mbedtls

mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00

Author	SHA1	Message	Date
Valerio Setti	18c9fed857	tls: remove dependency from mbedtls_ecp_curve functions Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-03 13:03:34 +01:00
David Horstmann	e3d8f31ba1	Workaround Uncrustify parsing of "asm" The following code: #ifndef asm #define asm __asm #endif causes Uncrustify to stop correcting the rest of the file. This may be due to parsing the "asm" keyword in the definition. Work around this by wrapping the idiom in an INDENT-OFF comment wherever it appears. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-01-03 11:07:09 +00:00
Manuel Pégourié-Gonnard	7a389ddc84	Merge pull request #6784 from valeriosetti/issue6702 Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C	2023-01-03 09:36:58 +01:00
Janos Follath	b4b0bb737d	Merge pull request #5907 from mpg/use-psa-rsa-pss Use PSA more often in `pk_verify_ext()`	2022-12-30 12:33:50 +00:00
Gilles Peskine	b402e4bde1	Merge pull request #6595 from mfischer/lms_heap lms: Move merkle tree generation to heap allocation	2022-12-23 18:29:04 +01:00
Valerio Setti	326cf46764	test: improved readability in sha self tests Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-23 14:57:18 +01:00
Manuel Pégourié-Gonnard	676766ff77	Merge pull request #6776 from gabor-mezei-arm/6222_bignum_mod_mul Bignum: Implement fixed width modular multiplication	2022-12-23 10:39:30 +01:00
Manuel Pégourié-Gonnard	2fcb4c1d06	Merge pull request #6747 from gilles-peskine-arm/bignum-mod-random Bignum mod random	2022-12-23 10:36:22 +01:00
Valerio Setti	543d00ef6f	sha: remove SHA1 from ssl_cookie Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-22 14:27:34 +01:00
Manuel Pégourié-Gonnard	2510dd41bf	Merge pull request #6282 from gstrauss/sw_derive_y mbedtls_ecp_point_read_binary from compressed fmt	2022-12-22 10:20:31 +01:00
Manuel Pégourié-Gonnard	4dacf58d6d	Take advantage of now-public macro in pk.c Used to be private, hence the duplication, but that's been fixed in the meantime, I guess we just missed this occurrence. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-12-21 09:50:17 +01:00
Manuel Pégourié-Gonnard	6958355a51	Use PSA Crypto more often in pk_verify_ext() See https://github.com/Mbed-TLS/mbedtls/issues/5277 - strategy 1. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-12-21 09:49:57 +01:00
Gilles Peskine	e1d8326e90	Fix representation of mod-random output mbedtls_mpi_mod_raw_random() and mbedtls_mpi_mod_random() were producing output in the Montgomery representation, instead of obeying the representation chosen in the modulus structure. Fix this. Duplicate the test cases for mod-random output to have separate test cases for each representation. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-20 20:28:02 +01:00
Gilles Peskine	e655479528	Generalize representation handling in mbedtls_mpi_mod_read Call mbedtls_mpi_mod_raw_canonical_to_modulus_rep instead of assuming that anything that isn't MBEDTLS_MPI_MOD_REP_MONTGOMERY is canonical. mbedtls_mpi_mod_write should get the same treatment, but I'm holding off until https://github.com/Mbed-TLS/mbedtls/issues/6679 is done. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-20 19:55:51 +01:00
Gilles Peskine	eb2e77f617	Document modulus representation selectors Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-20 19:55:51 +01:00
Gilles Peskine	1e2a4d4089	Functions to convert raw residues to/from the modulus representation Test cases will be generated automatically by a subsequent commit. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-20 19:55:51 +01:00
Gabor Mezei	496cd37bac	Use equality checking for NULL value Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-12-20 17:30:20 +01:00
Gabor Mezei	2840884c35	Typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-12-20 17:30:19 +01:00
Gabor Mezei	6a31b7252d	Fix documentation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-12-20 17:30:19 +01:00
Gabor Mezei	9db81e9cca	Add mod_mul function Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-12-20 17:30:13 +01:00
Glenn Strauss	efde9d58de	remove duplicated consecutive preproc directives Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-12-20 04:20:12 -05:00
Manuel Pégourié-Gonnard	8b6d14be8b	Extract common code for computing X^3 + AX + B Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-12-20 04:17:03 -05:00
Glenn Strauss	452416121d	move mbedtls_ecp_sw_derive_y after MPI_ECP_ macros Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-12-19 21:25:27 -05:00
Glenn Strauss	fcabc28cfc	use MPI_ECP_* macros in mbedtls_ecp_sw_derive_y() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-12-19 21:24:50 -05:00
Gilles Peskine	e162b4725c	Merge pull request #6777 from tom-cosgrove-arm/issue-6292-mod_inv Bignum: Implement high level fixed width modular inversion	2022-12-17 13:26:02 +01:00
Gilles Peskine	cf86d70162	Merge pull request #6742 from gabor-mezei-arm/6022_bignum_mod_raw_mul Bignum: Implement fixed width raw modular multiplication	2022-12-17 13:25:43 +01:00
Tom Cosgrove	f723754f6d	Fix typos Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-16 16:10:36 +00:00
Glenn Strauss	cbfd5e9db7	comment Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-12-16 11:03:41 -05:00
Glenn Strauss	369bfb94c5	comments and whitespace Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-12-16 10:49:04 -05:00
Gabor Mezei	210ea63d8b	Fix documentation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-12-16 16:35:24 +01:00
Valerio Setti	e7221a21ad	test: adjust depends.py to new SHA224/SHA384 changes Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-16 14:43:48 +01:00
Tom Cosgrove	342d00bc22	Oops, use mbedtls_free() not plain free() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-16 11:02:06 +00:00
Gilles Peskine	b1eea02f74	Implement and test mbedtls_mpi_mod_random Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-16 10:13:29 +01:00
Gilles Peskine	a57cf9813a	Implement and test mbedtls_mpi_mod_raw_random In the basic/XXX=core test cases, use odd upper bounds, because the mod version of random() only supports odd upper bounds (the upper bound is a modulus and the mod modules only support odd moduli). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-16 10:13:29 +01:00
Manuel Pégourié-Gonnard	057b458583	Merge pull request #6766 from wernerlewis/bignum_mod_docs Bignum: document conventions for bignum mod and mod_raw	2022-12-16 09:58:36 +01:00
Manuel Pégourié-Gonnard	5bf8629b2c	Merge pull request #6303 from gilles-peskine-arm/bignum-core-random Bignum: Implement mbedtls_mpi_core_random	2022-12-16 09:58:07 +01:00
Gilles Peskine	d1dd41f3fc	Merge pull request #6723 from mpg/restartable-vs-use-psa Document ECP_RESTARTABLE and make it compatible with USE_PSA	2022-12-15 19:47:44 +01:00
Werner Lewis	6bb49ba121	Document const parameter conventions Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-12-15 17:04:43 +00:00
Tom Cosgrove	b38c2ed3d9	Fix double space between words Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-15 16:56:36 +00:00
Tom Cosgrove	d692ba4248	Note that (as usual) for mbedtls_mpi_mod_inv() residues must be associated with the modulus Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-15 16:56:36 +00:00
Tom Cosgrove	a9e0f95903	Split mbedtls_mpi_mod_inv() into separate functions for mont/non-mont form Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-15 16:56:36 +00:00
Tom Cosgrove	4302d02fa8	Add mbedtls_mpi_mod_inv() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-15 16:56:36 +00:00
Tom Cosgrove	786848b5c5	Add low-level Montgomery conversion functions to bignum_core Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-15 16:56:36 +00:00
Tom Cosgrove	28ff92cc3a	Add an explicit mbedtls_mpi_core_montmul_working_limbs() function Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-15 16:56:36 +00:00
Tom Cosgrove	30f3b4d601	Add mbedtls_mpi_core_check_zero_ct() and tests Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-15 16:56:36 +00:00
Tom Cosgrove	e9ffb6c8e9	Fix mbedtls_platform_zeroize() call in mbedtls_mpi_mod_modulus_free() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-15 16:56:36 +00:00
Werner Lewis	756a34aadc	Use lower case for p and r Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-12-15 14:53:43 +00:00
Werner Lewis	0f644f48e9	Add output initialization requirement Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-12-15 14:13:32 +00:00
Gilles Peskine	6b7ce968d2	Clarify some comments Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-15 15:04:33 +01:00
Gabor Mezei	95b754dfac	Fix documentation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-12-15 15:04:20 +01:00
Gabor Mezei	979d34ca7d	Add mod_raw_mul function Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-12-15 15:04:20 +01:00
Werner Lewis	214ae64349	Replace \p with \c for non-parameter code typeset Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-12-15 13:36:07 +00:00
Werner Lewis	1d89ebf548	Clarify all functions operate modulo N Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-12-15 13:35:41 +00:00
Werner Lewis	a306886b3a	Add modulus to parameter ordering Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-12-15 13:35:41 +00:00
Werner Lewis	2e70b9afef	Reword bignum sizes section Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-12-15 13:35:41 +00:00
Werner Lewis	2bd263da1e	Fix grammar and spelling Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-12-15 13:35:40 +00:00
Werner Lewis	945a165a3c	Clarify output requirements Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-12-15 13:22:27 +00:00
Werner Lewis	eac8be76d6	Remove unnecessary type comment Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-12-15 13:22:17 +00:00
Werner Lewis	e1eb75dc99	Specify modulus constraints Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-12-15 12:27:56 +00:00
Manuel Pégourié-Gonnard	50faa55e4d	Merge pull request #6732 from wernerlewis/bignum_6019_mod_add Bignum: Implement mbedtls_mpi_mod_add()	2022-12-15 11:39:24 +01:00
Dave Rodgman	01f6e61781	Merge pull request #986 from Mbed-TLS/merge-back-3.3.0-3 Merge back 3.3.0 3	2022-12-14 19:18:05 +00:00
Dave Rodgman	ebef3562c3	Revert "Add generated files" This reverts commit `c18d932705`. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-12-14 19:14:00 +00:00
Dave Rodgman	e90ed7d249	Bump versions for libmbedcrypto and libmbedtls Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-12-14 17:04:00 +00:00
Manuel Pégourié-Gonnard	c98624af3c	Merge pull request #6680 from valeriosetti/issue6599 Allow isolation of EC J-PAKE password when used in TLS	2022-12-14 11:04:33 +01:00
