being. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-18 12:49:19 +02:00
Ronald Cron	d5b1eb51db	Merge pull request #6078 from yuhaoth/pr/add-tls13-paser-psk-kex-mode-ext TLS 1.3: PSK: Add parser of psk kex mode ext on server side	2022-07-18 11:34:24 +02:00
Hanno Becker	907a367b50	Remove explicit width suffixes from Arm bignum assembly Within the M-profile of the Arm architecture, some instructions admit both a 16-bit and a 32-bit encoding. For those instructions, some assemblers support the use of the .n (narrow) and .w (wide) suffixes to force a choice of instruction encoding width. Forcing the size of encodings may be useful to ensure alignment of code, which can have a significant performance impact on some microarchitectures. It is for this reason that a previous commit introduced explicit .w suffixes into what was believed to be M-profile only assembly in library/bn_mul.h. This change, however, introduced two issues: - First, the assembly block in question is used also for Armv7-A systems, on which the .n/.w distinction is not meaningful (all instructions are 32-bit). - Second, compiler support for .n/.w suffixes appears patchy, leading to compilation failures even when building for M-profile targets. This commit removes the .w annotations in order to restore working code, deferring controlled re-introduction for the sake of performance. Fixes #6089. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2022-07-15 12:00:58 +01:00
Manuel Pégourié-Gonnard	f88b1b5375	Introduce MBEDTLS_OR_PSA_WANT_xxx helper macros Currently just replacing existing uses, but the real point of having these conditions as a single macro is that we'll be able to use them in tests case dependencies, see next commit. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-15 12:08:14 +02:00
Jerry Yu	854dd9e23f	fix comment issue Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com> Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-15 14:38:38 +08:00
Jerry Yu	299e31f10e	fix various issue - remove unused test case - add alert message - improve readabitlity Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-13 23:06:36 +08:00
Paul Elliott	af4b90db3f	Revert "Add missing library/psa_crypto_driver_wrappers.c" This reverts commit `c2a9387110` Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-12 11:30:17 +01:00
Paul Elliott	81c69b547a	Revert "Revert "Revert "Add generated files for 3.2.0 release""" This reverts commit `185d24ba0e`. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-12 11:29:34 +01:00
Jerry Yu	e19e3b9eb8	Add psk_key_exchange_modes parser Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-12 09:53:35 +00:00
Paul Elliott	cd08ba0326	Bump version to 3.2.1 Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-12 10:51:55 +01:00
Dave Rodgman	c2a9387110	Add missing library/psa_crypto_driver_wrappers.c Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-07-12 10:51:55 +01:00
Dave Rodgman	185d24ba0e	Revert "Revert "Add generated files for 3.2.0 release"" This reverts commit `7adb8cbc0e`. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-12 10:51:44 +01:00
Manuel Pégourié-Gonnard	043c8c5de8	Add USE_PSA version of PK test functions While at it, also fix buffer size for functions that already depend on USE_PSA: it should be PSA_HASH_MAX_SIZE for functions that always use PSA, and the new macro MBEDTLS_USE_PSA_MD_MAX_SIZE for functions that use it or not depending on USE_PSA. The only case where MBEDTLS_MD_MAX_SIZE is OK is when the function always uses MD - currently this is the case with pk_sign_verify_restart() as it is incompatible with USE_PSA anyway. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:20 +02:00
Manuel Pégourié-Gonnard	5508673832	Add helper macros for dependencies based on USE_PSA For now in an internal header as it's the safest option and that way we can change whenever we want. Later on if we think the macros can be useful to applications as well then we can move them to a public location. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard	3f4778995e	Rm dependency on MD in psa_crypto_rsa.c The previous commit made the PKCS#1v1.5 part of rsa.c independent from md.c, but there was still a dependency in the corresponding part in PSA. This commit removes it. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard	fe2b9b5397	Make mbedtls_oid_get_md_alg() always available This is a step towards building with RSA PKCS#1v1.5 without MD. Also loosen guards around oid data: the OID definitions clearly don't depend on our software implementation. We could simply have no dependency as this is just data. But for the sake of code size, let's have some guards so that people who don't use MD5, SHA1 or RIPEMD160 don't have to pay the price for them. Note: this is used for RSA (PKCS#v1.5) signatures among other things, an area that is not influenced by USE_PSA, so the guards should not depend on it either. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:19 +02:00
