Dave Rodgman
39bd5a655e
Address review comment
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 15:25:21 +01:00
Dave Rodgman
c50b717a19
Update a couple of ssl error codes
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 14:40:23 +01:00
Dave Rodgman
bed8927538
Correct some TLS alerts and error codes
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 12:06:44 +01:00
Dave Rodgman
bb05cd09b7
Remove MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 10:41:06 +01:00
Dave Rodgman
53c8689e88
Introduce new TLS error codes
...
Introduce new codes:
* MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION
* MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL
These are returned when the corresponding alert is raised.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 10:02:06 +01:00
Dave Rodgman
096c41111e
Remove MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 09:52:06 +01:00
Dave Rodgman
43fcb8d7c1
Address review feedback
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-29 08:57:19 +01:00
Dave Rodgman
e8dbd53966
Update error code for cert parsing failure
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-28 12:35:08 +01:00
Dave Rodgman
5f8c18b0d0
Update error code from ssl_parse_signature_algorithm
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-28 12:35:08 +01:00
Dave Rodgman
8f127397f8
Update alert message for parsing PSK hint
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
77b4a6592a
Address review feedback
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
2fc9a652bc
Address review feedback
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
90d59dddf5
Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
c3411d4041
Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
9ed1ba5926
Rename MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
...
New name MBEDTLS_ERR_SSL_BAD_CERTIFICATE
Also, replace some instances of MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
by MBEDTLS_ERR_SSL_DECODE_ERROR and MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER
as fit.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
5697af0d3d
Remove MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
cbc8f6fd5d
Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-28 12:35:08 +01:00
Hanno Becker
a0ca87eb68
Remove MBEDTLS_ERR_SSL_BAD_HS_FINISHED
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
d934a2aafc
Remove MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
d3eec78258
Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
666b5b45f7
Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
029cc2f97b
Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
b24e74bff7
Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP error code
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
241c19707b
Remove MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Hanno Becker
bc00044279
Rename MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION
...
New name is MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-06-28 12:35:07 +01:00
Dave Rodgman
10bda58b49
Merge pull request #4259 from CJKay/cmake-config
...
Add CMake package config file
2021-06-25 20:32:13 +01:00
Dave Rodgman
63ad854de8
Merge pull request #4712 from daverodgman/psa_cipher_and_mac_abort_on_error
...
Psa cipher and mac abort on error
2021-06-25 15:39:59 +01:00
Dave Rodgman
90d1cb83a0
Use more standard label name
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-25 09:09:02 +01:00
Ronald Cron
3698fa1043
Merge pull request #4673 from gilles-peskine-arm/psa_crypto_spm-from_platform_h
...
Fix and test the MBEDTLS_PSA_CRYPTO_SPM build
2021-06-25 09:01:08 +02:00
Gilles Peskine
1fed4b8324
Merge pull request #4720 from gilles-peskine-arm/gcm-finish-outlen
...
Add output_length parameter to mbedtls_gcm_finish
2021-06-24 20:02:40 +02:00
Dave Rodgman
8036bddb01
Tidy up logic in psa_mac_sign_finish
...
Simplify the logic in psa_mac_sign_finish.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 16:19:08 +01:00
Dave Rodgman
b5dd7c794d
Correct coding style issues
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 16:17:43 +01:00
Dave Rodgman
54648243cd
Call abort on error in psa_mac/cipher setup
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 11:49:45 +01:00
Dave Rodgman
685b6a742b
Update multipart hash operations to abort on error
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-24 11:49:14 +01:00
Gilles Peskine
fedd52ca19
Merge pull request #4707 from gilles-peskine-arm/require-matching-hashlen-rsa-implementation
...
Require matching hashlen in RSA functions: implementation
2021-06-24 10:28:20 +02:00
Gilles Peskine
5a7be10419
Add output_length parameter to mbedtls_gcm_finish
...
Without this parameter, it would be hard for callers to know how many bytes
of output the function wrote into the output buffer. It would be possible,
since the cumulated output must have the same length as the cumulated input,
but it would be cumbersome for the caller to keep track.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 21:51:32 +02:00
Dave Rodgman
38e62aebc3
Update cipher and mac functions to abort on error
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-06-23 18:59:17 +01:00
Gilles Peskine
f06b92d724
Merge pull request #4567 from mstarzyk-mobica/gcm_ad
...
Enable multiple calls to mbedtls_gcm_update_ad
2021-06-23 19:36:23 +02:00
Dave Rodgman
cb17fc34cf
Merge pull request #4671 from mpg/x509-crt-profile-public
...
Make the fields of mbedtls_x509_crt_profile public
2021-06-23 16:06:12 +01:00
Ronald Cron
4f7cc1bb63
Merge pull request #4713 from gilles-peskine-arm/psa-storage-format-test-lifetimes-3.0
...
PSA storage format: test lifetimes
Almost straightforward of #4392 thus merging with only one approval.
2021-06-23 15:22:03 +02:00
Janos Follath
aa5938edb3
Merge pull request #4703 from gilles-peskine-arm/mpi_montmul-null-3.0
...
Fix several bugs with the value 0 in bignum
2021-06-23 13:40:14 +01:00
Mateusz Starzyk
939a54cda3
Fix typos and style issues.
...
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
2021-06-23 14:30:15 +02:00
Gilles Peskine
f9a046ecb5
Remove duplicate wipe call in psa_destroy_key
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:53:56 +02:00
Gilles Peskine
6687cd07f3
Refuse to destroy read-only keys
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:44:35 +02:00
Gilles Peskine
87bc91c13b
Forbid creating a read-only key
...
The persistence level PSA_KEY_PERSISTENCE_READ_ONLY can now only be used
as intended, for keys that cannot be modified through normal use of the API.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
f5f07c847a
Fix mbedtls_psa_get_stats for keys with fancy lifetimes
...
mbedtls_psa_get_stats() was written back before lifetimes were
structured as persistence and location. Fix its classification of
volatile external keys and internal keys with a non-default
persistence.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-23 13:43:08 +02:00
Gilles Peskine
c9d86a05ce
Merge pull request #4665 from yanesca/issue-3990-fix_psa_verify_with_alt
...
Fix PSA RSA PSS verify with ALT implementations
2021-06-23 11:47:38 +02:00
Gilles Peskine
e9bc857327
Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export
...
Implement modified key export API for Mbed TLS 3.0
2021-06-22 18:52:37 +02:00
Gilles Peskine
6e3187b212
RSA: Use hashlen as the hash input size as documented
...
Where hashlen was previously ignored when the hash length could be
inferred from an md_alg parameter, the two must now match.
Adapt the existing tests accordingly. Adapt the sample programs accordingly.
This commit does not add any negative testing.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 18:39:53 +02:00
Gilles Peskine
b09c7eea97
Correct some statements about the ordering of A and B
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-22 12:47:21 +02:00