Valerio Setti	a3f99591f6	sha: make SHA-224 independent from SHA-256 Using proper configuration options (i.e. MBEDTLS_SHA224_C and MBEDTLS_SHA256_C) it is now possible to build SHA224 and SHA256 independently from each other. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-14 10:56:54 +01:00
Manuel Pégourié-Gonnard	4064a82802	Merge pull request #5600 from yuhaoth/pr/refactor-cookie-members-of-handshake Refactor cookie members of handshake	2022-12-14 10:55:34 +01:00
Valerio Setti	898e7a3afe	test: sha: test SHA384 and SHA512 separately This is meant to adapt to the new library design in which SHA384 and SHA512 can be built independently from each other. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-14 10:50:54 +01:00
Werner Lewis	eed01aabd3	Clarify wording in documentation Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-12-14 09:44:00 +00:00
Valerio Setti	43363f5962	sha: make SHA-384 independent from SHA-512 Using proper configuration options (i.e. MBEDTLS_SHA384_C and MBEDTLS_SHA512_C) it is now possible to build SHA384 and SHA512 independently from each other. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-14 08:53:23 +01:00
Manuel Pégourié-Gonnard	2b70a3f831	Merge pull request #6558 from lpy4105/6416-psa_macros_name_typo check_names: extend typo check to PSA macro/enum names	2022-12-13 09:56:27 +01:00
Manuel Pégourié-Gonnard	48232ed2c1	Merge pull request #6743 from minosgalanakis/bignum/implement_modular_negation Bignum: Implement fixed width modular negation	2022-12-13 09:54:38 +01:00
Bence Szépkúti	f7641544ea	Correct the fix for the PKCS 7 memory leak This corrects an issue in the origina fix in `4f01121f6e`. Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2022-12-12 21:59:03 +01:00
Dave Rodgman	8a05c069a5	Merge pull request #6751 from ZachFleck42/development Fix typo in `library/entropy.c`	2022-12-12 16:30:54 +00:00
Werner Lewis	5e9d2e9019	Add conventions for bignum mod and mod_raw Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-12-12 14:00:25 +00:00
Manuel Pégourié-Gonnard	a9ac61203b	Merge pull request #6666 from daverodgman/fast_unaligned Fast unaligned memory access macros	2022-12-12 12:18:17 +01:00
Minos Galanakis	5e8443e6ef	mbedtls_mpi_mod_raw_neg: Updated documentation. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-12-12 11:13:56 +00:00
Minos Galanakis	21fe8bdeac	bignum_mod_raw: Added modular negation. This patch adds the `mpi_mod_raw_neg()` method. Co-authored-by: Hanno Becker <hanno.becker@arm.com> Co-authored-by: Minos Galanakis <minos.galanakis@arm.com> Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-12-12 11:13:56 +00:00
Valerio Setti	016f682796	tls: pake: small code refactoring for password setting functions Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-09 14:17:50 +01:00
Tom Cosgrove	5f09930017	Clarify use of temporary in mbedtls_mpi_mod_raw_inv_prime() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-09 10:58:15 +00:00
Dave Rodgman	c18d932705	Add generated files Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-12-09 09:44:10 +00:00
Manuel Pégourié-Gonnard	df0c73c308	Readability improvement in pk_wrap.c Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-12-09 10:09:34 +01:00
Manuel Pégourié-Gonnard	79ae7eb4d1	Use deterministic ECDSA in PSA when we do in legacy This fixes the two failing cases in test_suite_pk when ECP_RESTARTABLE and USE_PSA_CRYPTO are both enabled. The two failing cases where ECDSA restartable sign/verify: ECDSA, max_ops=0 (disabled) ECDSA restartable sign/verify: ECKEY, max_ops=0 (disabled) associated with test function pk_sign_verify_restart(). The failure was caused by the interaction of several things that are each reasonable on their own: 1. The test function relies on ECDSA restartable, which is reasonable as it allows making sure that the generated signature is correct with a simple memcmp(). 2. The implementation of pk_sign_restartable() has a shortcut to dispatch to the sign function (as opposed to sign_restartable) when restart is disabled (max_ops == 0). 3. When USE_PSA is enabled, the sign function dispatches to PSA, which so far always used ECDSA (non-deterministic) even when the non-PSA version would use deterministic ECDSA. This could be fixed by changing any of those. I chose (3) because I think it makes sense that when PK dispatches to PSA instead of legacy this should not change which version of ECDSA is selected. OTOH, I think it makes sense to keep (2), because that means more opportunities to dispatch to PSA. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-12-09 10:07:19 +01:00
Jerry Yu	0c2a738c23	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-09 09:51:20 +08:00
Jerry Yu	141bbe7bee	tls13: Adjust include files - remove duplicate and unused included - Adjust the order to system, mbedtls global, local. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-09 09:51:20 +08:00
Jerry Yu	ddda050604	tls13: Upstream various fix in prototype - Adjust max input_max_frag_len - Guard transform_negotiate - Adjust function position - update comments - fix wrong requirements Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-09 09:51:20 +08:00
Jerry Yu	2e19981e17	tls13: guards transform negotiate Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-09 09:51:20 +08:00
Valerio Setti	eb3f788b03	tls: pake: do not destroy password key in TLS Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-08 18:42:58 +01:00
Dave Rodgman	48223bc19e	Bump version to 3.3.0. No changes to .so versions. Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-12-08 14:43:19 +00:00
Dave Rodgman	a5b2c52885	Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.3.0rc0-pr	2022-12-08 14:10:59 +00:00
Zachary Fleckenstein	73defe4da0	Fix typo in `library/entropy.c` Signed-off-by: Zachary Fleckenstein <ZachFleck42@Gmail.com>	2022-12-08 07:28:29 -05:00
Tom Cosgrove	6129268fee	Bignum: Implement mbedtls_mpi_mod_raw_inv_prime() and tests Fixes #6023. Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-08 09:44:10 +00:00
Tom Cosgrove	a7f0d7b029	mbedtls_mpi_core_exp_mod() ouuput may alias input A Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-08 08:46:28 +00:00
Valerio Setti	ae7fe7ee53	tls: pake: avoid useless psa_pake_abort in setting opaque password Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-07 17:36:59 +01:00
Valerio Setti	70d1fa538a	tls: pake: fix missing return values check Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-07 16:20:27 +01:00
Valerio Setti	c689ed8633	tls: pake: minor adjustments Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-07 14:40:38 +01:00
Dave Rodgman	90af1a10ab	Merge pull request #6734 from daverodgman/fix_test_dep_spelling Fix spelling of test dependency	2022-12-07 09:06:29 +00:00
Ronald Cron	fbba0e9d75	Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface TLS 1.3: Refactor early data configuration interface.	2022-12-07 09:42:12 +01:00
Janos Follath	d45924d862	Merge pull request #6733 from tom-cosgrove-arm/issue-6293-mod_exp-memory Have mbedtls_mpi_core_exp_mod() take a temporary instead of allocating memory	2022-12-07 08:32:31 +00:00
Janos Follath	1d26d976e8	Merge pull request #6731 from tom-cosgrove-arm/issue-6293-mod_exp Require input to mbedtls_mpi_core_exp_mod() to already be in Montgomery form	2022-12-07 08:31:49 +00:00
Dave Rodgman	556e8a3219	Fix additional mis-spelling Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-12-06 16:31:25 +00:00
Dave Rodgman	92011eef34	Merge pull request #6717 from tom-cosgrove-arm/fix-typos-2212 Fix typos prior to release	2022-12-06 15:00:34 +00:00
Tom Cosgrove	0a0ddedfb7	Have mbedtls_mpi_core_exp_mod() take a temporary instead of allocating memory Last PR needed for #6293 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-06 14:37:18 +00:00
Werner Lewis	e1b6b7c0ac	Implement mbedtls_mpi_mod_add() Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-12-06 11:55:32 +00:00
Tom Cosgrove	ecda186893	Require input to mbedtls_mpi_core_exp_mod() to already be in Montgomery form Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-06 10:46:30 +00:00
Jerry Yu	6ee56aa18f	Add default values for conf->early_data - early_data default to disable - max_early_data_size default to built-in value Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-06 18:00:47 +08:00
Jerry Yu	39da9857df	remove limitation of max_early_data_size Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-06 16:58:36 +08:00
Jerry Yu	12c46bd14f	fix various issues - disable reuse of max_early_data_size. - make conf_early_data available for server. - various comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-06 11:02:51 +08:00
Tom Cosgrove	ed4f59eec3	Fix another typo where 'PSK' was 'PKS' Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-05 12:07:50 +00:00
Jerry Yu	e01304f6d8	fix type conversion issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-05 19:58:46 +08:00
Jerry Yu	ac5ca5a0ea	Refactor cookie members of handshake struct Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-05 19:58:45 +08:00
Dave Rodgman	acbb6dc364	Merge remote-tracking branch 'origin/development' into merge-dev	2022-12-05 10:59:23 +00:00
Tom Cosgrove	1797b05602	Fix typos prior to release Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-04 17:19:59 +00:00
Valerio Setti	757f359474	tls: pake: do not destroy key on errors while setting opaque password Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-02 11:07:11 +01:00
Gilles Peskine	70375b2028	Move mbedtls_mpi_core_random to the proper source file Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-01 23:46:26 +01:00
Gilles Peskine	78cf3bbf22	Bignum core: break mbedtls_mpi_core_random out of mbedtls_mpi_random Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-01 23:45:45 +01:00
Gilles Peskine	4a8c5cdfbf	Bignum core: random: prototype Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-01 23:44:07 +01:00
Gilles Peskine	26be89b3f6	Bignum core: random: prepare to break out the core function Shuffle things around a bit inside mbedtls_mpi_random() in preparation for breaking out mbedtls_mpi_core_random(). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-01 23:06:43 +01:00
Gilles Peskine	8a32a75aa2	mbedtls_mpi_random: avoid local allocation Rewrite the minimum bound comparison to avoid a local allocation. This costs a bit of code size, but saves RAM. This is in preparation for moving the bulk of the function to the bignum_core module where allocation is not permitted. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-01 23:06:43 +01:00