Manuel Pégourié-Gonnard	f493f2ad1d	Use md_internal_get_size() in rsa.c Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard	3356b89b64	Add missing guard around call to MD PKCS#1 v1.5 mostly does not need hash operations. This is a first step towards allowing builds with PKCS#1 v1.5 only (no v2.1) without MD. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard	a370e06e30	Avoid dependency of PK on MD Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:18 +02:00
Manuel Pégourié-Gonnard	d8a298e1fc	Add internal MD size getter Modules / tests that only need to get the size of a hash from its type, without actually computing a hash, need not depend on MD_C. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-07-12 11:11:18 +02:00
Paul Elliott	7adb8cbc0e	Revert "Add generated files for 3.2.0 release" This reverts commit `cb21f2eab3`. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 18:18:30 +01:00
Paul Elliott	cb21f2eab3	Add generated files for 3.2.0 release Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 13:56:01 +01:00
Paul Elliott	20362cd1ca	Bump library and so versions for 3.2.0 release Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 13:56:01 +01:00
Paul Elliott	f518f81d41	Ensure return for mbedtls_ssl_write_alpn_ext() is checked Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-11 12:37:47 +01:00
Ronald Cron	ce7d76e2ee	Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr	2022-07-11 10:22:37 +02:00
Paul Elliott	6e80e09bd1	Merge pull request #5915 from AndrzejKurek/cid-resumption-clash Fix DTLS 1.2 session resumption	2022-07-06 15:03:36 +01:00
Andrzej Kurek	21b50808cd	Clarify the need for calling mbedtls_ssl_derive_keys after extension parsing Use a more straightforward condition to note that session resumption is happening. Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-06 03:26:55 -04:00
Werner Lewis	c1999d5746	Add fallback when rk unaligned with padlock Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-07-05 11:55:15 +01:00
Andrzej Kurek	92d7417d89	Formatting fixes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-07-04 10:21:59 -04:00
Paul Elliott	072d2b094d	Add pem_free() to other error paths in pk_parse_public_key() Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-04 06:49:26 -04:00
Leonid Rozenboim	116f50cd96	Fix resource leaks These potential leaks were flagged by the Coverity static analyzer. Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>	2022-07-04 06:49:26 -04:00
Manuel Pégourié-Gonnard	4d7af2aee0	Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection Permissions 2a: TLS 1.2 ciphersuite selection	2022-07-04 12:37:02 +02:00
Paul Elliott	41aa808a56	Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf Turn off stdio buffering with setbuf()	2022-07-04 10:12:22 +01:00
Ronald Cron	0e39ece23f	Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk Refactor signature algorithm chooser	2022-07-04 09:10:08 +02:00
Paul Elliott	bae7a1a5a6	Merge pull request #5620 from gstrauss/dn_hints Add accessors to config DN hints for cert request	2022-07-01 17:23:14 +01:00
Paul Elliott	c466ec2e73	Fix code formatting Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-07-01 16:43:25 +01:00
Neil Armstrong	971f30d917	Fix mbedtls_ssl_get_ciphersuite_sig_alg() by returning MBEDTLS_PK_NONE for MBEDTLS_KEY_EXCHANGE_RSA Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-07-01 16:23:50 +02:00
Manuel Pégourié-Gonnard	8b8a1610f7	Merge pull request #936 from paul-elliott-arm/fix_tls_record_size_check Fix the wrong variable being used for TLS record size checks	2022-07-01 12:29:48 +02:00
Jerry Yu	52b7d923fe	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-07-01 18:12:44 +08:00
Neil Armstrong	96eceb8022	Refine mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg() when USE_PSA_CRYPTO is selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-30 18:05:05 +02:00
