mbedtls

Author	SHA1	Message	Date
Jerry Yu	e18dc7eb9a	Add forbidden extensions check for ClientHello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	471dee5a12	Add debug helpers to track extensions Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Ronald Cron	04e2133f45	Merge pull request #6482 from ronald-cron-arm/tls13-misc TLS 1.3: Update documentation for the coming release and misc	2022-10-28 11:09:03 +02:00
Gilles Peskine	75c4eaf1f8	Merge pull request #5841 from aurel32/ecp_mul_mxz-timing-leak Fix a timing leak in ecp_mul_mxz()	2022-10-27 19:46:48 +02:00
Gilles Peskine	9603daddaa	Merge pull request #6230 from tom-cosgrove-arm/issue-6223-core-add Bignum: extract core_add from the prototype	2022-10-27 11:25:27 +02:00
Ronald Cron	77e15e8a2c	Merge pull request #6460 from xkqian/tls13_add_early_data_preparatory Internal and Open CI merge job ran successfully. Good to go.	2022-10-27 10:40:56 +02:00
Gilles Peskine	88f5fd9099	Merge pull request #6479 from AndrzejKurek/depends-py-no-psa Enable running depends.py in a configuration without MBEDTLS_USE_PSA_CRYPTO and remove perl dependency scripts	2022-10-26 20:02:57 +02:00
Gilles Peskine	d4d080b41b	Merge pull request #6407 from minosgalanakis/minos/6017_add_montgomery_constant_squared Bignum: Added pre-calculation of Montgomery constants	2022-10-26 14:28:16 +02:00
Ronald Cron	4f7feca0dc	Merge pull request #6391 from davidhorstmann-arm/fix-x509-get-name-cleanup The Open CI ran successfully thus I think we can ignore the internal CI.	2022-10-26 14:27:54 +02:00
Xiaokang Qian	72dbfef6e4	Improve coding styles Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-26 06:33:57 +00:00
Ronald Cron	eac00ad2a6	tls13: server: Note down client not being authenticated in SSL context Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-25 20:02:03 +02:00
Gilles Peskine	744fd37d23	Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0 Fix unusual macros	2022-10-25 19:55:29 +02:00
Ronald Cron	a709a0f2c6	tls13: Declare PSK ephemeral key exchange mode first In the PSK exchange modes extension declare first PSK ephemeral if we support both PSK ephemeral and PSK. This is aligned with our implementation giving precedence to PSK ephemeral over pure PSK and improve compatibility with GnuTLS. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-25 19:05:26 +02:00
Tom Cosgrove	6469fdfb0a	Fix whitespace issue spotted in review Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-10-25 16:29:58 +01:00
Tom Cosgrove	82f131063a	Update documentation following review comment Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-10-25 16:29:58 +01:00
Tom Cosgrove	af7d44b4d2	Tidy up, remove MPI_CORE(), apply the naming convention, and use the new mbedtls_mpi_core_add() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-10-25 16:29:58 +01:00
Hanno Becker	c98871339d	Extract MPI_CORE(add) from the prototype Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-10-25 16:29:58 +01:00
Minos Galanakis	a081c51cd3	Renamed mpi_core_get_mont_R2_unsafe_neg -> mpi_core_get_mont_r2_unsafe_neg Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:12:38 +01:00
Minos Galanakis	51d638baf6	bignum_core: Style update 'mbedtls_mpi_core_get_mont_R2_unsafe' aligns const keyword to match the style of the rest of the module. Documentation is also updated to remove `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED`. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:12:38 +01:00
Minos Galanakis	ae4fb671b4	mbedtls_mpi_core_get_mont_R2_unsafe: Removed NULL input checking Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:12:38 +01:00
Minos Galanakis	b85506e250	bignum_core.h: Comment update for mbedtls_mpi_core_get_mont_R2_unsafe Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:12:23 +01:00
Minos Galanakis	4f43f61c6a	Renamed mbedtls_mpi_get_montgomery_constant_unsafe to mpi_core_get_mont_R2_unsafe Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:12:23 +01:00
Hanno Becker	ec440f2397	bignum_mod_raw: Ported mbedtls_mpi_get_montgomery_constant_unsafe from prototype Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:08:08 +01:00
David Horstmann	3a334c2edc	Minor improvements to ssl_tls12_server.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-25 10:53:44 +01:00
David Horstmann	7aee0ec0ba	Minor improvements in ssl_client.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-25 10:38:25 +01:00
David Horstmann	6e11687ba5	Minor improvements to ecp.c changes Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-25 10:32:08 +01:00
