Commit graph

12151 commits

Author SHA1 Message Date
Pengyu Lv
dbd1e0d986 tls13: add helpers to check if psk[_ephemeral] allowed by ticket
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-31 10:17:17 +08:00
Pengyu Lv
29daf4a36b tls13: server: fully check ticket_flags with available kex mode.
We need to fully check if the provided session ticket could be
used in the handshake, so that we wouldn't cause handshake
failure in some cases. Here we bring f8e50a9 back.

Example scenario:
A client proposes to a server, that supports only the psk_ephemeral
key exchange mode, two tickets, the first one is allowed only for
pure PSK key exchange mode and the second one is psk_ephemeral only.
We need to select the second tickets instead of the first one whose
ticket_flags forbid psk_ephemeral and thus cause a handshake
failure.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-31 09:34:14 +08:00
Pengyu Lv
cfb23b8090 tls13: server: parse pre_shared_key only when some psk is selectable
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-30 15:26:26 +08:00
Pengyu Lv
7b711710b2 Add check_ticket_flags helper function
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-10-24 17:07:14 +08:00
Pengyu Lv
ed5e4e86a5 Merge branch 'development' into issue/6935/ticket_flags-kex-mode-determination 2023-10-18 18:03:07 +08:00
Bence Szépkúti
195411bb17
Merge pull request #8062 from yanrayw/save_stack_usage_pkwrite
pkwrite: use heap to save stack usage for writing keys in PEM string
2023-10-13 14:27:13 +00:00
Gilles Peskine
97a6231b5c
Revert "Fix a few IAR warnings" 2023-10-13 11:39:53 +02:00
Dave Rodgman
2d67e3a07b
Merge pull request #8352 from daverodgman/iar-fixes
Fix a few IAR warnings
2023-10-13 09:20:28 +01:00
Tom Cosgrove
71f2e398bd
Merge pull request #8345 from mcagriaksoy/branch_issue_8344
Add missing casting size_t to int on ssl_tls13_keys.c
2023-10-12 18:39:33 +00:00
Dave Rodgman
584c8108b3 Use a block to save 12b
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-12 16:55:23 +01:00
Dave Rodgman
351a81c65d Keep initialisation of p in its original location
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-12 16:36:05 +01:00
Dave Rodgman
bcb1818e19 Fix IAR 'transfer of control bypasses initialization' warnings
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-12 16:23:11 +01:00
Dave Rodgman
54bb76e106
Merge pull request #8348 from kasjer/kasjer/aes-rcon-rename
Rename local variable in aes.c
2023-10-12 12:30:35 +00:00
Jerzy Kasenberg
ee62fceade Rename local variable in aes.c
This changes local variable name RCON to round_constants.

RCON being definition in xc32 compiler headers for some PIC32 register.
Without this change, mynewt project for PIC32 platform fails to build due to
macro redefinition.

This does not changes behavior of library in any way.

Signed-off-by: Jerzy Kasenberg <jerzy.kasenberg@codecoup.pl>
2023-10-11 16:36:24 +02:00
Mehmet Cagri Aksoy
56e9011bde Add casting size_t to int
Signed-off-by: Mehmet Cagri Aksoy <mcagriaksoy@yandex.com>
2023-10-11 15:28:06 +02:00
Mehmet Cagri Aksoy
66f9b3f810 Add casting size_t to int
Signed-off-by: Mehmet Cagri Aksoy <mcagriaksoy@yandex.com>
2023-10-11 15:26:23 +02:00
Ronald Cron
a89d2ba132
Merge pull request #8327 from ronald-cron-arm/adapt-psa-crypto-repo-name
Adapt to new PSA Crypto repo name
2023-10-11 06:45:30 +00:00
Ronald Cron
7871cb14a7 Include psa/build_info.h instead of mbedtls/build_info.h
In PSA headers include psa/build_info.h instead
of mbedtls/build_info.h. In Mbed TLS, both are
equivalent but not in TF-PSA-Crypto where
psa/build_info.h is the correct one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-10-10 09:35:22 +02:00
Dave Rodgman
e7ebec6723
Merge pull request #8281 from daverodgman/fix-hwonly-warnings
Improve AES hardware-only check
2023-10-09 11:25:50 +00:00
Dave Rodgman
866b3a1886
Merge pull request #8323 from tom-daubney-arm/fix_mbedtls_styling_docs
Correct styling of Mbed TLS in documentation
2023-10-06 19:10:10 +00:00
Thomas Daubney
540324cd21 Correct styling of Mbed TLS in documentation
Several bits of documentation were incorrectly styling Mbed TLS
as MbedTLS.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-10-06 17:07:24 +01:00
Paul Elliott
3677352631
Merge pull request #8308 from valeriosetti/issue8052
PKCS12: use one-shot API
2023-10-06 15:39:31 +00:00
Dave Rodgman
8e00fe0cd8
Merge pull request #8309 from daverodgman/iar-warnings2
Fix IAR warnings
2023-10-06 13:24:12 +00:00
Valerio Setti
f484884fba pkcs12: use mbedtls_cipher_crypt() instead of explicitly defining all steps
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-06 11:25:08 +02:00
Dave Rodgman
2eab462a8c Fix IAR warnings
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 13:30:37 +01:00
Minos Galanakis
4855fdf887 Revert "Auto-generated files for v3.5.0"
This reverts commit 591416f32b.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-05 00:17:21 +01:00
Minos Galanakis
e35e387ad7 Bump library so-crypto, so-x509, so-tls versions.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-04 16:17:46 +01:00
Minos Galanakis
8f4c19a680 Merge pull request #8273 from davidhorstmann-arm:target-prefix-3rdparty
Add MBEDTLS_TARGET_PREFIX to 3rdparty CMake
2023-10-04 16:03:22 +01:00
Minos Galanakis
591416f32b Auto-generated files for v3.5.0
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-04 00:55:02 +01:00
Minos Galanakis
31ca313efa Bump version to 3.5.0
```
./scripts/bump_version.sh --version 3.5.0
```