Gilles Peskine	da0913ba6b	Call setbuf when reading or writing files: library After opening a file containing sensitive data, call mbedtls_setbuf() to disable buffering. This way, we don't expose sensitive data to a memory disclosure vulnerability in a buffer outside our control. This commit adds a call to mbedtls_setbuf() after each call to fopen(), except: * In ctr_drbg.c, in load_file(), because this is only used for DH parameters and they are not confidential data. * In psa_its_file.c, in psa_its_remove(), because the file is only opened to check its existence, we don't read data from it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 17:03:40 +02:00
Gilles Peskine	6497b5a1d1	Add setbuf platform function Add a platform function mbedtls_setbuf(), defaulting to setbuf(). The intent is to allow disabling stdio buffering when reading or writing files with sensitive data, because this exposes the sensitive data to a subsequent memory disclosure vulnerability. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-30 17:01:40 +02:00
Ronald Cron	cb67e1a890	Merge pull request #5917 from gilles-peskine-arm/asn1write-0-fix Improve ASN.1 write tests	2022-06-30 15:42:16 +02:00
Paul Elliott	f6a56cf5ff	Merge pull request #939 from ronald-cron-arm/tls13-add-missing-overread-check TLS 1.3: Add missing overread check	2022-06-29 17:01:14 +01:00
Werner Lewis	7656a373b6	Reformat AES changes for readability Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-29 16:17:50 +01:00
Werner Lewis	dd76ef359d	Refactor AES context to be shallow-copyable Replace RK pointer in AES context with a buffer offset, to allow shallow copying. Fixes #2147. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-29 16:17:50 +01:00
Dave Rodgman	5b50f38f92	Merge pull request #934 from gilles-peskine-arm/mpi-0-mod-2 Fix null pointer dereference in mpi_mod_int(0, 2)	2022-06-29 15:02:59 +01:00
Jerry Yu	2fe6c638e2	remove supported check from parse sig algs Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:20:17 +08:00
Jerry Yu	959e5e030b	fix format issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:20:17 +08:00
Jerry Yu	660cb4209c	Remove pkcs1 from key cert and sig alg map Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:20:17 +08:00
Jerry Yu	71b18844ff	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:19:49 +08:00
Jerry Yu	9d3e2fa372	Add negative tests Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:19:06 +08:00
Manuel Pégourié-Gonnard	2f244c43b4	Merge pull request #5980 from mprse/md_dep_fix Remove MD dependencies from mbedtls_x509_sig_alg_gets(), ssl_tls13_parse_certificate_verify()	2022-06-29 10:18:41 +02:00
Jerry Yu	c2e0493e6e	Add rsa_pkcs1 for cert sig match Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:18:31 +08:00
Jerry Yu	cc5391048e	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:18:30 +08:00
Jerry Yu	ee28e7a21d	add tests for select sig alg Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:17:06 +08:00
Jerry Yu	aebaaaf527	add debug messages Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:09 +08:00
Jerry Yu	430db6b6ff	Remove hack fix for server hybrid issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:09 +08:00
Jerry Yu	a1255e6b8c	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:09 +08:00
Jerry Yu	9bb3ee436b	Revert rsa_pss_rsae_* support for tls12 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	53f5c15155	Add debug message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	80dd5db808	Remove pkcs1 from certificate verify. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	d4a71a57a8	Add tls12 algorithms in hybrid mode client hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	5ef71f2723	remove rsa_pkcs1_* from tls13 support list Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	f085678879	remove unnecessary check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	6272c4d4aa	Revert unnecessary space change Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	96ee23eb88	fix tls12 openssl/gnutls server fail To test version negotiation with tls12 OpenSSL/GnuTLS server, If `rsa_pss_rsae_` were sent to server before `rsa_pkcs_`, server will return `rsa_pss_rsae_` as key exchange sig alg. OpenSSL/GnuTLS can work with this case. mbedTLS will fail due to `rsa_pss_rsae_` unsupported. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	ba5e379697	Revert order of default sig_algs Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	3f71ca0941	Remove rsa_pss_rsae_* from tls12 sig_algs Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	0c6be8f863	move big function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:07 +08:00