David Horstmann	9b0eb90131	Rename ARIA_SELF_TEST_IF_FAIL Change to ARIA_SELF_TEST_ASSERT Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-25 10:23:34 +01:00
David Horstmann	059848ff23	Minor changes to asn1write.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-25 10:16:45 +01:00
Gilles Peskine	e5a715e8c0	Merge pull request #6449 from gilles-peskine-arm/bignum-core-shift_r Bignum core: shift_r	2022-10-25 10:40:39 +02:00
Xiaokang Qian	72de95dcf5	Move function mbedtls_ssl_tls13_conf_early_data to ssl_tls.c Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-25 05:34:25 +00:00
Xiaokang Qian	600804b0e7	Remove useless early data related macros for the time being Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-25 03:00:18 +00:00
Xiaokang Qian	54413b10c2	Add early data support preparatory work Add MBEDTLS_SSL_EARLY_DATA configuration option Define early_data_enabled field in mbedtls_ssl_config Add function mbedtls_ssl_conf_early_data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-25 03:00:18 +00:00
Andrzej Kurek	409248a73a	mbedtls_ssl_get_handshake_transcript is unusable without hashes Mark unused variables when compiling without SHA256 and SHA384. In future a proper dependency will be added to TLS 1.2 to enforce either of these hashes to be on. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-24 15:56:10 -04:00
Andrzej Kurek	57d1063db9	Fix tls_prf generic dependencies One version was already surrounded by the USE_PSA define, so the VIA_XX_OR_XX macros were removed; Second version is when USE_PSA is undefined, so MBEDTLS_ macros can be used. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-24 15:56:10 -04:00
Andrzej Kurek	468c50656e	Fix key exchange dependencies for ssl_parse_server_ecdh_params Resulting from particular configs in which this code is used. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-24 15:55:18 -04:00
Ronald Cron	083da8eb53	tls13: client: Improve coding style Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	a2900bcd1e	tls13: keys: Simplify code guard Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	766c0cdb1f	tls13: Add missing kex guards Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	82be0d4b4d	tls13: Do not use MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	de08cf3543	tls13: Do not use MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED instead. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	73fe8df922	Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to guard TLS code (both 1.2 and 1.3) specific to handshakes involving PSKs. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	e68ab4f55e	Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to guard TLS code (both TLS 1.2 and 1.3) specific to handshakes involving certificates. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	41a443a68d	tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard code specific to one of the TLS 1.3 key exchange mode with PSK. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	928cbd34e7	tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard code specific to the TLS 1.3 ephemeral key exchange mode. Use it also for the dependencies of TLS 1.3 only tests relying on ephemeral key exchange mode, but for tests in tls13-kex-modes.sh where the change is done later using all MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Gilles Peskine	abc6fbb8d7	Fix brief description Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-10-21 18:36:31 +02:00
Ronald Cron	d29e13eb1b	tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	2a87e9bf83	tls: Align set and usage check for PSK Check that the identity length is not zero in ssl_conf_set_psk_identity() as it is done in mbedtls_ssl_conf_has_static_psk(). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	fa1e04a7c4	tls13: keys: Fix PSK build only case When deriving the handshake stage master secret, in the case of a PSK only build, the only possible key exchange mode is PSK and there is no ephemeral key exchange shared secret in that case. Thus do not error out in that case in the first phae of the derivation dedicated to the shared secret. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	9a6a49c7cb	tls13: keys: Fail if the group type is not ECDHE or DHE Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00
Ronald Cron	b15d4d8966	tls13: keys: Fix error code Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:34:20 +02:00

1 2 3 4 5 ...

9675 commits