Gilles Peskine	6f949ea67b	New constant-flow function mbedtls_mpi_core_uint_le_mpi Compare a single-limb MPI with a multi-limb MPI. This is rather ad hoc, but will be useful for mbedtls_mpi_core_random. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-12-01 23:06:43 +01:00
Jerry Yu	cc4e007ff6	Add max_early_data_size to mbedtls_ssl_config Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-01 23:11:48 +08:00
Tom Cosgrove	62b20488f1	Implement mbedtls_mpi_mod_sub() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-01 14:27:37 +00:00
Valerio Setti	0944329036	tls: pake: add check for empty passwords in mbedtls_ssl_set_hs_ecjpake_password() Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-01 15:06:09 +01:00
Paul Elliott	266f79c136	Merge pull request #6426 from aditya-deshpande-arm/driver-wrapper-key-agreement Add driver dispatch layer for raw key agreement, along with test call for transparent drivers.	2022-12-01 11:40:52 +00:00
Dave Rodgman	2dae4b3ef6	Support armcc builtin byteswap routine Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-30 15:18:39 +00:00
Dave Rodgman	2d0f27d0fc	Make use of optimised bswap from ARIA Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-30 12:16:21 +00:00
Ronald Cron	7df787c019	Merge pull request #6538 from yuhaoth/pr/tls13-add-early-data-transform-computation	2022-11-30 09:56:00 +01:00
Gilles Peskine	edaa17b350	Merge pull request #6547 from yanesca/extract_mod_exp_from_prototype Bignum: Extract mod exp from prototype	2022-11-29 21:40:07 +01:00
Aditya Deshpande	b6bc7524f9	Minor formatting fixes to address code review comments Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2022-11-29 16:53:29 +00:00
Manuel Pégourié-Gonnard	0b9b560770	Merge pull request #6601 from valeriosetti/issue6502 Avoid assumptions about implementation in EC J-PAKE tests	2022-11-29 11:21:23 +01:00
Manuel Pégourié-Gonnard	f9720cfa78	Merge pull request #6670 from gilles-peskine-arm/pkcs7-use-after-free-20221127 PKCS7: Fix some memory management errors	2022-11-29 11:17:27 +01:00
Manuel Pégourié-Gonnard	ffc330fafa	Merge pull request #6264 from hannestschofenig/rfc9146_2 CID update to RFC 9146	2022-11-29 09:25:14 +01:00
Jerry Yu	aec08b3f42	fix various format issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-29 15:19:27 +08:00
Janos Follath	97915c8685	Merge pull request #6619 from minosgalanakis/bignum/add_high_lv_IO_methods Bignum: Adding High level I/O methods	2022-11-28 17:27:48 +00:00
Valerio Setti	a9a97dca63	psa_pake: add support for opaque password Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-28 18:26:16 +01:00
Dave Rodgman	6d23ff60dd	Make use of optimised bswap from bignum Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-28 15:41:13 +00:00
Dave Rodgman	f7f1f748e3	Support built-in byteswap routines from clang, gcc, MSVC Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-28 15:41:13 +00:00
Dave Rodgman	a5110b0d79	Make use of efficient unaligned access functions Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-28 15:41:13 +00:00
Dave Rodgman	6298b24127	Add byteswap routines Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-28 15:41:13 +00:00
Dave Rodgman	e5c42594e5	Add byte order detection macro Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-28 15:41:13 +00:00
Dave Rodgman	a360e1987a	Add efficent unaligned get/put functions Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-28 15:41:04 +00:00
Dave Rodgman	d98ac8b75e	Merge remote-tracking branch 'dave/fast_xor' into fast_unaligned	2022-11-28 15:06:25 +00:00
Janos Follath	1f8afa22a4	Bignum Mod: improve documentation and style Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-28 14:58:08 +00:00
Aditya Deshpande	1ac41dec09	Add test function for opaque driver (simply returns PSA_ERROR_NOT_SUPPORTED), and address other review comments. Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2022-11-28 14:46:30 +00:00
Janos Follath	84bee4c492	mbedtls_mpi_mod_write: improve readability Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-28 10:27:14 +00:00
Jerry Yu	3d78e08ac0	erase early secrets and transcripts Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-28 17:34:06 +08:00
Jerry Yu	a5db6c0ce3	fix coding style issues. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-28 17:34:06 +08:00
Jerry Yu	e31688b7fa	fix comments issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-28 17:34:06 +08:00
Jerry Yu	a8771839e8	Refactor make_traffic_keys Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-28 17:34:06 +08:00
Jerry Yu	3ce61ffca6	fix comments and function name issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-28 17:34:06 +08:00
Jerry Yu	b094e124f2	fix various issues - Alignments - comment words in doxygen paragraph Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-28 17:34:06 +08:00
Jerry Yu	91b560f38d	Add compute early transform Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-28 17:34:06 +08:00
Jerry Yu	3d9b590f02	guards transform_earlydata Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-28 17:34:06 +08:00
Jerry Yu	84a6edac10	change signature of get_cipher_key_info - it is a static function. The name is not follow nameing ruler - move the position. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-28 17:34:06 +08:00
Gilles Peskine	4f01121f6e	Fix memory leak on error in pkcs7_get_signers_info_set mbedtls_x509_name allocates memory, which must be freed if there is a subsequent error. Credit to OSS-Fuzz (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53811). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-27 22:02:10 +01:00
Gilles Peskine	e7f8c616d0	Fix dangling freed pointer in pkcs7_free_signer_info This may have been a use-after-free, but I haven't worked out whether it was a problem or not. Even if it turns out to have been ok, keeping invalid pointers around is fragile. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-27 21:55:29 +01:00
Gilles Peskine	47a732635b	Simplify control flow in PKCS7 functions Remove useless goto in several functions. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-27 21:55:29 +01:00
Gilles Peskine	290f01b3f5	Fix dangling freed pointer on error in pkcs7_get_signers_info_set This fixes a use-after-free in PKCS#7 parsing when the signer data is malformed. Credit to OSS-Fuzz (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=53798). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-27 21:55:29 +01:00
Janos Follath	6eb92c0410	Bignum Mod: improve documentation and style Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-26 17:34:37 +00:00
Janos Follath	8dfc8c41b7	mbedtls_mpi_mod_write: prevent data corruption The function wasn't converting back data to internal representation when writing it out. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-26 15:39:02 +00:00
Janos Follath	d7bb35257b	mbedtls_mpi_mod_read/write: restrict pre-conditions Require equality for the number of limbs in the modulus and the residue. This makes these functions consistent with residue_setup(). Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-26 14:59:27 +00:00
Janos Follath	75b9f0fd2e	mbedtls_mpi_mod_read/write: remove redundant checks The function isn't documented as accepting null pointer, and there's no reason why it should be. Just let it dereference the pointer. The null/zero checks are only marginally useful: they validate that m and r are properly populated objects, not freshly initialized ones. For that, it's enough to check that the pointers aren't null or that the sizes aren't zero, we don't need to check both. Also, use separate if statements for unrelated checks. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-26 14:28:50 +00:00
Gilles Peskine	89e31adbee	Move mps modules to the correct library This is a private interface only, so it's an ABI change but not an API change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-26 14:18:45 +01:00
Gilles Peskine	898db6b8e5	Move ssl_debug_helpers_generated to the correct library This is a private interface only, so it's an ABI change but not an API change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-26 14:15:32 +01:00
Janos Follath	ee530cc644	Bignum Mod: improve documentation Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-25 17:55:00 +00:00
Janos Follath	fc6fbb4e96	Bignum Mod: improve documentation Signed-off-by: Janos Follath <janos.follath@arm.com> Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com> Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-25 17:55:00 +00:00
Janos Follath	41427dee80	Bignum Mod: improve documentation Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-25 17:55:00 +00:00
Janos Follath	91295d2b8f	Bignum Mod: remove endianness from modulus The external representation before included more than just endianness (like reading in Mongtomery curve scalars or converting hashes to numbers in a standard compliant way). These are higher level concepts and are out of scope for Bignum and for the modulus structure. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-25 17:55:00 +00:00
Janos Follath	3e3fc91c33	Bignum Mod: pass endianness as a parameter The external representation before included more than just endianness (like reading in Mongtomery curve scalars or converting hashes to numbers in a standard compliant way). These are higher level concepts and are out of scope for Bignum and for the modulus structure. Passing endianness as a parameter is a step towards removing it from the modulus structure. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-25 17:55:00 +00:00
Janos Follath	d3eed33709	Bignum Mod Raw: pass endianness as a parameter The external representation before included more than just endianness (like reading in Mongtomery curve scalars or converting hashes to numbers in a standard compliant way). These are higher level concepts and are out of scope for Bignum and for the modulus structure. Passing endianness as a parameter is a step towards removing it from the modulus structure. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-25 17:55:00 +00:00
Janos Follath	50cd4b842b	Bignum Mod: Restrict residue setup In theory we could allow residues to have more allocated limbs than the modulus, but we might or might not need it in the end. Go for the simpler option for now and we can extend it later if we really need it. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-25 17:55:00 +00:00