Jerry Yu	3896ac6e5b	fix ordered sig algs fail for openssl Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:06 +08:00
Jerry Yu	f3b46b5082	Add debug message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:05 +08:00
Jerry Yu	d099cf0325	fix unused variable issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:47 +08:00
Jerry Yu	f55886a217	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:46 +08:00
Jerry Yu	6babfee178	remove out of scope codes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:46 +08:00
Jerry Yu	fb526693c1	Rename sig_alg cert_key check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:45 +08:00
Jerry Yu	f0cda410a4	remove default sig_hashes And add pss_rsae_* sig_algs to fix `Handshake TLS 1.3` test fails, which is part of `test_suite_ssl` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:45 +08:00
Jerry Yu	7ab7f2b184	Remove pkcs1 from certificate_verify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:44 +08:00
Jerry Yu	08524c55f9	remove pkcs1_* support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:44 +08:00
Jerry Yu	0ebce95785	create tls12/tls13 sig alg support check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:43 +08:00
Jerry Yu	f249ef7821	refactor get sig algo from pk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:40 +08:00
Ronald Cron	7898fd456a	Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server TLS 1.3 server: Send dummy change_cipher_spec records The internal CI PR-merge job ran successfully thus good to go.	2022-06-29 09:47:49 +02:00
Glenn Strauss	bd10c4e2af	Test accessors to config DN hints for cert request Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-29 02:54:28 -04:00
Gilles Peskine	d86abf2392	Merge pull request #5861 from wernerlewis/csr_subject_comma Fix output of commas and other special characters in X509 DN values	2022-06-28 21:00:49 +02:00
Glenn Strauss	999ef70b27	Add accessors to config DN hints for cert request mbedtls_ssl_conf_dn_hints() mbedtls_ssl_set_hs_dn_hints() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-28 12:43:59 -04:00
Neil Armstrong	9f1176a793	Move preferred_hash_for_sig_alg() check after ssl_pick_cert() and check if hash alg is supported with mbedtls_pk_can_do_ext() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:12:17 +02:00
Neil Armstrong	9f4606e6d2	Rename mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX in mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:12:17 +02:00
Neil Armstrong	0c9c10a401	Introduce mbedtls_ssl_get_ciphersuite_sig_pk_ext_alg() and use it in ssl_pick_cert() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-06-28 18:10:48 +02:00
Gabor Mezei	f7044eaec8	Fix name Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 16:01:49 +02:00
Ronald Cron	e99ec7cb6a	Merge pull request #5908 from ronald-cron-arm/tls13-fixes-doc TLS 1.3: Fixes and add documentation Validated by the internal CI, no need to wait for the Open CI.	2022-06-28 12:16:17 +02:00
Gabor Mezei	96ae926572	Typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 11:56:26 +02:00
Gabor Mezei	5471912269	Move switching to handshake transform after sending CCS record Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 11:56:26 +02:00
Gabor Mezei	05ebf3be74	Revert "Do not encrypt CCS records" This reverts commit `96ec831385`. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-28 11:55:35 +02:00
Przemek Stekiel	4dc874453e	ssl_tls13_parse_certificate_verify(): optimize the code Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-28 11:05:42 +02:00
Manuel Pégourié-Gonnard	273453f126	Merge pull request #5983 from gstrauss/inline-mbedtls_x509_dn_get_next Inline mbedtls_x509_dn_get_next() in x509.h	2022-06-28 10:13:58 +02:00
Ronald Cron	11b5332ffc	tls13: Fix certificate extension size write Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	81a334fc02	tls13: Fix buffer overread checks in ssl_tls13_parse_alpn_ext() Some coding style alignement as well. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	7b8404608a	tls13: Rename ssl_tls13_write_hello_retry_request_coordinate Rename ssl_tls13_write_hello_retry_request_coordinate to ssl_tls13_prepare_hello_retry_request as it is more aligned with what the function does. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	fb508b8f21	tls13: Move state changes up to state main handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	63dc463ed6	tls13: Simplify switch to the inbound handshake keys on server side Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:21:13 +02:00
