AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
16,827 Commits 1 Branch 0 Tags 61 MiB
1f91878281
Commit Graph

4782 Commits

Author SHA1 Message Date
Gilles Peskine
69813477b0
Merge pull request #4758 from paul-elliott-arm/fix_cipher_output_size 
Fix divide by zero if macro used with wrong key type
 2021-07-30 18:56:18 +02:00
Dave Rodgman
677c6c4cac
Merge pull request #4801 from hanno-arm/ssl_session_exported_private 
Explicitly mark fields as private via MBEDTLS_PRIVATE(...)
 2021-07-30 14:39:07 +01:00
Manuel Pégourié-Gonnard
b637150dfe
Merge pull request #4730 from TRodziewicz/finish_removing_tls_1.0_and_1.1 
Remove all TLS 1.0 and 1.1 instances and add some compatibility tests
 2021-07-27 09:42:53 +02:00
Gilles Peskine
3b9bea0757
Merge pull request #4750 from yutotakano/fix-reserved-identifier-clash 
Replace reserved identifier clashes with suitable replacements
 2021-07-22 16:20:56 +02:00
Hanno Becker
0379942744 Explicitly mark mbedtls_ssl_config.respect_cli_pref as private 
This was always intended to be explicitly marked private.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-07-22 11:37:05 +01:00
Hanno Becker
95832d8872 Explicitly mark mbedtls_ssl_session.exported as private 
This was an oversight during concurrent merging
in the run-up to Mbed TLS 3.0.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-07-22 11:37:01 +01:00
Paul Elliott
6603e2b81c Add fix to update output size macro as well. 
Same issue with zero block length applies here.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-14 12:39:54 +01:00
Paul Elliott
c22950c9d0 Change PSA Cipher macro safety to use block length 
Although checking if the key was symmetric was correct, its easier to
read if we just check the block length is not zero before we use it in a
division.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-14 12:39:54 +01:00
Yuto Takano
538a0cbcf4 Replace _RR with prec_RR to prevent reserved identifier clashes 
Signed-off-by: Yuto Takano <yuto.takano@arm.com>
 2021-07-14 10:20:09 +01:00
Archana
ef6aa5c46d Support Curve448 via the PSA API 
Enable Curve448 support
Add test vectors to evaluate
* RFC 7748
* a known-answer public key export test.
* a known-answer ECDH (X448) test.

Signed-off-by: Archana <archana.madhavan@silabs.com>
 2021-07-12 08:07:14 +05:30
Paul Elliott
a02003babe Fix divide by zero if macro used with wrong key 
If PSA_CIPHER_ENCRYPT_OUTPUT_SIZE was called on a non symmetric key,
then a divide by zero could happen, as PSA_CIPHER_BLOCK_LENGTH will
return 0 for such a key, and PSA_ROUND_UP_TO_MULTIPLE will divide by the
block length.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-07-07 17:24:46 +01:00
Dave Rodgman
1bc9e934e2 Manual updates to version information 
This covers a few files that were missed by scripts/bump_version.sh

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-07-01 09:26:12 +01:00
Dave Rodgman
9f5774f56d
Merge pull request #4739 from gabor-mezei-arm/3258_fp30_implement_one-shot_MAC_and_cipher 
Implement one-shot cipher
 2021-06-30 17:04:23 +01:00
Dave Rodgman
0a7ff4a4e2
Merge pull request #4741 from gabor-mezei-arm/3267_fp30_sign_verify_key_policies 
Key policy extension for PSA_KEY_USAGE_SIGN/VERIFY_HASH
 2021-06-30 14:50:57 +01:00
gabor-mezei-arm
47060db199 Give a better name for struct member 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-30 10:45:58 +02:00
Dave Rodgman
dc1a3b2d70
Merge pull request #4724 from hanno-arm/ssl_hs_parse_error_3_0 
Cleanup SSL error code space
 2021-06-30 09:02:55 +01:00
gabor-mezei-arm
42cdb2a90b
Fix struct initialization 
Fix initialization of mbedtls_psa_cipher_operation_t by not initializing the mbedtls_cipher_context_t typed field completely.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 19:49:00 +02:00
gabor-mezei-arm
43110b6b2c Do key usage policy extension when loading keys 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 17:05:49 +02:00
gabor-mezei-arm
86bf008782 Extend PSA_USAGE_SIGN/VERIFY_HASH key policies 
According to the PSA specification the PSA_USAGE_SIGN_HASH has the
permission to sign a message as PSA_USAGE_SIGN_MESSAGE. Similarly the
PSA_USAGE_VERIFY_HASH has the permission to verify a message as
PSA_USAGE_VERIFY_MESSAGE. These permission will also be present when
the application queries the usage flags of the key.

Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-06-29 17:01:48 +02:00
Dave Rodgman
c628fc980f Correct and clarify the SSL error code documentation 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 14:36:19 +01:00
Dave Rodgman
03edc8614f Fix docs in error.h 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 11:06:18 +01:00
Dave Rodgman
bb05cd09b7 Remove MBEDTLS_ERR_SSL_NO_CIPHER_CHOSEN 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 10:41:06 +01:00
Dave Rodgman
53c8689e88 Introduce new TLS error codes 
Introduce new codes:
* MBEDTLS_ERR_SSL_UNSUPPORTED_EXTENSION
* MBEDTLS_ERR_SSL_NO_APPLICATION_PROTOCOL

These are returned when the corresponding alert is raised.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 10:02:06 +01:00
Dave Rodgman
096c41111e Remove MBEDTLS_ERR_SSL_NO_USABLE_CIPHERSUITE 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-29 09:52:06 +01:00
Ronald Cron
8682faeb09
Merge pull request #4694 from gilles-peskine-arm/out_size-3.0 
Add output size parameter to signature functions
 2021-06-29 09:43:17 +02:00
Dave Rodgman
55a4d938d0
Merge pull request #4589 from bensze01/split_config 
Add a level of indirection to config file inclusion
 2021-06-28 17:54:51 +01:00
Bence Szépkúti
e55a821f0e Remove explicit link to MBEDTLS_CONFIG_FILE 
This symbol is not declared in our code, so trying to explicitly
link to it causes a doxygen error.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 15:15:56 +01:00
Bence Szépkúti
5e2743f284 Mention MBEDTLS_CONFIG_FILE in build_info.h docs 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 14:32:01 +01:00
Bence Szépkúti
9cd7065307 No other headers are included by mbedtls_config.h 
These have been moved to build_info.h. Update the documentation to
reflect this.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 14:29:42 +01:00
TRodziewicz
2abf03c551 Remove all TLS 1.0 and 1.1 instances and add some compatibility tests 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-06-28 14:36:37 +02:00
Hanno Becker
b561bedadd Make MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE more generic 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
90d59dddf5 Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_HELLO 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
c3411d4041 Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
9ed1ba5926 Rename MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE 
New name MBEDTLS_ERR_SSL_BAD_CERTIFICATE

Also, replace some instances of MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE
by MBEDTLS_ERR_SSL_DECODE_ERROR and MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER
as fit.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
5697af0d3d Remove MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_REQUEST 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
cbc8f6fd5d Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_KEY_EXCHANGE 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-06-28 12:35:08 +01:00
Hanno Becker
a0ca87eb68 Remove MBEDTLS_ERR_SSL_BAD_HS_FINISHED 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
d200296f17 Remove MBEDTLS_ERR_SSL_BAD_HS_CHANGE_CIPHER_SPEC 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
d934a2aafc Remove MBEDTLS_ERR_SSL_BAD_HS_CERTIFICATE_VERIFY 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
d3eec78258 Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_CS 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
666b5b45f7 Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
029cc2f97b Remove MBEDTLS_ERR_SSL_BAD_HS_SERVER_HELLO_DONE 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
b24e74bff7 Remove MBEDTLS_ERR_SSL_BAD_HS_CLIENT_KEY_EXCHANGE_RP error code 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
d01fc5f583 Introduce MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE error code 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
241c19707b Remove MBEDTLS_ERR_SSL_BAD_HS_NEW_SESSION_TICKET 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
bc00044279 Rename MBEDTLS_ERR_SSL_BAD_HS_PROTOCOL_VERSION 
New name is MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
93636cce4a Add MBEDTLS_ERR_SSL_UNRECOGNIZED_NAME 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Hanno Becker
2fe5f61e1a Add generic codes for syntactic and semantic message parsing errors 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-28 12:35:07 +01:00
Bence Szépkúti
1b2a8836c4 Correct documentation references to Mbed TLS 
Use the correct formatting of the product name in the documentation.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 10:37:19 +01:00
Bence Szépkúti
a1d1f5b84f Fix typo 
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2021-06-28 09:49:04 +01:00