Commit Graph

8853 Commits

Author SHA1 Message Date
Gilles Peskine
09858ae664
Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa
Deprecate mbedtls_cipher_setup_psa()
2022-05-31 10:56:52 +02:00
Dave Rodgman
a3344f7bac
Merge pull request #5767 from leorosen/avoid-null-args
Avoid potentially passing NULL arguments
2022-05-30 11:40:21 +01:00
XiaokangQian
e7a5da597f Remove SNI related code
Change-Id: Ic44bdb27b1bdc5c9057078dfed936fc36bddebbe
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-30 00:59:29 +00:00
XiaokangQian
aca9048b5f Change base on review
Fix comments
Add test cases for client authentication with empty certificate

Change-Id: Id8a741ddd997ca92e36832f26088eb0e67830ad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:11 +00:00
XiaokangQian
989f06d52d Change some comments base on review
Change-Id: I3db2b8ca8162eb368d2f17dfeffee8b25f9edf6f
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:11 +00:00
XiaokangQian
63e713e8ab Fix comments
Change-Id: Ib741f876f4d296df79565a2b8a2971918db1a77f
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:11 +00:00
XiaokangQian
c3017f620f Remove useless guards and refine checking
Change-Id: I9cd3073826fc65c203e479d83bed72331ff8963d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:47:10 +00:00
XiaokangQian
189ded2b07 Remove coordinate functions and change state machine in server side
Change-Id: Id4abf78f493e77afc289409db691c9c61acde1d2
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:46:13 +00:00
XiaokangQian
6b916b1616 Add client certificate parse and certificate verify
Change-Id: I638db78922a03db6f8bd70c6c5f56fb60365547d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-26 00:40:53 +00:00
Dave Rodgman
a636d1f192
Merge pull request #5714 from daverodgman/k-stachowiak_static-runtime-option-msvc
Enable static linking of the common runtime in MSVC
2022-05-25 14:47:58 +01:00
Dave Rodgman
32c995afa3
Merge pull request #5724 from Biswa96/cmake-mingw
cmake: Fix runtime library install location in mingw
2022-05-25 13:34:43 +01:00
Paul Elliott
8fba70f66c
Merge pull request #5749 from yuhaoth/pr/add-tls13-finished-message-and-wrapup
TLS 1.3: Add Finished Message and wrapup
2022-05-25 12:02:06 +01:00
Manuel Pégourié-Gonnard
69e348db85
Merge pull request #5833 from superna9999/5826-create-mbedtls-pk-can-do-psa
Permissions 1: create `mbedtls_pk_can_do_ext()`
2022-05-23 10:58:32 +02:00
Neil Armstrong
81d391f773 Check when usage == 0 in mbedtls_pk_can_do_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 09:26:16 +02:00
Neil Armstrong
b80785f1a4 Comment typo fix in mbedtls_pk_can_do_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-20 09:25:55 +02:00
Gilles Peskine
e4d3a6a4e8
Merge pull request #5804 from superna9999/5797-remove-cipher-deps-tls
Remove Cipher dependencies in TLS
2022-05-19 21:02:12 +02:00
Dave Rodgman
afe149d76e
Merge pull request #5846 from bootstrap-prime/development
Fix typos in documentation and constants with typo finding tool
2022-05-19 16:53:32 +01:00
Paul Elliott
4283a6b121
Merge pull request #5736 from gilles-peskine-arm/psa-raw_key_agreement-buffer_too_small
Make psa_raw_key_agreement return BUFFER_TOO_SMALL
2022-05-19 16:06:02 +01:00
Neil Armstrong
084338d336 Change mbedtls_pk_can_do_ext() usage test logic for opaque keys
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-19 16:22:40 +02:00
Jerry Yu
e3d67cb263 Improve readability
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-19 15:33:10 +08:00
Jerry Yu
fd5ea0458f add compute application transform
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-19 14:29:48 +08:00
Jerry Yu
545432310d remove zeorize from keys
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-19 11:23:25 +08:00
Jerry Yu
cc0a13fcf8 remove unnecessary empty line
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-19 10:14:24 +08:00
bootstrap-prime
6dbbf44d78
Fix typos in documentation and constants with typo finding tool
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>
2022-05-18 14:15:33 -04:00
Neil Armstrong
8395d7a37d Change guard of mbedtls_ssl_cipher_to_psa() with USE_PSA_CRYPTO || SSL_PROTO_TLS1_3
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:24:34 +02:00
Neil Armstrong