Ronald Cron	5afb904022	tls13: Move out of place handshake field reset Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	828aff6ead	tls13: Rename server_hello_coordinate to preprocess_server_hello Rename server_hello_coordinate to preprocess_server_hello as it is more aligned with what the function does. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	db5dfa1f1c	tls13: Move ServerHello fetch to the ServerHello top handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	9d6a545714	tls13: Re-organize EncryptedExtensions message parsing code Align the organization of the EncryptedExtensions message parsing code with the organization of the other message parsing codes. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	154d1b68d6	tls13: Fix wrong usage of MBEDTLS_SSL_CHK_BUF(_READ)_PTR macros Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	c80835943c	tls13: Fix pointer calculation before space check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	2827106199	tls13: Add missing buffer overread check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-28 09:18:42 +02:00
Ronald Cron	b94854f8e3	Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests TLS 1.3: Enable and add tests	2022-06-28 09:15:17 +02:00
Glenn Strauss	01d2f52a32	Inline mbedtls_x509_dn_get_next() in x509.h Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-27 14:20:07 -04:00
Dave Rodgman	f5b7082f6e	Merge pull request #5811 from polhenarejos/bug_x448 Fix order value for curve x448	2022-06-27 13:47:24 +01:00
Werner Lewis	9b0e940135	Fix case where final special char exceeds buffer Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-27 12:01:22 +01:00
Przemek Stekiel	9e30fc94f3	Remove redundant spaces Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-27 12:48:35 +02:00
Werner Lewis	b33dacdb50	Fix parsing of special chars in X509 DN values Use escape mechanism defined in RFC 1779 when parsing commas and other special characters in X509 DN values. Resolves failures when generating a certificate with a CSR containing a comma in subject value. Fixes #769. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-27 11:19:50 +01:00
Przemek Stekiel	6a5e01858f	ssl_tls13_parse_certificate_verify(): remove md dependency Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-27 11:53:13 +02:00
Przemek Stekiel	6230d0d398	mbedtls_x509_sig_alg_gets(): remove md dependency Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-27 11:19:04 +02:00
Ronald Cron	cf600bc07c	Comment fixes Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:49 +02:00
Ronald Cron	2b1a43c101	tls13: Add missing overread check in Certificate msg parsing. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:49 +02:00
Ronald Cron	ad8c17b9c6	tls: Add overread/overwrite check failure tracking Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:49 +02:00
Ronald Cron	e3dac4aaa1	tls13: Add Certificate msg parsing tests with invalid vector lengths Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-27 09:28:42 +02:00
Ronald Cron	07040bb179	Merge pull request #5951 from xkqian/tls13_add_alpn Add ALPN extension to the server side	2022-06-27 08:33:03 +02:00
Ronald Cron	9738a8d0fd	Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks TLS 1.3: Fix certificate key usage checks	2022-06-27 08:32:17 +02:00
Paul Elliott	668b31f210	Fix the wrong variable being used for TLS record size checks Fix an issue whereby a variable was used to check the size of incoming TLS records against the configured maximum prior to it being set to the right value. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-06-24 20:09:37 +01:00
Ronald Cron	1938588e80	tls13: Align some debug messages with TLS 1.2 ones Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-24 12:06:46 +02:00
XiaokangQian	0b776e282a	Change some comments for alpn Change-Id: Idf066e94cede9d26aa41d632c3a81dafcee38587 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-24 09:04:59 +00:00
Manuel Pégourié-Gonnard	93a7f7d7f8	Merge pull request #5954 from wernerlewis/x509_next_merged Add mbedtls_x509_dn_get_next function	2022-06-24 09:59:22 +02:00
XiaokangQian	95d5f549f1	Fix coding styles Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-24 05:42:15 +00:00
