yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
19354 commits 89 branches 205 tags 114 MiB
Commit graph

19354 commits

This branch
This branch
All branches
Author SHA1 Message Date
Neil Armstrong da1d80db19 Use mbedtls_rsa_info directly in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:36:32 +01:00
Neil Armstrong 7b1dc85919 Simplify padding check and get rid of psa_sig_md in rsa_encrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:36:06 +01:00
Neil Armstrong 6b03a3de5c Use mbedtls_rsa_info directly in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:31:07 +01:00
Neil Armstrong 8e80504b46 Simplify padding check and get rid of psa_sig_md in rsa_decrypt_wrap() 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-16 15:30:31 +01:00
Gabor Mezei 103e08aab9
Fix return value handling 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 13:45:41 +01:00
Przemek Stekiel 561a42392a ssl_parse_signature_algorithm(): refactor PSA CRYPTO code 
- use mbedtls_ecp_point_write_binary() instead mbedtls_mpi_write_binary().
- add check for ECDH curve type in server's certificate

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 13:16:24 +01:00
Gabor Mezei 5b8b890a61
Check PSA functions' return value before converting 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 12:56:58 +01:00
Gabor Mezei 36c9f51ef2
Use size_t instead of int to silence compiler warnings 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 12:55:32 +01:00
Gabor Mezei 4f4bac7e22
Remove blank lines 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-16 12:54:27 +01:00
Przemek Stekiel dd482bfd6a Modify own_pubkey_max_len calculation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:43:22 +01:00
Przemek Stekiel a4e15cc0d5 Fix comment: add fields size 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:32:42 +01:00
Przemek Stekiel 855938e17d Move mbedtls_ecdh_setup() to no-psa path 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:29:29 +01:00
Przemek Stekiel 338b61d6e4 Fix code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 11:24:09 +01:00
Przemek Stekiel d905d33488 ssl_write_client_key_exchange(): enable psa support for ECDH-ECDSA and ECDH-RSA key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 09:50:56 +01:00
Przemek Stekiel ea4000f897 ssl_parse_signature_algorithm(): populate psa handshake fields when psa crypto is enabled 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-16 09:49:33 +01:00
Dave Rodgman 2cecd8aaad
Merge pull request #3624 from daxtens/timeless 
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
 2022-03-15 16:43:19 +00:00
Przemek Stekiel ce1d792315 Remove duplicated code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 16:16:25 +01:00
Neil Armstrong 169e61add6 Zeroise stack buffer containing private key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-14 14:26:49 +01:00
Neil Armstrong 3aca61fdfc Zeroise stack buffer containing private key 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-03-14 14:24:48 +01:00
Dave Rodgman 868d38f50f
Merge pull request #5547 from tom-cosgrove-arm/seclib-667-sha256-acceleration-mbedtls-internal 
SECLIB-667: Accelerate SHA-256 with A64 crypto extensions
 2022-03-14 12:57:37 +00:00
Przemek Stekiel fc91a1f030 Use PSA for private key generation and public key export only for ECDHE keys 
This should be cleaned when server-side static ECDH (1.2) support is added (#5320).

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 12:05:27 +01:00
Przemek Stekiel a21af3da00 Use mbedtls_psa_parse_tls_ecc_group() instead PSA_KEY_TYPE_ECC_KEY_PAIR( mbedtls_ecc_group_to_psa() ) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 10:09:13 +01:00
Przemek Stekiel 0a60c129de Add intermediate variables to increase code readability 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 09:54:51 +01:00
Przemek Stekiel e9f00445bc Destroy ecdh_psa_privkey on failure 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 09:42:32 +01:00
Przemek Stekiel 130c4b5567 Use PSA version of key agreement only for ECDHE keys 
This should be cleaned when server-side static ECDH (1.2) support is added (#5320).

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-14 09:18:24 +01:00
Manuel Pégourié-Gonnard c11bffe989
Merge pull request #5139 from mprse/key_der_ecc 
PSA: implement key derivation for ECC keys
 2022-03-14 09:17:13 +01:00
Przemek Stekiel b38f797a24 Add change log entry for psa ECC key derivation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-11 14:12:34 +01:00
Gilles Peskine 81d903f5aa
Merge pull request #5510 from SiliconLabs/feature/PSEC-3269-MD-X.509-hashing 
feat: MD: X.509 hashing
 2022-03-10 20:16:43 +01:00
Gilles Peskine afb482897b
Merge pull request #5292 from mprse/asym_encrypt 
Driver dispatch for PSA asymmetric encryption + RSA tests
 2022-03-10 20:07:38 +01:00
Gabor Mezei 49c8eb3a5a
Enable chachcapoly cipher for SSL tickets 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 17:09:59 +01:00
Gabor Mezei 2fa1c311cd
Remove test dependency 
The SSL ticket rotation test case is enabled when PSA is used.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 17:09:59 +01:00
Gabor Mezei 2a02051286
Use PSA in TLS ticket handling 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 17:09:59 +01:00
Gabor Mezei e6d867f476
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-03-10 15:04:58 +01:00
Ronald Cron a8b38879e1 Move state change from CLIENT_CERTIFICATE_VERIFY to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-10 13:58:17 +01:00
Ronald Cron 7a94aca81a Move state change from CLIENT_CERTIFICATE to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-10 13:58:04 +01:00
Manuel Pégourié-Gonnard 10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data 
server certificate selection callback
 2022-03-10 11:51:42 +01:00
Glenn Strauss 9bff95f051 Adjust comment describing mbedtls_ssl_set_hs_own_cert() 
mbedtls_ssl_set_hs_own_cert() is callable from the certificate selection
callback.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-03-10 04:45:27 -05:00
Dave Rodgman 73e91e13a6
Merge pull request #2229 from RonEld/fix_test_md_api_violation 
Fix test md api violation
 2022-03-10 09:21:47 +00:00
Przemek Stekiel fd32e9609b ssl_parse_client_key_exchange(): read the curve identifier and the peer's public key and compute the shared secret using PSA 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-09 16:01:59 +01:00
Przemek Stekiel b6ce0b6cd8 ssl_prepare_server_key_exchange(): generate a private/public key and write out the curve identifier and public key using PSA 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-09 16:01:50 +01:00
Ronald Cron 5bb8fc830a Call Certificate writing generic handler only if necessary 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron 3f20b77517 Improve comment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron 00d012f2be Fix type of force_flush parameter 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron 9f55f6316e Move state change from CSS states to their main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron 3addfa4964 Move state change from WRITE_CLIENT_HELLO to its main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron 66dbf9118e TLS 1.3: Do not send handshake data in handshake step handlers 
Send data (call to mbedtls_ssl_flush_output()) only from
the loop over the handshake steps. That way, we do not
have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE
error code) on the network in handshake step handlers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron 9df7c80c78 TLS 1.3: Always go through the CLIENT_CERTIFICATE state 
Even if certificate authentication is disabled at build
time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state.
It simplifies overall the code for a small code size
cost when certificate authentication is disabled at build
time. Furthermore that way we have only one point in the
code where we switch to the handshake keys for record
encryption.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:50:08 +01:00
Paul Elliott 17f452aec4
Merge pull request #5448 from lhuang04/tls13_alpn 
Port ALPN support for tls13 client from tls13-prototype
 2022-03-08 17:53:38 +00:00
Manuel Pégourié-Gonnard d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c 
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
 2022-03-08 11:43:45 +01:00
Przemek Stekiel c85f0912c4 psa_crypto.c, test_suite_psa_crypto.function: fix style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-08 11:37:54 +01:00