mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-10 04:13:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
19,334 Commits 174 Branches 263 Tags
Commit Graph

8494 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data 
server certificate selection callback
 2022-03-10 11:51:42 +01:00
Przemek Stekiel
fd32e9609b ssl_parse_client_key_exchange(): read the curve identifier and the peer's public key and compute the shared secret using PSA 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-09 16:01:59 +01:00
Przemek Stekiel
b6ce0b6cd8 ssl_prepare_server_key_exchange(): generate a private/public key and write out the curve identifier and public key using PSA 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-09 16:01:50 +01:00
Ronald Cron
5bb8fc830a Call Certificate writing generic handler only if necessary 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
3f20b77517 Improve comment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
00d012f2be Fix type of force_flush parameter 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
9f55f6316e Move state change from CSS states to their main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
3addfa4964 Move state change from WRITE_CLIENT_HELLO to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
66dbf9118e TLS 1.3: Do not send handshake data in handshake step handlers 
Send data (call to mbedtls_ssl_flush_output()) only from
the loop over the handshake steps. That way, we do not
have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE
error code) on the network in handshake step handlers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron
9df7c80c78 TLS 1.3: Always go through the CLIENT_CERTIFICATE state 
Even if certificate authentication is disabled at build
time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state.
It simplifies overall the code for a small code size
cost when certificate authentication is disabled at build
time. Furthermore that way we have only one point in the
code where we switch to the handshake keys for record
encryption.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:50:08 +01:00
Paul Elliott
17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn 
Port ALPN support for tls13 client from tls13-prototype
 2022-03-08 17:53:38 +00:00
Manuel Pégourié-Gonnard
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c 
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
 2022-03-08 11:43:45 +01:00
Przemek Stekiel
c85f0912c4 psa_crypto.c, test_suite_psa_crypto.function: fix style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-08 11:37:54 +01:00
Gilles Peskine
44311f5c98
Merge pull request #5571 from superna9999/5162-pk-rsa-signing 
PK: RSA signing
 2022-03-07 17:09:14 +01:00
Gilles Peskine
15364ffb03
Merge pull request #5579 from SiliconLabs/erase_secret_before_free 
Erase secrets in allocated memory before freeing said memory
 2022-03-07 17:04:04 +01:00
Neil Armstrong
6d5baf5f1e Use PSA MAC verify API in mbedtls_ssl_cookie_check() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
Neil Armstrong
be52f500c8 Use PSA_ALG_TRUNCATED_MAC() to limit to COOKIE_HMAC_LEN in mbedtls_ssl_cookie_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
Neil Armstrong
7cd0270d6c Drop mutex in mbedtls_ssl_cookie_ctx when PSA is used 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
Neil Armstrong
2217d6f825 Generate cookie MAC key with psa_generate_key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-07 14:33:21 +01:00
pespacek
b9ca22dead Improving readability of x509_crt and x509write_crt for PR 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-03-07 13:59:44 +01:00
pespacek
d924e55944 Improving readability of x509_crt and x509write_crt 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-03-07 13:31:54 +01:00
Przemek Stekiel
7fc0751f78 Restore build options for mbedtls_ecc_group_of_psa() and related functions 
Additional issue created to simplifiy usage of BUILTIN_KEY_TYPE_xxx && BUILTIN_ALG_yy macros https://github.com/ARMmbed/mbedtls/issues/5596

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-06 20:43:46 +01:00
Neil Armstrong
77b69ab971 Remove non-PSA MAC key in mbedtls_ssl_cookie_ctx 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 14:45:45 +01:00
Neil Armstrong
23d34ce372 Use PSA HMAC API in ssl_cookie_hmac() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 14:45:45 +01:00
Neil Armstrong
d633201279 Import PSA HMAC key in mbedtls_ssl_cookie_setup() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 14:45:18 +01:00
Andrzej Kurek
09e803ce0d Provide a dummy implementation of timing.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Andrzej Kurek
108bf520e0 Add a missing guard for time.h in net_sockets.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Daniel Axtens
f071024bf8 Do not include time.h without MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 05:07:45 -05:00
Neil Armstrong
bca99ee0ac Add PSA key in mbedtls_ssl_cookie_ctx 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-04 10:20:20 +01:00
Neil Armstrong
e87804920a Use new PSA to mbedtls PK error mapping functions in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:54:16 +01:00
Neil Armstrong
b556a42656 Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong
f47135756c Map INVALID_PADDING from PSA to MbedTLS error in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong
0d46786034 Fix style issue in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong
f1b564bb8d Check psa_destroy_key() return in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong
18f43c7304 PK: RSA decrypt PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:52:47 +01:00
Neil Armstrong
e4edcf761d Use new PSA to mbedtls PK error mapping functions in ecdsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:46:41 +01:00
Neil Armstrong
ff70f0bf77 Check psa_destroy_key() return in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
edcc73c992 Fix 80 characters indentation in ecdsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
dab14de96a Use now shared ECP_PRV_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
15021659d1 Move pk_ecdsa_sig_asn1_from_psa() before ecdsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
5874aa38f7 Fix style issue in find_ecdsa_private_key() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
cf5a215a43 Check psa_destroy_key() return in rsa_verify_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
e960690b89 PK: ECDSA signing PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:44:06 +01:00
Neil Armstrong
db69c5213f Use new PSA to mbedtls PK error mapping functions in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:41:23 +01:00
Neil Armstrong
66fa769ae8 Fix 80 characters indentation in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong
4b1a059f7d Use now shared RSA_PRV_DER_MAX_BYTES define in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong
48a9833cdf Check psa_destroy_key() return in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong
e4f28688fd Fix comment typo in rsa_sign_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong
9854568204 PK: RSA signing PSA wrap implementation 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:39:39 +01:00
Neil Armstrong
3770e2483f Use new PSA to mbedtls PK error mapping functions in pk_wrap.c 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-03 16:37:33 +01:00