Przemek Stekiel	1b0ebdf363	Zeroize hkdf_label buffer Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-23 09:22:49 +02:00
Przemek Stekiel	38ab400dc4	Adapt code to be consistent with the existing code - init status to error - use simple assignment to status - fix code style (spaces) Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-23 09:05:40 +02:00
XiaokangQian	c740345c5b	Adress review comments Change Code styles Add test cases Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-23 03:24:12 +00:00
Gabor Mezei	96ec831385	Do not encrypt CCS records According to the TLS 1.3 standard the CCS records must be unencrypted. When a record is not encrypted the counter, used in the dynamic IV creation, is not incremented. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-22 17:07:21 +02:00
Gabor Mezei	7b39bf178e	Send dummy change_cipher_spec records from TLS 1.3 server Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-06-22 17:07:21 +02:00
XiaokangQian	acb3992251	Add ALPN extension to the server side CustomizedGitHooks: yes Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-22 06:34:58 +00:00
Przemek Stekiel	d5ae365b97	Use PSA HKDF-Extrat/Expand algs instead mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_xpand() Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-21 07:22:33 +02:00
Przemek Stekiel	88e7101d03	Remove mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_expand() Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-21 07:22:33 +02:00
Manuel Pégourié-Gonnard	a82a8b9f4b	Mark internal int SSL functions CHECK_RETURN_CRITICAL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:55 +02:00
Manuel Pégourié-Gonnard	a3115dc0e6	Mark static int SSL functions CHECK_RETURN_CRITICAL Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:52 +02:00
Manuel Pégourié-Gonnard	66b0d61718	Add comments when can_do() is safe to use Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Manuel Pégourié-Gonnard	b64fb62ead	Fix unchecked return value from internal function Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-06-20 21:12:29 +02:00
Gilles Peskine	e0469b5908	Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix Add a client hello cookie_len overflow test	2022-06-20 19:35:54 +02:00
Gilles Peskine	36aeb7f163	Merge pull request #5834 from mprse/HKDF_1 HKDF 1: PSA: implement HKDF_Expand and HKDF_Extract algorithms	2022-06-20 15:27:46 +02:00
Werner Lewis	b3acb053fb	Add mbedtls_x509_dn_get_next function Allow iteration through relative DNs when X509 name contains multi- value RDNs. Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-17 16:40:55 +01:00
Ronald Cron	30c5a2520e	tls13: Fix certificate key usage checks Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-17 08:49:52 +02:00
Ronald Cron	ca3c6a5698	Merge pull request #5817 from xkqian/tls13_add_server_name Tls13 add server name	2022-06-16 08:30:09 +02:00
Andrzej Kurek	755ddff25c	Fix print format in a debug message Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-15 07:32:02 -04:00
Andrzej Kurek	cbe14ec967	Improve variable extracting operations by using MBEDTLS_GET macros Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-15 07:17:28 -04:00
XiaokangQian	75fe8c7e54	Change place of ssl_tls13_check_ephemeral_key_exchange Change-Id: Id49172f7375e2a0771ad1216fb7eead808f0db3e Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-15 09:42:45 +00:00
XiaokangQian	fb665a8452	Adress the comments about styles and pick_cert Change-Id: Iee89a27aaea6ebc8eb01c6c9985487f081ef7343 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-15 03:57:21 +00:00
Andrzej Kurek	7cf872557a	Rearrange the session resumption code Previously, the transforms were populated before extension parsing, which resulted in the client rejecting a server hello that contained a connection ID. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-14 08:26:19 -04:00
Przemek Stekiel	69c4679b22	Adapt macro name to meet requested criteria: MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF->BUILTIN_ALG_ANY_HKDF Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-14 11:13:32 +02:00
XiaokangQian	07aad0710c	Refine function name ssl_tls13_pick_key_cert Change-Id: I821e1485d9cfcca88fa3e18d345766ea48c64250 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-14 05:35:09 +00:00