Janos Follath	b62bad442e	Bidnum Mod: fix check in setup We want to make sure that the value has at least as many limbs allocated as the modulus as we need this to be able to do any operations in constant time. An invariant of the API is that the residue values are canonical, make sure that the residue is compared to the entire modulus. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-25 17:55:00 +00:00
Minos Galanakis	8b375451c5	bignum_mod: Refactored `mbedtls_mpi_mod_read/write()` This patch adjusts the I/O methods and the tests. Documentation has also been updated to be more clear. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-11-25 17:55:00 +00:00
Minos Galanakis	aed832ac16	bignum_mod: Adjusted input checking for `mbedtls_mpi_mod_residue_setup()` This patch adjusts the logic of the size checking of the method, and refactors the tests. Documentation has also been updated. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-11-25 17:55:00 +00:00
Minos Galanakis	a17ad48e2d	bignum_mod: Fixed an issue with input checking in `mpi_mod_residue_setup` This patch is inverting the input type checking logic in the method, in order to ensure that residue < modulus. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-11-25 17:55:00 +00:00
Minos Galanakis	81f4b11010	bignum_mod: Added `mbedtls_mpi_mod_read/write()` IO functions This patch adds input and ouput fucntions in the `bignum_mod` layer. The data will be automatically converted between Cannonical and Montgomery representation if required. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-11-25 17:55:00 +00:00
Janos Follath	590ae5363d	Merge pull request #6656 from tom-cosgrove-arm/bignum_pr_6225-updated Bignum: add mod_raw_add	2022-11-25 17:53:31 +00:00
Dave Rodgman	a616afeae4	Remove redundant inline workarounds Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-25 17:11:45 +00:00
Dave Rodgman	5a1d00f03d	Merge remote-tracking branch 'origin/development' into fast_xor Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-25 17:10:25 +00:00
Dave Rodgman	bf9b23abf8	Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0 Fix NULL+0 undefined behavior in PSA crypto ECB	2022-11-25 17:07:46 +00:00
Bence Szépkúti	6e85673e8d	Merge pull request #3431 from naynajain/development-pkcs7 PKCS7 Parser - RFC 2315	2022-11-25 15:55:46 +01:00
Janos Follath	505a228b7b	Merge pull request #6606 from gabor-mezei-arm/6222_bignum_low_level_subtraction Bignum: Add low level subtraction	2022-11-25 13:27:23 +00:00
Gilles Peskine	7d23778178	Explain why p + n isn't good enough Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-25 13:34:59 +01:00
Gilles Peskine	5a34b36bbd	Remove more now-redundant definitions of inline Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-25 13:26:44 +01:00
Dave Rodgman	f1419dbbe8	Merge pull request #6381 from tom-cosgrove-arm/pr2164 mbedtls: fix possible false success in mbedtls_cipher_check_tag()	2022-11-25 10:55:10 +00:00
Manuel Pégourié-Gonnard	61336848a9	Fix bug when legacy CID is enabled but not used When legacy CID is enabled at compile time, but not used at runtime, we would incorrectly skip the sequence number at the beginning of the AAD. There was already two "else" branches for writing the sequence number but none of them was taken in that particular case. Simplify the structure of the code: with TLS 1.2 (we're already in that branch), we always write the sequence number, unless we're using standard CID. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-11-25 11:48:17 +01:00
Dave Rodgman	8f6583d836	Fix for MSVC unsupported #inline keyword Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-25 09:16:41 +00:00
Bence Szépkúti	ae79fb2c2e	Merge branch 'development' into pr3431	2022-11-25 03:12:43 +01:00
Dave Rodgman	b8c4a0d940	Minor formatting tweaks Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-24 21:18:55 +00:00
Dave Rodgman	7a910a8be0	Minor formatting tweaks Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-24 21:17:40 +00:00
Dave Rodgman	875d2383d0	Improve documentation Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-24 20:43:15 +00:00
Dave Rodgman	aaf69fd682	Fix missing newline Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-24 20:40:28 +00:00
Dave Rodgman	c58858865b	Fix off-by-one error Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-24 20:35:04 +00:00
Dave Rodgman	66433444fc	Fix static inline linker issues Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-24 20:07:39 +00:00
Dave Rodgman	4b910c1ed1	Fix whitespace Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-24 19:44:52 +00:00
Dave Rodgman	069e7f462a	Correct mixed up comments Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-24 19:37:26 +00:00
Dave Rodgman	96d61d14d8	Use memcpy for unaligned accesses Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-24 19:33:22 +00:00
Dave Rodgman	fbc23225d6	Tidy up alignment-related code into separate header Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-24 18:07:37 +00:00
Tom Cosgrove	abddad4af8	Add note about aliasing of operands for mbedtls_mpi_mod_raw_add() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-11-24 16:22:43 +00:00
Werner Lewis	e4c0a6c3ba	Change cast to correct type Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-11-24 16:18:06 +00:00
Werner Lewis	1a277d9ad6	Replace comparison with XOR Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-11-24 16:18:06 +00:00
Werner Lewis	d391b8ce61	Change types and move const before type Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-11-24 16:18:06 +00:00
Werner Lewis	9fa91ebcb9	Use modulus structure in mbedtls_mpi_mod_raw_add Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-11-24 16:18:06 +00:00
Werner Lewis	0eea827cbd	Rename MPI_CORE(add_mod) to mbedtls_mpi_mod_raw_add Signed-off-by: Werner Lewis <werner.lewis@arm.com>	2022-11-24 16:18:06 +00:00
Hanno Becker	a45b6fee91	Extract MPI_CORE(add_mod) from the prototype Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-11-24 16:17:49 +00:00
Dave Rodgman	6921959b83	Remove unused variable Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-24 09:27:15 +00:00
Ronald Cron	4cf77e99ab	Merge pull request #6621 from ronald-cron-arm/tls13-early-data-write TLS 1.3: Add definition of mbedtls_ssl_{write,read}_early_data	2022-11-24 09:58:07 +01:00
Dave Rodgman	358c7d6eb0	Fix naming inconsistency Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-23 20:29:03 +00:00
Dave Rodgman	dd3103e9e7	Tidy up UNALIGNED_UINT32_T macro Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-23 19:42:13 +00:00
Dave Rodgman	e7cd137606	Define UNALIGNED_UINT32_PTR for unaligned access Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-23 19:14:26 +00:00
Dave Rodgman	a6778013b4	Tidy up UBSan detection Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-23 17:17:30 +00:00
Dave Rodgman	468df317bf	Fix MSVC support for inline keyword Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-23 16:56:35 +00:00
Dave Rodgman	1bab27f983	Prevent unaligned access under ASan builds Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-23 16:51:59 +00:00
Dave Rodgman	3c8eb7e990	Provide external definition of mbedtls_xor Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-23 14:50:03 +00:00
Dave Rodgman	63d114305f	Whitespace cleanup Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-23 14:03:30 +00:00
Dave Rodgman	f9a1c37bc8	Whitespace cleanup Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-23 14:02:00 +00:00
Gabor Mezei	02d2313829	Fix documentation Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-11-23 14:44:14 +01:00
Gabor Mezei	3411e949cd	Cas variable to proper type Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-11-23 14:44:13 +01:00
Gabor Mezei	4c7cf7d742	Add low level subtraction with modulus Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-11-23 14:44:07 +01:00
Janos Follath	531a871b88	Merge pull request #6235 from tom-cosgrove-arm/issue-6231-core-sub-int Bignum: extract core_sub_int from the prototype	2022-11-23 13:32:02 +00:00
Ronald Cron	4a8c9e2cff	tls13: Add definition of mbedtls_ssl_{write,read}_early_data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-11-23 14:29:37 +01:00
Gilles Peskine	42649d9270	Fix NULL+0 undefined behavior in ECB encryption and decryption psa_cipher_encrypt() and psa_cipher_decrypt() sometimes add a zero offset to a null pointer when the cipher does not use an IV. This is undefined behavior, although it works as naively expected on most platforms. This can cause a crash with modern Clang+ASan (depending on compiler optimizations). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-23 14:16:52 +01:00
Manuel Pégourié-Gonnard	ef25a99f20	Merge pull request #6533 from valeriosetti/issue5847 Use PSA EC-JPAKE in TLS (1.2) - Part 2	2022-11-23 13:27:30 +01:00
Ronald Cron	1d1d53622f	Merge pull request #6490 from xkqian/tls13_parse_early_data_indication_ee The internal CI merge job ran successfully.	2022-11-23 12:31:25 +01:00
Ronald Cron	cb0e680779	Merge pull request #6476 from yuhaoth/pr/fix-tls13-mbedtls_ssl_is_handshake_over TLS 1.3: Fix tls13 mbedtls ssl is handshake over	2022-11-23 12:12:02 +01:00
Manuel Pégourié-Gonnard	660b396e41	Merge pull request #975 from yanesca/issue-946 Fix RSA side channel	2022-11-23 10:30:35 +01:00
Xiaokang Qian	b157e915ad	Move the early data status set afeter all of the extensions parse Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-23 08:12:26 +00:00
Xiaokang Qian	e861ba01d4	Remove the duplicate early_data_status check Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-23 03:21:02 +00:00
Xiaokang Qian	ca09afc60a	Remove useless function and parse early data in ee Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-23 02:16:49 +00:00
Moritz Fischer	a6a94ad599	lms: Move merkle tree generation to heap allocation Larger height (e.g. H=20) trees cannot be put on the stack. Allocate memory for them based on need using mbedtls_calloc(). Signed-off-by: Moritz Fischer <moritzf@google.com>	2022-11-22 15:49:56 -08:00
Janos Follath	3321b5842c	mpi_exp_mod: improve documentation Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 21:22:54 +00:00
Gilles Peskine	7d89d351e6	Zeroize sensitive data Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-22 21:22:54 +00:00
Gilles Peskine	0b270a5603	Explain a little more Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-22 21:22:54 +00:00
Gilles Peskine	4380d7b7f3	Simplify cleanup logic Take advantage of the fact that there's a single point of failure. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-22 21:22:54 +00:00