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-03 22:02:18 +01:00
Minos Galanakis
1a3ad265cc Merge branch 'development-restricted' into mbedtls-3.5.0rc0-pr
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2023-10-03 21:57:51 +01:00
Gilles Peskine
3713bee34c Remove leftover local debug line
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 18:43:18 +02:00
Gilles Peskine
7910cdd47f Avoid compiler warning about size comparison
GCC warns about comparing uint8_t to a size that may be >255.

Strangely, casting the uint8_t to a size_t in the comparison expression
doesn't avoid the warning. So change the type of the variable.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 16:11:05 +02:00
Gilles Peskine
530c423ad2 Improve some debug messages and error codes
On a parsing error in TLS, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE, not a
crypto error code.

On error paths, emit a level-1 debug message. Report the offending sizes.

Downgrade an informational message's level to 3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 15:42:11 +02:00
Gilles Peskine
c29df535ee Improve robustness of ECDH public key length validation
In client-side code with MBEDTLS_USE_PSA_CRYPTO, use the buffer size to
validate what is written in handshake->xxdh_psa_peerkey. The previous code
was correct, but a little fragile to misconfiguration or maintenance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 15:02:39 +02:00
Gilles Peskine
c8df898204 Fix buffer overflow in TLS 1.2 ClientKeyExchange parsing
Fix a buffer overflow in TLS 1.2 ClientKeyExchange parsing. When
MBEDTLS_USE_PSA_CRYPTO is enabled, the length of the public key in an ECDH
or ECDHE key exchange was not validated. This could result in an overflow of
handshake->xxdh_psa_peerkey, overwriting further data in the handshake
structure or further on the heap.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 15:02:33 +02:00
Gilles Peskine
12c5aaae57 Fix buffer overflow in TLS 1.3 ECDH public key parsing
Fix a buffer overflow in TLS 1.3 ServerHello and ClientHello parsing. The
length of the public key in an ECDH- or FFDH-based key exchange was not
validated. This could result in an overflow of handshake->xxdh_psa_peerkey,
overwriting further data in the handshake structure or further on the heap.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-02 15:02:10 +02:00
Dave Rodgman
a06d45ec4a Code style
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-29 18:59:34 +01:00
Gilles Peskine
16e9256fe8
Merge pull request #8272 from daverodgman/iar-warnings
Fix IAR warnings
2023-09-29 13:11:03 +00:00
Dave Rodgman
e81a632257 Restore missing #if
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-29 13:54:27 +01:00
Dave Rodgman
782df03553 Improve AES hardware-only check
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-29 13:04:36 +01:00
David Horstmann
de527fbfe0 Add MBEDTLS_TARGET_PREFIX to 3rdparty CMake
MBEDTLS_TARGET_PREFIX is prepended to the CMake targets for Mbed TLS
except for targets in 3rdparty. Change this so that 3rdparty targets use
the prefix as well.

This allows multiple copies of Mbed TLS to be used in the same CMake
tree when using code in the 3rdparty directory.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-09-28 18:39:33 +01:00
Dave Rodgman
90330a4a2d Fix IAR control bypasses initialisation warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 18:13:46 +01:00
Dave Rodgman
02a53d7bef Fix IAR pointless integer comparison
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 17:19:50 +01:00
Dave Rodgman
7e9af05409 Fix IAR control bypasses initialisation warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 17:08:49 +01:00
Dave Rodgman
73d8591f7f Fix IAR change of sign warning
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-09-28 17:00:50 +01:00
Gilles Peskine
42f8d5f0c9
Merge pull request #8261 from Mbed-TLS/fix-cmake-header-include
Add CMake include path for generated header
2023-09-28 15:16:15 +00:00
Manuel Pégourié-Gonnard
f07ce3b8ff Don't extend support for deprecated functions
Restore guards from the previous release, instead of the new, more
permissive guards.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-28 08:51:51 +02:00
Dave Rodgman
0fc86b2ddf
Merge pull request #8075 from valeriosetti/issue8016
driver-only ECC: curve acceleration macros
2023-09-27 14:39:02 +00:00
David Horstmann
b7b4f23c38 Add CMake include path for generated header
Now that we are generating psa_crypto_driver_wrappers.h, we need to pass
build/library as an include directory.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-09-27 14:05:32 +01:00