XiaokangQian	81802f43a2	Select certificate base on the received signature list Change-Id: Ife707db7fcfdb1e761ba86804cbf5dd766a5ee33 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-13 03:58:06 +00:00
Gilles Peskine	321a08944b	Fix bug whereby 0 was written as 0200 rather than 020100 0200 is not just non-DER, it's completely invalid, since there has to be a sign bit. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-10 20:13:33 +02:00
Gilles Peskine	ae25bb043c	Fix null pointer dereference in mpi_mod_int(0, 2) Fix a null pointer dereference when performing some operations on zero represented with 0 limbs: mbedtls_mpi_mod_int() dividing by 2, or mbedtls_mpi_write_string() in base 2. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-09 19:32:46 +02:00
Przemek Stekiel	75fe3fb1d7	psa_crypto.c: add MBEDTLS_PSA_BUILTIN_ALG_ANY_HKDF macro to limit number of #if conditions Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-09 14:44:55 +02:00
Andrzej Kurek	b58cf0d172	Split a debug message into two - for clarity Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-08 11:53:59 -04:00
Andrzej Kurek	078e9bcda6	Add the mbedtls prefix to ssl_check_dtls_clihlo_cookie Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-08 11:47:33 -04:00
Dave Rodgman	11930699f1	Merge pull request #5827 from wernerlewis/time_utc Use ASN1 UTC tags for dates before 2000	2022-06-08 13:54:19 +01:00
Paul Elliott	5f2bc754d6	Merge pull request #5792 from yuhaoth/pr/add-tls13-moving-state-tests Pr/add-tls13-moving-state-tests	2022-06-08 13:39:52 +01:00
Manuel Pégourié-Gonnard	3a833271aa	Merge pull request #5727 from SiliconLabs/feature/PSEC-3207-TLS13-hashing-HMAC-to-PSA Feature psec-3207 move TLS13 hashing and hmac to psa	2022-06-08 11:53:35 +02:00
XiaokangQian	96287d98d8	Remove the certificate key check against the received signature Change-Id: I07d8d46c58dec499f96cb7307fc0af15149d9df7 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-08 08:37:53 +00:00
pespacek	d9aaf768b5	Fixing CI complains. Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-08 09:44:11 +02:00
XiaokangQian	9850fa8e8d	Refine ssl_tls13_pick_cert() Change-Id: I5448095e280d8968b20ade8b304d139e399e54f1 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-08 07:02:41 +00:00
pespacek	b06acd734b	Fixing PSA return status Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-07 13:07:21 +02:00
XiaokangQian	23c5be6b94	Enable SNI test for both tls12 and tls13 Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22 CustomizedGitHooks: yes Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-07 09:43:13 +00:00
Ronald Cron	209cae9c42	tls13: server: Fix state update in CLIENT_CERTIFICATE The state should be updated only if the handler returns in success. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-07 10:58:22 +02:00
pespacek	670913f4dc	Fixing return value for ssl_tls13_write_certificate_body() Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-06-07 10:53:39 +02:00
Andrzej Kurek	cfb01948c8	Add cookie parsing tests to test_suite_ssl Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-06 15:29:15 -04:00
Andrzej Kurek	c8183cc492	Add missing sid_len in calculations of cookie sizes This could lead to a potential buffer overread with small MBEDTLS_SSL_IN_CONTENT_LEN. Change the bound calculations so that it is apparent what lengths and sizes are used. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-06-06 15:28:56 -04:00
Gilles Peskine	364fd8bb71	More SSL debug messages for ClientHello parsing In particular, be verbose when checking the ClientHello cookie in a possible DTLS reconnection. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-06-06 14:25:41 -04:00
Dave Rodgman	5e03d9e601	Merge pull request #5837 from robert-shade/robert-shade/add_subdirectory_support Allow building as a subdir	2022-06-06 14:11:06 +01:00
Przemek Stekiel	b57a44bf9b	is_kdf_alg_supported: Adapt impl to new build flags for HKDF EXTRACT/EXPAND Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-06 11:26:43 +02:00
Przemek Stekiel	cde3f783f5	Make info valid only after secret for HKDF-EXPAND + adapt tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-06 11:26:02 +02:00
Przemek Stekiel	0586f4c4ea	Make salt mandatory for HKDF-EXTRACT + adapt tests Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-06 11:25:43 +02:00
Przemek Stekiel	3e8249cde0	Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-03 16:18:15 +02:00
Przemek Stekiel	a29b488296	Optimize code by adding PSA_ALG_IS_ANY_HKDF macro Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-03 16:18:09 +02:00