Gilles Peskine	3b63d09fea	Make the main loop's logic clearer The loop ends when there are no more bits to process, with one twist: when that happens, we need to clear the window one last time. Since the window does not start empty (E_limbs==0 is not supported), the loop always starts with a non-empty window and some bits to process. So it's correct to move the window clearing logic to the end of the loop. This lets us exit the loop when the end of the exponent is reached. It would be clearer not to do the final window clearing inside the loop, so we wouldn't need to repeat the loop termination condition (end of exponent reached) inside the loop. However, this requires duplicating the code to clear the window. Empirically, this causes a significant code size increase, even if the window clearing code is placed into a function. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-22 21:22:54 +00:00
Gilles Peskine	c718a3ce94	Simplify exponent bit selection Use indices instead of mutating data to extract the bits of the exponent. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-22 21:22:54 +00:00
Gilles Peskine	d83b5cb504	Local readability improvements Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-22 21:22:54 +00:00
Gilles Peskine	0de0a049f1	Move window precomputation into an auxiliary function Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-22 21:22:54 +00:00
Gilles Peskine	cf979b0fc1	Define variables closer to their use Make variables const where possible. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-22 21:22:54 +00:00
Gilles Peskine	7af166b827	Change E closer to where it's used Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-22 21:22:54 +00:00
Gilles Peskine	07f2c69511	More consistent variable names Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-22 21:22:53 +00:00
Janos Follath	0ec6e3f394	mpi_core_mod_exp: improve style and documentation No intended change in behaviour. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 21:22:53 +00:00
Janos Follath	a77911e5c1	core_exp_mod: improve window selection We are looking at the exponent at limb granularity and therefore exponent bits can't go below 32. The `mpi_` prefix is also removed as it is better not to have prefix at all than to have just a partial. (Full prefix would be overly long and would hurt readability.) Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 21:22:53 +00:00
Janos Follath	59cbd1be27	Make mbedtls_mpi_core_ct_uint_table_lookup static Now that we have a function that calls mbedtls_mpi_core_ct_uint_table_lookup(), the compiler won't complain if we make it static. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 21:22:53 +00:00
Janos Follath	bad42c4d0d	mpi_core_exp_mod: fix local variable type On platforms with size_t different from int, mismatch between size_t and mpi_uint can cause incorrect results or complaints from the compiler. Signed-off-by: Janos Follath <janos.follath@arm.com> mpi_core_exp_mod: Cast local variable explicitly Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 21:22:53 +00:00
Janos Follath	b6673f0f19	Add modular exponentiation to bignum core Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 21:22:53 +00:00
Dave Rodgman	fdd967ebdc	Detect support for unaligned memory access Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 18:55:17 +00:00
Aditya Deshpande	5e3c70e3be	Merge branch 'development' into driver-wrapper-key-agreement	2022-11-22 17:58:52 +00:00
Aditya Deshpande	8cc1470c18	Merge branch 'development' into driver-wrapper-key-agreement	2022-11-22 17:55:53 +00:00
Valerio Setti	6d4e75f0c6	psa_crypto_pake: initialize psa_status_t stack variables Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-22 18:52:17 +01:00
Valerio Setti	fdb77cdae3	psa_crypto_pake: internally call to psa_pake_abort() in case of errors In this way, in case of error, it is not possible to continue using the same psa_pake_operation_t without reinitializing it. This should make the PSA pake's behavior closer to what expected by the specification Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-22 18:41:01 +01:00
Dave Rodgman	c36a56e890	Use mbedtls_xor in TLS messaging layer Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:44 +00:00
Dave Rodgman	74b345f282	Use mbedtls_xor in PKCS #5 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:44 +00:00
Dave Rodgman	99a507ee55	Use mbedtls_xor in md Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:44 +00:00
Dave Rodgman	d22fb73e3e	Use mbedtls_xor in GCM Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:44 +00:00
Dave Rodgman	2e9db8e9bf	Use mbedtls_xor in DES Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:44 +00:00
Dave Rodgman	ffb5499988	Use mbedtls_xor in CTR_DRBG Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:44 +00:00
Dave Rodgman	8c0ff81ce7	Use mbedtls_xor in CMAC Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:44 +00:00
Dave Rodgman	c1d9022bab	Use mbedtls_xor in ChaCha20 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:43 +00:00
Dave Rodgman	0d3b55bca8	Use mbedtls_xor in ccm Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:43 +00:00
Dave Rodgman	d23399eb69	Use mbedtls_xor in Camellia Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:43 +00:00
Dave Rodgman	7bb6b84b29	Use mbedtls_xor in ARIA Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:43 +00:00
Dave Rodgman	a8cf607458	Use mbedtls_xor in AES Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 17:32:43 +00:00
Janos Follath	3165f063b5	mpi_exp_mod: use x_index consistently Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 15:04:11 +00:00
Janos Follath	c8d66d50d0	mpi_exp_mod: reduce the table size by one The first half of the table is not used, let's reuse index 0 for the result instead of appending it in the end. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 15:04:11 +00:00
Janos Follath	060009518b	mpi_exp_mod: fix out of bounds access The table size was set before the configured window size bound was applied which lead to out of bounds access when the configured window size bound is less. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 15:04:11 +00:00
Janos Follath	9c09326572	mpi_mod_exp: be pedantic about right shift The window size starts giving diminishing returns around 6 on most platforms and highly unlikely to be more than 31 in practical use cases. Still, compilers and static analysers might complain about this and better to be pedantic. Co-authored-by: Gilles Peskine <gilles.peskine@arm.com> Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 15:04:11 +00:00
Janos Follath	be54ca77e2	mpi_exp_mod: improve documentation Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 15:04:10 +00:00
Janos Follath	74601209fa	mpi_exp_mod: remove the 'one' variable Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 15:04:10 +00:00
Janos Follath	b2c2fca974	mpi_exp_mod: simplify freeing loop Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 15:04:10 +00:00
Janos Follath	3646ff02ad	mpi_exp_mod: move X next to the precomputed values With small exponents (for example, when doing RSA-1024 with CRT, each prime is 512 bits and we'll use wsize = 5 which may be smaller that the maximum - or even worse when doing public RSA operations which typically have a 16-bit exponent so we'll use wsize = 1) the usage of W will have pre-computed values, then empty space, then the accumulator at the very end. Move X next to the precomputed values to make accesses more efficient and intuitive. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 15:04:10 +00:00
Janos Follath	7fa11b88f3	mpi_exp_mod: rename local variables Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 15:04:10 +00:00
Janos Follath	844614814e	mpi_exp_mod: remove memory ownership confusion Elements of W didn't all have the same owner: all were owned by this function, except W[x_index]. It is more robust if we make a proper copy of X. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 15:04:10 +00:00
Janos Follath	f08b40eaab	mpi_exp_mod: improve documentation Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 15:04:10 +00:00
Janos Follath	b764ee1603	mpi_exp_mod: protect out of window zeroes Out of window zeroes were doing squaring on the output variable directly. This leaks the position of windows and the out of window zeroes. Loading the output variable from the table in constant time removes this leakage. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 15:04:10 +00:00
Janos Follath	8e7d6a0386	mpi_exp_mod: load the output variable to the table This is done in preparation for constant time loading that will be added in a later commit. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-22 15:04:10 +00:00
Valerio Setti	99d88c1ab4	tls: psa_pake: fix missing casting in mbedtls_psa_ecjpake_write_round Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-22 16:03:43 +01:00
Dave Rodgman	c3d8041fe7	Introduce mbedtls_xor Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-22 15:01:39 +00:00
Tom Cosgrove	452c99c173	Use mbedtls_mpi_core_sub_int() in mbedtls_mpi_sub_abs() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-11-22 14:58:15 +00:00
Tom Cosgrove	f7ff4c9a11	Tidy up, remove MPI_CORE(), and apply the naming convention Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-11-22 14:58:15 +00:00
Hanno Becker	d9b2348d8f	Extract MPI_CORE(sub_int) from the prototype Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-11-22 14:58:15 +00:00
Bence Szépkúti	a17d038ee1	Merge branch 'development' into pr3431	2022-11-22 15:54:52 +01:00
Gilles Peskine	4f19d86e3f	Merge pull request #6608 from mprse/ecjpake_password_fix Make a copy of the password key in operation object while setting j-pake password	2022-11-22 14:52:12 +01:00
Aditya Deshpande	2f7fd76d91	Replace PSA_KEY_AGREEMENT_MAX_SHARED_SECRET_SIZE with PSA_RAW_KEY_AGREEMENT_OUTPUT_MAX_SIZE in psa_key_agreement_internal(). Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2022-11-22 11:10:34 +00:00
Valerio Setti	d4a9b1ab8d	tls: psa_pake: remove useless defines and fix a comment Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-22 11:11:10 +01:00
Xiaokang Qian	8bee89994d	Add parse function for early data in encrypted extentions Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-22 09:40:07 +00:00
Przemek Stekiel	0bdec19c93	Further optimizations of pake set_password implementation Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-11-22 09:10:35 +01:00
Jerry Yu	fdd24b8c49	Revert change in flight transmit Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-22 14:08:03 +08:00
Gilles Peskine	339406daf9	Merge pull request #6609 from gilles-peskine-arm/mpi_sint-min-ub Fix undefined behavior in bignum: NULL+0 and -most-negative-sint	2022-11-21 19:51:58 +01:00
