Dave Rodgman
dc1a3b2d70
Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0
...
Cleanup SSL error code space
2021-06-30 09:02:55 +01:00
Dave Rodgman
c628fc980f
Correct and clarify the SSL error code documentation
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 14:36:19 +01:00
Dave Rodgman
03edc8614f
Fix docs in error.h
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 11:06:18 +01:00
Dave Rodgman
bb05cd09b7
Remove MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 10:41:06 +01:00
Dave Rodgman
53c8689e88
Introduce new TLS error codes
...
Introduce new codes:
* MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION
* MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL
These are returned when the corresponding alert is raised.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 10:02:06 +01:00
Dave Rodgman
096c41111e
Remove MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 09:52:06 +01:00
Ronald Cron
8682faeb09
Merge pull request #4694 from gilles-peskine-arm/out_size-3.0
...
Add output size parameter to signature functions
2021-06-29 09:43:17 +02:00
Dave Rodgman
55a4d938d0
Merge pull request #4589 from bensze01/split_config
...
Add a level of indirection to config file inclusion
2021-06-28 17:54:51 +01:00
Bence Szépkúti
e55a821f0e
Remove explicit link to MBEDTLS_CONFIG_FILE
...
This symbol is not declared in our code, so trying to explicitly
link to it causes a doxygen error.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 15:15:56 +01:00
Bence Szépkúti
5e2743f284
Mention MBEDTLS_CONFIG_FILE in build_info.h docs
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 14:32:01 +01:00
Bence Szépkúti
9cd7065307
No other headers are included by mbedtls_config.h
...
These have been moved to build_info.h. Update the documentation to
reflect this.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 14:29:42 +01:00
Hanno Becker
b561bedadd
Make MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE more generic
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
90d59dddf5
Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
c3411d4041
Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
9ed1ba5926
Rename MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
...
New name MBEDTLS_ERR_SSL_BAD_CERTIFICATE
Also, replace some instances of MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
by MBEDTLS_ERR_SSL_DECODE_ERROR and MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER
as fit.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
5697af0d3d
Remove MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
cbc8f6fd5d
Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
a0ca87eb68
Remove MBEDTLS_ERR_SSL_BAD_HS_FINISHED
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
d200296f17
Remove MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
d934a2aafc
Remove MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
d3eec78258
Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
666b5b45f7
Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
029cc2f97b
Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
b24e74bff7
Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP error code
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
d01fc5f583
Introduce MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE error code
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
241c19707b
Remove MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
bc00044279
Rename MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION
...
New name is MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
93636cce4a
Add MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
2fe5f61e1a
Add generic codes for syntactic and semantic message parsing errors
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Bence Szépkúti
1b2a8836c4
Correct documentation references to Mbed TLS
...
Use the correct formatting of the product name in the documentation.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 10:37:19 +01:00
Bence Szépkúti
a1d1f5b84f
Fix typo
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:49:04 +01:00
Janos Follath
8a88f6274c
Merge pull request #4726 from athoelke/at-pbkdf2-doc-fixes
...
Fixes for PBKDF2 documentation
2021-06-28 09:47:57 +01:00
Bence Szépkúti
5c70c140b7
Remove def directive for version symbol
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:49 +01:00
Bence Szépkúti
1cafe5ce20
Base config compat check on MBETLS_VERSION_NUMBER
...
Any config with a version older than 3.0.0 or newer than
MBETLS_VERSION_NUMBER will be rejected.
This does mean that the current development version doesn'T accept *any*
value of MBETLS_CONFIG_VERSION, but this will be fixed when we bump the
version during our normal release process.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
fc04aa2be5
Remove MBEDTLS_USER_CONFIG_VERSION handling
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
2bb7456334
Base the config version on MBEDTLS_VERSION_NUMBER
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
b2e23de0f3
Make config version symbols optional
...
Also remove them from the example configs, but keep the one in
mbedtls_config.h.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
04982f7b6b
Move version defines to build_info.h
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:48 +01:00
Bence Szépkúti
d3da503c29
Move comment closer to relevant code
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:47 +01:00
Bence Szépkúti
ba7248abc4
Introduce versioning in the config files
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:47 +01:00
Bence Szépkúti
bb0cfeb2d4
Rename config.h to mbedtls_config.h
...
This commit was generated using the following script:
# ========================
#!/bin/sh
git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i '
s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g
s/config\.h/mbedtls_config.h/g
y/\n/./
'
mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:33 +01:00
Bence Szépkúti
c5c9eb4741
Move preprocessor logic to build_info.h
...
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:24:42 +01:00
Bence Szépkúti
c662b36af2
Replace all inclusions of config.h
...
Also remove preprocessor logic for MBEDTLS_CONFIG_FILE, since
build_info.h alreadyy handles it.
This commit was generated using the following script:
# ========================
#!/bin/sh
git ls-files | grep -v '^include/mbedtls/build_info\.h$' | xargs sed -b -E -i '
/^#if !?defined\(MBEDTLS_CONFIG_FILE\)/i#include "mbedtls/build_info.h"
//,/^#endif/d
'
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:24:07 +01:00
Bence Szépkúti
5ab7303409
Introduce a level of indirection in config header
...
Create a separate header file (mbedtls/build_info.h) to use when
depending on the config options defined in config.h.
Also copy the handling of the MBEDTLS_CONFIG_FILE macro into the new
header, so that the next commit can remove this code from every other
place where config.h used to be included.
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:14:17 +01:00
Andrew Thoelke
52d18cd9a4
Remove trailing space
...
Signed-off-by: Andrew Thoelke <andrew.thoelke@arm.com>
2021-06-25 11:03:57 +01:00
Ronald Cron
3698fa1043
Merge pull request #4673 from gilles-peskine-arm/psa_crypto_spm-from_platform_h
...
Fix and test the MBEDTLS_PSA_CRYPTO_SPM build
2021-06-25 09:01:08 +02:00
Gilles Peskine
f00f152444
Add output size parameter to signature functions
...
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.
No change to RSA because for RSA, the output size is trivial to calculate.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-25 00:46:22 +02:00
Gilles Peskine
1fed4b8324
Merge pull request #4720 from gilles-peskine-arm/gcm-finish-outlen
...
Add output_length parameter to mbedtls_gcm_finish
2021-06-24 20:02:40 +02:00
Andrew Thoelke
a0f4b595c5
Fixes for PBKDF2 documentation
...
Fix typos in the PBKDF2 documentation
Correct the constraints on PSA_KEY_USAGE_DERIVE and PSA_KEY_USAGE_VERIFY_DERIVATION, aligning them with the note against psa_key_derivation_input_key(). All key inputs must have the required usage flag to permit output or verification.
Correct the constraints on PSA_KEY_DERIVATION_INPUT_SECRET and PSA_KEY_DERIVATION_INPUT_PASSWORD, aligning them with 4feb611
. psa_key_derivation_verify_key() does not require the secret/password input to be a key.
Signed-off-by: Andrew Thoelke <andrew.thoelke@arm.com>
2021-06-24 16:47:14 +01:00
Gilles Peskine
fedd52ca19
Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation
...
Require matching hashlen in RSA functions: implementation
2021-06-24 10:28:20 +02:00