0fa8ce3498 TLS 1.3 only have AEAD ciphers, drop the PSA_ALG_IS_AEAD() check in mbedtls_ssl_tls13_get_cipher_key_info()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
b818e16b29 Move out common PSA code from mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
e3b0b8ab67 Remove non-PSA code in mbedtls_ssl_tls13_generate_handshake_keys/mbedtls_ssl_tls13_generate_application_keys
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
93617245c3 Code style fixes
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
689557ca12 Make CIPHER_C guard code as alternate of USE_PSA_CRYPTO in mbedtls_ssl_ciphersuite_get_cipher_key_bitlen()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
4f4f271850 In mbedtls_ssl_tls13_generate_handshake_keys() and mbedtls_ssl_tls13_generate_application_keys(), avoid calling mbedtls_cipher_info_from_type()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
a8093f5c48 In mbedtls_ssl_tls13_populate_transform() make sure mbedtls_cipher_info_from_type() is only called when USE_PSA is disabled
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Neil Armstrong
801abb69a5 Provide a PSA definition of mbedtls_ssl_ciphersuite_get_cipher_key_bitlen() when MBEDTLS_USE_PSA_CRYPTO is defined
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-18 13:19:29 +02:00
Jerry Yu
bb2d47d956 Remove not used state
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 16:57:45 +08:00
Jerry Yu
e8c1fca67c move trafic set to generic
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 16:57:45 +08:00
Jerry Yu
d6e253ded9 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 16:57:45 +08:00
Jerry Yu
4d8567fa9e fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
03ed50ba6a Add handshake wrapup
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
ff2269889d Add client finished
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
27bdc7c6b6 Implement write server finish
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Jerry Yu
69dd8d4091 tls13:finished:add dummy frame work
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 09:58:48 +08:00
Ronald Cron
9edf51d8cd
Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext
Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3
CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h.
@RcColes if you eventually want to request some changes, they can be done in a follow-up PR.
2022-05-17 17:01:55 +02:00
Paul Elliott
a478441517
Merge pull request #5748 from yuhaoth/pr/add-tls13-write-certificate-and-verify
TLS1.3:Add Certificate and CertificateVerify message on Server Side
2022-05-17 15:47:36 +01:00
Paul Elliott
114203814a Better check for NULL pointer
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-05-17 15:01:20 +01:00
Neil Armstrong
bbb8b75f20 Fixup comment of mbedtls_pk_can_do_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:58:27 +02:00
Neil Armstrong
408f6a60a3 Add usage parameter to mbedtls_pk_can_do_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 14:23:20 +02:00
Neil Armstrong
dab56ba2bd Fix typo in mbedtls_pk_can_do_ext() code documentation
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-17 11:56:55 +02:00
Gilles Peskine
3e56130fb9 psa_raw_key_agreement: return BUFFER_TOO_SMALL when warranted
psa_raw_key_agreement() returned PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_BUFFER_TOO_SMALL when the output buffer was too small for ECDH,
the only algorithm that is currently implemented. Make it return the correct
error code.

The reason for the wrong error code is that ecdh.c returns
MBEDTLS_ERR_ECP_BAD_INPUT_DATA, presumably for similarith with dhm.c. It
might make sense to change ecdh.c to use MBEDTLS_ERR_ECP_BUFFER_TOO_SMALL,
but dhm.c doesn't have an existing BUFFER_TOO_SMALL error. To minimize the
impact of the fix, handle this in the PSA layer.

Fixes #5735.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-05-16 19:37:54 +02:00
Dave Rodgman
2a045325f9
Merge pull request #5766 from leorosen/fix-var-init
Add missing local variable initialization
2022-05-16 14:47:00 +01:00
Gilles Peskine
9b7e29663f
Merge pull request #4211 from ccawley2011/mingw
Fix compilation with MinGW32
2022-05-16 12:30:37 +02:00