Przemek Stekiel	ad0f357178	Optimize pake code that sets/use password key Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-11-21 15:04:37 +01:00
Przemek Stekiel	e2d6b5f45b	psa_key_slot_get_slot_number: Move documentation to header file Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-11-21 15:03:52 +01:00
Valerio Setti	5151bdf46e	tls: psa_pake: add missing braces Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-21 14:30:02 +01:00
Valerio Setti	79f6b6bb1b	tls: psa_pake: fixing mbedtls_psa_ecjpake_write_round() It might happen that the psa_pake_output() function returns elements which are not exactly 32 or 65 bytes as expected, but 1 bytes less. As a consequence, insted of hardcoding the expected value for the length in the output buffer, we write the correct one as obtained from psa_pake_output() Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-21 14:17:03 +01:00
Dave Rodgman	9e1836cc16	Merge pull request #6593 from Mbed-TLS/fix_tls12_sent_sigalgs Fix TLS1.2 signature algorithms list entry getting overwritten by length.	2022-11-21 10:09:57 +00:00
Jerry Yu	9b421456b0	Revert change in dtls1.2 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:35 +08:00
Jerry Yu	668070d5f4	Remove unnecessary replace Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:35 +08:00
Jerry Yu	a8d3c5048f	Rename new session ticket name for TLS 1.3 NewSessionTicket is different with TLS 1.2. It should not share same state. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:35 +08:00
Jerry Yu	cfda4bbeac	Replace handshake over in flight transmit Fix deadloop in DTLS resumption test. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:35 +08:00
Jerry Yu	1fb3299ad7	Replace internal usage of is_handshake_over. NEW_SESSION_TICKETS* are processed in handshake_step. Change the stop condition from `mbedtls_ssl_is_handshake_over` to directly check. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:34 +08:00
Jerry Yu	5ed73ff6de	Add NEW_SESSION_TICKET* into handshake over states All state list after HANDSHAKE_OVER as is_handshakeover Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:34 +08:00
Jerry Yu	6848a61922	Revert "Replace internal usage of mbedtls_ssl_is_handshake_over" This reverts commit 1d3ed2975e7ef0d84050a3aece02eec1f890dec3. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:34 +08:00
Jerry Yu	e219c11b4e	Replace internal usage of mbedtls_ssl_is_handshake_over Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:34 +08:00
Valerio Setti	61ea17d30a	tls: psa_pake: fix return values in parse functions Ensure they all belong to the MBEDTLS_ERR_SSL_* group Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-18 12:11:00 +01:00
Valerio Setti	aca21b717c	tls: psa_pake: enforce not empty passwords Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 18:20:50 +01:00
Valerio Setti	819de86895	tls: removed extra white spaces and other minor fix Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 18:05:19 +01:00
Valerio Setti	6b3dab03b5	tls: psa_pake: use a single function for round one and two in key exchange read/write Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 17:14:54 +01:00
Valerio Setti	9bed8ec5d8	tls: psa_pake: make round two reading function symmatric to the writing one Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:36:19 +01:00
Valerio Setti	30ebe11f86	tls: psa_pake: add a check on read size on both rounds Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:35:02 +01:00
Valerio Setti	a988364767	tls: psa_pake: fix missing new round one parsing function on tls12 server Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:35:02 +01:00
Valerio Setti	a08b1a40a0	tls: psa_pake: move move key exchange read/write functions to ssl_tls.c Inlined functions might cause the compiled code to have different sizes depending on the usage and this not acceptable in some cases. Therefore read/write functions used in the initial key exchange are moved to a standard C file. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-17 16:34:59 +01:00
Andrzej Kurek	ec71b0937f	Introduce a test for single signature algorithm correctness The value of the first sent signature algorithm is overwritten. This test forces only a single algorithm to be sent and then validates that the client received such algorithm. 04 03 is the expected value for SECP256R1_SHA256. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-11-17 14:58:14 +00:00
Paul Elliott	96a0fd951f	Fix signature algorithms list entry getting overwritten by length. Fix bug whereby the supported signature algorithm list sent by the server in the certificate request would not leave enough space for the length to be written, and thus the first element would get overwritten, leaving two random bytes in the last entry. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-11-17 14:58:14 +00:00
Przemek Stekiel	369ae0afc3	Zeroize pake password buffer before free Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-11-17 14:14:31 +01:00
Przemek Stekiel	152ae07682	Change password ec j-pake operation fields to more suitable Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-11-17 13:24:36 +01:00
Ronald Cron	d12922a69a	Merge pull request #6486 from xkqian/tls13_add_early_data_indication The merge job of the internal CI ran successfully. This is good to go.	2022-11-17 12:48:50 +01:00
Przemyslaw Stekiel	1def5becc2	Add psa_get_and_lock_key_slot_with_policy to header file Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-11-16 16:28:04 +01:00
Valerio Setti	6f1b5741ae	tls12: psa_pake: simplify EC info parsing in server's 2nd round Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-16 14:50:13 +01:00
Valerio Setti	4a9caaa0c9	tls12: psa_pake: check elliptic curve's TLS ID on handshake Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-16 14:50:10 +01:00
Valerio Setti	fbbc1f3812	tls12: psa_pake: use proper defines for the output size of each step in ECJPAKE Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-16 14:49:52 +01:00
Valerio Setti	02c25b5f83	tls12: psa_pake: use common code for parsing/writing round one and round two data Share a common parsing code for both server and client for parsing round one and two. Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-16 13:56:12 +01:00
Ronald Cron	e9f92c4fbc	tls: Fix in_cid buffer size in transform structure Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-11-16 10:23:05 +01:00
Xiaokang Qian	0cc4320e16	Add EARLY_DATA guard to the early data extension in session ticket Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-16 08:43:50 +00:00
Gilles Peskine	ef7f4e47b1	Express abs(z) in a way that satisfies GCC and MSVC Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-15 23:25:27 +01:00
Gilles Peskine	af601f9751	Fix undefined behavior with the most negative mbedtls_mpi_sint When x is the most negative value of a two's complement type, `(unsigned_type)(-x)` has undefined behavior, whereas `-(unsigned_type)x` has well-defined behavior and does what was intended. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-15 23:02:14 +01:00
Gilles Peskine	db14a9d180	Fix NULL+0 in addition 0 + 0 Fix undefined behavior (typically harmless in practice) of mbedtls_mpi_add_mpi(), mbedtls_mpi_add_abs() and mbedtls_mpi_add_int() when both operands are 0 and the left operand is represented with 0 limbs. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-15 23:00:21 +01:00
Przemek Stekiel	348410f709	Make a copy of the key in operation while setting pake password Additionally use psa_get_and_lock_key_slot_with_policy() to obtain key. This requires making this function public. This will have to be solved while adding driver dipatch for EC-JPAKE. Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-11-15 22:22:07 +01:00
Gilles Peskine	4a768dd17d	Fix negative zero created by (-A) + (+A) or (-A) - (-A) In mbedtls_mpi_add_mpi() and mbedtls_mpi_sub_mpi(), and by extention mbedtls_mpi_add_int() and mbedtls_mpi_sub_int(), when the resulting value was zero, the sign bit of the result was incorrectly set to -1 when the left-hand operand was negative. This is not a valid mbedtls_mpi representation. Fix this: always set the sign to +1 when the result is 0. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-15 20:36:18 +01:00
Gilles Peskine	72ee1e3f3c	Unify mbedtls_mpi_add_mpi and mbedtls_mpi_sub_mpi mbedtls_mpi_add_mpi() and mbedtls_mpi_sub_mpi() have the same logic, just with one bit to flip in the sign calculation. Move the shared logic to a new auxiliary function. This slightly reduces the code size (if the compiler doesn't inline) and reduces the maintenance burden. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-15 20:30:09 +01:00
Xiaokang Qian	2cd5ce0c6b	Fix various issues cause rebase to latest code Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-15 10:33:53 +00:00
Dave Rodgman	d384b64dd2	Merge branch 'development' into rfc9146_2 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-14 17:43:15 +00:00
Janos Follath	4d0ea7f4cc	Merge pull request #6550 from minosgalanakis/minos/6017_add_montgomery_conversion Bignum: Add Montgomery conversion from/to cannonical form	2022-11-14 11:12:13 +00:00
Xiaokang Qian	fe3483f9a1	Update early data doument and config dependencies Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-14 03:16:22 +00:00
Xiaokang Qian	ae07cd995a	Change ticket_flag base on review Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-14 03:16:22 +00:00
Xiaokang Qian	2d87a9eeb5	Pend one alert in case wrong EXT_EARLY_DATA length Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-14 03:16:22 +00:00
Xiaokang Qian	a042b8406d	Address some format issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-14 03:16:19 +00:00
Xiaokang Qian	f447e8a8d3	Address comments base on reviews Improve early data indication check Update test case to gnutls server Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-14 03:15:36 +00:00
Xiaokang Qian	a341225fd0	Change function name ssl_tls13_early_data_has_valid_ticket Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-14 03:15:05 +00:00
Xiaokang Qian	01323a46c6	Add session ticket related check when send early data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-14 03:15:05 +00:00
Xiaokang Qian	ecc2948f21	Fix format issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-14 03:15:05 +00:00
Xiaokang Qian	76332816c7	Define the EARLY_DATA_STATUS Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-14 03:15:05 +00:00
Xiaokang Qian	338f727683	Move EARLY_DATA_OFF/ON guard to ssl_misc.h Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-14 03:15:03 +00:00