XiaokangQian	129aeb9b0e	Update test cases and support sni ca override Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-06-02 09:29:18 +00:00
Przemek Stekiel	459ee35062	Fix typo and style Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-06-02 11:16:52 +02:00
Werner Lewis	acd01e58a3	Use ASN1 UTC tags for dates before 2000 Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-06-01 16:24:28 +01:00
Gilles Peskine	8399cccd2e	Merge pull request #5829 from paul-elliott-arm/fix_ct_uninit_memory_access Fix uninitialised memory access in constant time functions	2022-06-01 11:42:51 +02:00
Gilles Peskine	09858ae664	Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa Deprecate mbedtls_cipher_setup_psa()	2022-05-31 10:56:52 +02:00
Jerry Yu	0a92d6c8eb	fix move state to handshake over fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-05-31 15:06:04 +08:00
Kazuyuki Kimura	b88dbdded6	fix issue #2020 Fixed a bug that the little-endian Microblaze does not work when MBEDTLS_HAVE_ASM is defined. Signed-off-by: Kazuyuki Kimura <kim@wing.ocn.ne.jp> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-30 17:55:07 +01:00
Dave Rodgman	a3344f7bac	Merge pull request #5767 from leorosen/avoid-null-args Avoid potentially passing NULL arguments	2022-05-30 11:40:21 +01:00
XiaokangQian	0557c94fef	Add back SNI related code to validate_certificate Change-Id: I75883858016d4163cd7c64c3418eb3ca24fa46ea Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 08:10:53 +00:00
XiaokangQian	f2a942073e	Fix SNI test failure Change-Id: Id3fce36af9bc52cac858b473168451945aa974f4 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 08:07:16 +00:00
XiaokangQian	9b2b7716b0	Change mbedtls_ssl_parse_server_name_ext base on comments Change-Id: I4ae831925cb1899afafb7dc626bfad9be24a5c8c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 08:07:16 +00:00
XiaokangQian	40a3523eb7	Add support of server name extension to server side Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 08:07:16 +00:00
XiaokangQian	e7a5da597f	Remove SNI related code Change-Id: Ic44bdb27b1bdc5c9057078dfed936fc36bddebbe Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-30 00:59:29 +00:00
XiaokangQian	aca9048b5f	Change base on review Fix comments Add test cases for client authentication with empty certificate Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:11 +00:00
XiaokangQian	989f06d52d	Change some comments base on review Change-Id: I3db2b8ca8162eb368d2f17dfeffee8b25f9edf6f Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:11 +00:00
XiaokangQian	63e713e8ab	Fix comments Change-Id: Ib741f876f4d296df79565a2b8a2971918db1a77f Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:11 +00:00
XiaokangQian	c3017f620f	Remove useless guards and refine checking Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:47:10 +00:00
XiaokangQian	189ded2b07	Remove coordinate functions and change state machine in server side Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:46:13 +00:00
XiaokangQian	6b916b1616	Add client certificate parse and certificate verify Change-Id: I638db78922a03db6f8bd70c6c5f56fb60365547d Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-26 00:40:53 +00:00
Dave Rodgman	a636d1f192	Merge pull request #5714 from daverodgman/k-stachowiak_static-runtime-option-msvc Enable static linking of the common runtime in MSVC	2022-05-25 14:47:58 +01:00
Dave Rodgman	32c995afa3	Merge pull request #5724 from Biswa96/cmake-mingw cmake: Fix runtime library install location in mingw	2022-05-25 13:34:43 +01:00
Paul Elliott	8fba70f66c	Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup TLS 1.3: Add Finished Message and wrapup	2022-05-25 12:02:06 +01:00
pespacek	3493587e05	FEATURE: mbedtls_md() in ssl_tls13_write_certificate_verify_body() replaced withpsa_hash_compute() Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-05-23 13:10:48 +02:00
pespacek	a1378105cf	FEATURE: use psa_hash_xxx rather than mbedtls_md_xxx for TLS 1.3. ssl_tls13_parse_certificate_verify() Signed-off-by: pespacek <peter.spacek@silabs.com>	2022-05-23 13:10:47 +02:00
Manuel Pégourié-Gonnard	69e348db85	Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa Permissions 1: create `mbedtls_pk_can_do_ext()`	2022-05-23 10:58:32 +02:00
Robert Shade	591e729b54	Allow building as a subdir Fixes #5688 Signed-off-by: Robert Shade <robert.shade@gmail.com>	2022-05-21 12:55:12 -04:00

... 7 8 9 10 11 ...

9698 commits