Xiaokang Qian	b781a2323c	Move ssl_tls13_has_configured_ticket() back to tls13 client Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-14 03:13:51 +00:00
Xiaokang Qian	893ad81966	Remove useless early_secrets field Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-14 03:13:51 +00:00
Xiaokang Qian	911c0cc4f0	Fix format issues in comments Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-14 03:13:50 +00:00
Xiaokang Qian	0e97d4d16d	Add early data indication to client side Add fields to mbedtls_ssl_context Add write early data indication function Add check whether write early data indication Add early data option to ssl_client2 Add test cases for early data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-14 03:13:50 +00:00
Paul Elliott	aeb8bf2ab0	Merge pull request #6170 from yuhaoth/pr/tls13-cleanup-extensions-parser TLS 1.3: Add extension check for message parsers	2022-11-11 19:00:46 +00:00
Minos Galanakis	d9299c388e	bignum_mod_raw: Refactored Montgomery conversion functions This patch updates the `mbedtls_mpi_mod_raw_conv_xx()` methods as follows: * Renamed for simplicity: conv_fwd -> from_mont_rep, conv_inv -> to_mont_rep. * Uncoupled the dependency on the legaly bignum interface. * `mbedtls_mpi` is no longer used for temporary buffer allocation. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-11-11 10:54:58 +00:00
Hanno Becker	5ad4a93596	bignum_mod_raw: Added conversion methods for internal/public data representation Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-11-11 10:54:58 +00:00
Dave Rodgman	f58172fe43	Merge remote-tracking branch 'origin/development' into pr3431	2022-11-10 09:54:49 +00:00
Gilles Peskine	ed4b34aa7c	Merge pull request #6570 from gilles-peskine-arm/bignum-mbedtls_test_read_mpi_core-nonempty Forbid empty mpi_core in test data	2022-11-09 19:02:24 +01:00
Jerry Yu	97be6a913e	fix various issues - typo error - replace `ssl->hanshake` with handshake Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-09 22:43:31 +08:00
Gilles Peskine	95b5addcd6	Don't test mbedtls_mpi_core_lt_ct with 0 limbs A core MPI must have at least 1 limb. We can no longer test with 0 limbs, and we don't need to anyway, so don't try. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-09 11:18:38 +01:00
Gilles Peskine	d4bd38ba5d	Merge pull request #6544 from KloolK/development Fix outdated reference in debug message	2022-11-08 17:12:20 +01:00
Gilles Peskine	4a480ac5a1	Merge pull request #6265 from Kabbah/x509-info-hwmodulename-hex `x509_info_subject_alt_name`: Render HardwareModuleName as hex	2022-11-08 17:11:07 +01:00
Jerry Yu	7de2ff0310	Refactor extension list print Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-08 23:51:39 +08:00
Jerry Yu	79aa721ade	Rename ext print function and macro Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-08 23:51:39 +08:00
Jerry Yu	b95dd3683b	Add missing mask set and tls13 unrecognized extension Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-08 23:51:38 +08:00
Aditya Deshpande	c4646c08cd	Merge branch 'development' into driver-wrapper-key-agreement	2022-11-08 14:25:20 +00:00
Jerry Yu	c437ee3bac	fix wrong return value Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-08 21:04:15 +08:00
Jerry Yu	ea52ed91cf	fix typo and spell issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-08 21:01:17 +08:00
Gilles Peskine	42d75f2daf	Merge pull request #6013 from gstrauss/asn1-type-free Shared code to free x509 structs like mbedtls_x509_named_data	2022-11-08 12:20:20 +01:00
Dave Rodgman	ae2635df6f	Merge pull request #6306 from tom-cosgrove-arm/issue-6305-fix Return an error from mbedtls_ssl_handshake_step() if neither client nor server	2022-11-08 10:54:17 +00:00
Pengyu Lv	c1ecb25d8a	fix PSA_XXX typos detected by check_names.py Fix the PSA_XXX typos detected by check_names.py. PSA_WANT is actually not typo, but would cause a false negative result. So PSA_WANT is reworded to PSA_WANT_xxx. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2022-11-08 18:22:53 +08:00
Neil Armstrong	ca7d506556	Use PSA PAKE API when MBEDTLS_USE_PSA_CRYPTO is selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com> Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-08 10:58:45 +01:00
Jerry Yu	e5991328ff	fix tls13 psk only test fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-08 16:16:29 +08:00
Glenn Strauss	82ba274c01	Deprecate mbedtls_asn1_free_named_data() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-11-07 15:42:44 -05:00
Aditya Deshpande	d1b72a7b83	Merge branch 'development' into driver-wrapper-key-agreement	2022-11-07 17:36:23 +00:00
Gilles Peskine	faefe62013	Merge pull request #6390 from mpg/fix-ecjpake-psa-format Fix ecjpake PSA format	2022-11-07 17:35:44 +01:00
Gilles Peskine	bf249accc7	Merge pull request #6498 from yuhaoth/pr/fix-session-resumption-fail-when-hostname-is-not-localhost BUG: Fix session resumption fail when hostname is not localhost	2022-11-07 17:33:38 +01:00
Jan Bruckner	f869bfdfef	Fix outdated reference in debug message Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2022-11-07 15:28:49 +01:00
Aditya Deshpande	5567c660cd	Fix formatting and code comments Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2022-11-07 10:43:29 +00:00
Aditya Deshpande	3f1606a1f6	Refactor call hierarchy for ECDH so that it goes through the driver wrapper in a similar fashion to ECDSA. Add component_test_psa_config_accel_ecdh to all.sh to test key agreement driver wrapper with libtestdriver1. Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>	2022-11-07 09:22:52 +00:00
Jerry Yu	50e00e3ac6	Refactor server hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-06 11:54:22 +08:00
Jerry Yu	edab637b51	Refactor new session ticket Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-06 11:54:22 +08:00
Jerry Yu	0d5cfb7703	Refactor Certificate Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-06 11:54:22 +08:00
Jerry Yu	6d0e78ba22	Refactor certificate request Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-06 11:54:22 +08:00
Jerry Yu	9eba750916	Refactor encrypted extensions Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-06 11:54:22 +08:00
Jerry Yu	63a459cde5	Refactor client_hello parser and writer Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-06 11:54:21 +08:00
Jerry Yu	4b8f2f7266	Refactor sent extension message output Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-06 11:54:21 +08:00
Jerry Yu	d25cab0327	Refactor debug helpers for exts and hs message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-06 11:54:21 +08:00
Janos Follath	5933f691a2	Add merge slots to Bignum files Legacy Bignum is excluded as it doesn't get regular extensions like new ones. Each slot uses comments of their respective filetype. Since .data files don't have a syntax for comments, dummy test cases are used. (These test cases will never be executed and no noise will be added to tests.) Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-02 17:27:25 +00:00
Janos Follath	2a8bcf8c6f	Add bignum merge scaffolding Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-11-02 17:25:48 +00:00
Gilles Peskine	22cdd0ccd3	Update some internal comments The refactoring of fill_random had left some obsolete bits in comments. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-02 16:00:01 +01:00
Gilles Peskine	009d195a56	Move mbedtls_mpi_core_fill_random to the proper .c file Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-02 16:00:01 +01:00
Gilles Peskine	5980f2bd36	Implement mbedtls_mpi_core_fill_random Turn mpi_fill_random_internal() into mbedtls_mpi_core_fill_random(). It had basically the right code except for how X is passed to the function. Write unit tests. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-02 15:59:36 +01:00
Gilles Peskine	909e03c52f	Bignum core: fill_random: prototype Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-11-02 15:59:16 +01:00
Janos Follath	f1ed5815ba	Merge pull request #6512 from yanesca/extract_uint_table_lookup_core Implement mbedtls_mpi_core_ct_uint_table_lookup()	2022-11-02 13:58:19 +00:00
Jerry Yu	df0ad658a3	tls13: Add allowed extesions constants. - And refactor check_received_extension Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-02 21:35:27 +08:00
Dave Rodgman	90c6836271	Merge pull request #6524 from daverodgman/fix-duplicate-header Remove duplicate function prototype	2022-11-02 13:06:08 +00:00
Dave Rodgman	0877dc8f55	Improve documentation for psa_crypto_cipher.h Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-02 09:29:50 +00:00
Dave Rodgman	1630447eed	Move declaration of mbedtls_cipher_info_from_psa into psa_crypto_cipher.h Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-02 09:25:38 +00:00
Dave Rodgman	ba864848e7	Remove duplicate function prototype Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-01 16:41:09 +00:00
Dave Rodgman	29b9b2b699	Fix zeroization at NULL pointer Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-11-01 16:08:14 +00:00
Janos Follath	8904a2db29	mpi_core_ct_uint_table_lookup: style and docs Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-10-31 16:51:56 +00:00
Nick Child	3951a4f3ad	pkcs7: Use better error codes Remove an unnecessary debug print (whoops). Use new error code for when the x509 is expired. When there are no signers return invalid certificate. Signed-off-by: Nick Child <nick.child@ibm.com> Co-authored-by: Dave Rodgman <dave.rodgman@arm.com> Signed-off-by: Nick Child <nick.child@ibm.com>	2022-10-31 09:38:42 -05:00
Dave Rodgman	e8734d8a55	Apply suggestions from code review Two spelling fixes (changelog & a comment) Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-10-31 14:30:24 +00:00
Dave Rodgman	55fd0b9fc1	Merge pull request #6121 from daverodgman/pr277 cert_write - add a way to set extended key usages - rebase	2022-10-31 13:27:49 +00:00
Janos Follath	e50f2f1a8e	Add mbedtls_mpi_core_ct_uint_table_lookup This will be needed for extracting modular exponentiation from the prototype. The function signature is kept aligned to the prototype, but the implementation is new. (The implementation of this function in the prototype has further optimisations which are out of scope for now.) The function is not reused in the bignum counterpart as it will become redundant soon. This function is meant to be static, but doesn't have the qualifier as it is not used yet and would cause compiler warnings. The MBEDTLS_STATIC_TESTABLE macro will be added in a later commit. Signed-off-by: Janos Follath <janos.follath@arm.com>	2022-10-31 11:32:55 +00:00
Janos Follath	2dc2757cca	Merge pull request #6457 from minosgalanakis/minos/6017_update_modulus_lifecycle Bignum: Updated the modulus lifecyle	2022-10-31 11:28:37 +00:00
Dave Rodgman	1a22bef116	Merge pull request #6190 from daverodgman/invalid-ecdsa-pubkey Improve ECDSA verify validation	2022-10-31 09:37:26 +00:00
Jerry Yu	7a485c1fdf	Add ext id and utilities - Remove `MBEDTLS_SSL_EXT_*` - Add macros and functions for translating iana identifer. - Add internal identity for extension Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	c4bf5d658e	fix various issues - Signature of - mbedtls_tls13_set_hs_sent_ext_mask - check_received_extension and issues - Also fix comment issue. - improve readablity. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	03112ae022	change input extension_type Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	0c354a211b	introduce sent/recv extensions field And remove `extensions_present` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	ffa1582793	move get_extension mask Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	9872eb2d69	change return type for unexpected extension Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	43ff252688	Remove unnecessary checks. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	d15992d3ce	fix wrong setting of unrecognized ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	6ba9f1c959	Add extension check for NewSessionTicket Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	2c5363e58b	Add extension check for ServerHello and HRR Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	2eaa76044b	Add extension check for Certificate Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	c55a6af9eb	Add extensions check for CertificateRequest Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	cbd082f396	Add extension check for EncryptedExtensions Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	e18dc7eb9a	Add forbidden extensions check for ClientHello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	471dee5a12	Add debug helpers to track extensions Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	def7ae4404	Add auth mode check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-30 17:57:06 +08:00
Nick Child	5f39767495	pkcs7: Fix imports Respond to feedback about duplicate imports[1] and new import style [2]. [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r991355485 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#pullrequestreview-1138745361 Signed-off-by: Nick Child <nick.child@ibm.com>	2022-10-28 12:38:41 -05:00
Nick Child	bb82ab764f	pkcs7: Respond to feeback on parsing logic After recieving review on the pkcs7 parsing functions, attempt to use better API's, increase consisitency and use better documentation. The changes are in response to the following comments: - use mbedtls_x509_crt_parse_der instead of mbedtls_x509_crt_parse [1] - make lack of support for authenticatedAttributes more clear [2] - increment pointer in pkcs7_get_content_info_type rather than after [3] - rename `start` to `p` for consistency in mbedtls_pkcs7_parse_der [4] [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992509630 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992562450 [3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992741877 [4] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r992754103 Signed-off-by: Nick Child <nick.child@ibm.com>	2022-10-28 12:28:54 -05:00
Glenn Strauss	7db3124c00	Skip asn1 zeroize if freeing shallow pointers This skips zeroizing additional pointers to data. (Note: actual sensitive data should still be zeroized when freed.) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-10-28 12:51:35 -04:00
Glenn Strauss	a4b4041219	Shared code to free x509 structs Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-10-28 12:51:35 -04:00
Nick Child	73621ef0f0	pkcs7: Improve verify logic and rebuild test data Various responses to feedback regarding the pkcs7_verify_signed_data/hash functions. Mainly, merge these two functions into one to reduce redudant logic [1]. As a result, an identified bug about skipping over a signer is patched [2]. Additionally, add a conditional in the verify logic that checks if the given x509 validity period is expired [3]. During testing of this conditional, it turned out that all of the testing data was expired. So, rebuild all of the pkcs7 testing data to refresh timestamps. [1] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r999652525 [2] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r997090215 [3] https://github.com/Mbed-TLS/mbedtls/pull/3431#discussion_r967238206 Signed-off-by: Nick Child <nick.child@ibm.com>	2022-10-28 11:24:25 -05:00
Ronald Cron	04e2133f45	Merge pull request #6482 from ronald-cron-arm/tls13-misc TLS 1.3: Update documentation for the coming release and misc	2022-10-28 11:09:03 +02:00
Gilles Peskine	75c4eaf1f8	Merge pull request #5841 from aurel32/ecp_mul_mxz-timing-leak Fix a timing leak in ecp_mul_mxz()	2022-10-27 19:46:48 +02:00
Minos Galanakis	4d4c98b1b9	bignum_mod: `mbedtls_mpi_mod_modulus_setup()` refactoring. This patch addresses more review comments, and fixes a circular depedency in the `mbedtls_mpi_mod_modulus_setup()`. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-27 17:47:26 +01:00
Minos Galanakis	771c47055f	bignum_mod: Style changes This patch addresses review comments with regards to style of `mbedtls_mpi_mod_modulus_setup/free()`. It also removes a test check which was triggering a use-after-free. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-27 12:36:24 +01:00
Minos Galanakis	8b33363315	bignum_mod: Updated modulus lifecycle with mm and rr. This patch updates the `mbedtls_mpi_mod_modulus_setup/free()` methods to precalculate mm and rr(Montgomery const squared) during setup and zeroize it during free. A static `set_mont_const_square()` is added to manage the memory allocation and parameter checking before invoking the `mbedtls_mpi_core_get_mont_r2_unsafe()` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-27 11:43:54 +01:00
Minos Galanakis	760f5d6b6b	bignum_mod: Updated mbedtls_mpi_mod_modulus_setup/free with new fields At the current state, those fields are initialised to 0, NULL. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-27 11:43:54 +01:00
Hanno Becker	cd860dfe02	bignum_mod: Added Montgomery constants This patch adds the Montgomery constants to the `mbedtls_mpi_mont_struct`. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-27 11:43:54 +01:00
Gilles Peskine	9603daddaa	Merge pull request #6230 from tom-cosgrove-arm/issue-6223-core-add Bignum: extract core_add from the prototype	2022-10-27 11:25:27 +02:00
Ronald Cron	77e15e8a2c	Merge pull request #6460 from xkqian/tls13_add_early_data_preparatory Internal and Open CI merge job ran successfully. Good to go.	2022-10-27 10:40:56 +02:00
Gilles Peskine	88f5fd9099	Merge pull request #6479 from AndrzejKurek/depends-py-no-psa Enable running depends.py in a configuration without MBEDTLS_USE_PSA_CRYPTO and remove perl dependency scripts	2022-10-26 20:02:57 +02:00
Gilles Peskine	d4d080b41b	Merge pull request #6407 from minosgalanakis/minos/6017_add_montgomery_constant_squared Bignum: Added pre-calculation of Montgomery constants	2022-10-26 14:28:16 +02:00
Ronald Cron	4f7feca0dc	Merge pull request #6391 from davidhorstmann-arm/fix-x509-get-name-cleanup The Open CI ran successfully thus I think we can ignore the internal CI.	2022-10-26 14:27:54 +02:00
Xiaokang Qian	72dbfef6e4	Improve coding styles Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-26 06:33:57 +00:00
Ronald Cron	eac00ad2a6	tls13: server: Note down client not being authenticated in SSL context Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-25 20:02:03 +02:00
Gilles Peskine	744fd37d23	Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0 Fix unusual macros	2022-10-25 19:55:29 +02:00
Ronald Cron	a709a0f2c6	tls13: Declare PSK ephemeral key exchange mode first In the PSK exchange modes extension declare first PSK ephemeral if we support both PSK ephemeral and PSK. This is aligned with our implementation giving precedence to PSK ephemeral over pure PSK and improve compatibility with GnuTLS. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-25 19:05:26 +02:00
Tom Cosgrove	6469fdfb0a	Fix whitespace issue spotted in review Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-10-25 16:29:58 +01:00
Tom Cosgrove	82f131063a	Update documentation following review comment Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-10-25 16:29:58 +01:00
Tom Cosgrove	af7d44b4d2	Tidy up, remove MPI_CORE(), apply the naming convention, and use the new mbedtls_mpi_core_add() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-10-25 16:29:58 +01:00
Hanno Becker	c98871339d	Extract MPI_CORE(add) from the prototype Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-10-25 16:29:58 +01:00
Minos Galanakis	a081c51cd3	Renamed mpi_core_get_mont_R2_unsafe_neg -> mpi_core_get_mont_r2_unsafe_neg Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:12:38 +01:00
Minos Galanakis	51d638baf6	bignum_core: Style update 'mbedtls_mpi_core_get_mont_R2_unsafe' aligns const keyword to match the style of the rest of the module. Documentation is also updated to remove `MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED`. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:12:38 +01:00
Minos Galanakis	ae4fb671b4	mbedtls_mpi_core_get_mont_R2_unsafe: Removed NULL input checking Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:12:38 +01:00
Minos Galanakis	b85506e250	bignum_core.h: Comment update for mbedtls_mpi_core_get_mont_R2_unsafe Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:12:23 +01:00
Minos Galanakis	4f43f61c6a	Renamed mbedtls_mpi_get_montgomery_constant_unsafe to mpi_core_get_mont_R2_unsafe Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:12:23 +01:00
Hanno Becker	ec440f2397	bignum_mod_raw: Ported mbedtls_mpi_get_montgomery_constant_unsafe from prototype Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2022-10-25 15:08:08 +01:00
David Horstmann	3a334c2edc	Minor improvements to ssl_tls12_server.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-25 10:53:44 +01:00
David Horstmann	7aee0ec0ba	Minor improvements in ssl_client.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-25 10:38:25 +01:00
David Horstmann	6e11687ba5	Minor improvements to ecp.c changes Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-25 10:32:08 +01:00
David Horstmann	9b0eb90131	Rename ARIA_SELF_TEST_IF_FAIL Change to ARIA_SELF_TEST_ASSERT Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-25 10:23:34 +01:00

... 7 8 9 10 11 ...

10531 commits