yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
24060 commits 89 branches 205 tags 114 MiB
Commit graph

3509 commits

Author SHA1 Message Date
Dave Rodgman 0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing 
Add parsing for Record Size Limit extension in TLS 1.3
 2023-03-17 10:18:34 +00:00
Paul Elliott 9f02a4177b
Merge pull request #7009 from mprse/csr_write_san 
Added ability to include the SubjectAltName extension to a CSR - v.2
 2023-03-17 10:07:27 +00:00
Manuel Pégourié-Gonnard 9d698df4f4 Further clarify a comment 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard a9ab4a2d60 Clarify a comment 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-16 09:48:20 +01:00
Manuel Pégourié-Gonnard 39a376a417 Finish removing HMAC from MD-light 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard 9b14639342 Dispatch according to init status. 
We shouldn't dispatch to PSA when drivers have not been initialized yet.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-16 09:46:51 +01:00
Manuel Pégourié-Gonnard d8ea37f1a3 Add engine field to context structure 
For multi-part operations, we want to make the decision to use PSA or
not only once, during setup(), and remember it afterwards. This supports
the introduction, in the next few commits, of a dynamic component to
that decision: has the PSA driver sub-system been initialized yet?

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-16 09:46:50 +01:00
Gilles Peskine 83d9e09b15 Switch metadata functions to the PSA-aware availability symbols 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-16 09:46:50 +01:00
Gilles Peskine 416d0e2b01 Introduce preprocessor symbols for MD algorithm support via PSA 
These new symbols will allow code to call the md module and benefit from PSA
accelerator drivers. Code must use MBEDTLS_MD_CAN_xxx instead of
MBEDTLS_xxx_C to check for support for a particular algorithm.

This commit only defines the symbols. Subsequent commits will implement
those symbols in the md module, and in users of the md module.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-16 09:46:50 +01:00
Gilles Peskine 2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api 
ssl_cache: Add cache entry removal api
 2023-03-15 15:38:06 +01:00
Jan Bruckner a0589e75a0 Changes from review 
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-03-15 11:04:45 +01:00
Dave Rodgman b599562033
Merge pull request #7240 from tom-cosgrove-arm/fix-issue-7234 
Don't insist on MBEDTLS_HAVE_ASM for MBEDTLS_AESCE_C on non-Arm64 systems
 2023-03-15 09:04:44 +00:00
Pengyu Lv 0b9c012f21 ssl_cache: return the error code for mutex failure 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-15 14:37:32 +08:00
Dave Rodgman 023c8853ac
Merge pull request #7203 from yuhaoth/pr/add-cpu-modifier-for-aesce 
Add CPU modifier for AESCE
 2023-03-14 15:58:57 +00:00
Jan Bruckner 151f64283f Add parsing for Record Size Limit extension in TLS 1.3 
Fixes #7007

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-03-14 08:41:25 +01:00
Dave Rodgman cdaaef52f4
Update include/mbedtls/pkcs7.h 
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-14 07:13:50 +00:00
Dave Rodgman bcc92d4f03
Update include/mbedtls/pkcs7.h 
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-14 07:13:44 +00:00
Jerry Yu fbf9523449 Revert "Add experimental warning" 
This reverts commit be510fe470.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-14 10:33:32 +08:00
Dave Rodgman efbc5f7322 Update wording in comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-13 12:15:49 +00:00
Jerry Yu be510fe470 Add experimental warning 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-13 11:26:35 +08:00
Jerry Yu be78386681 Remove documents about command line options. 
After this PR, the issue has been fixed.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-03-13 10:58:41 +08:00
Dave Rodgman 25b2dfa6da Fix comment typo 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 08:50:58 +00:00
Dave Rodgman 957cc36be9 Improve wording; use PKCS #7 not PKCS7 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 08:50:58 +00:00
Dave Rodgman 3fe2abf306 Apply suggestions from code review 
Co-authored-by: Tom Cosgrove <tom.cosgrove@arm.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 08:50:58 +00:00
Dave Rodgman 7c33b0cac6 Remove pre-production warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-12 08:50:58 +00:00
Manuel Pégourié-Gonnard 439dbc5c60 Fix dependency for TLS 1.3 as well 
Turns out TLS 1.3 is using the PK layer for signature generation &
verification, and the PK layer is influenced by USE_PSA_CRYPTO.

Also update docs/use-psa-crypto.md accordingly.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-10 12:37:15 +01:00
Manuel Pégourié-Gonnard 45bcb6aac8 Fix dependencies of 1.2 ECDSA key exchanges 
Having ECDSA in PSA doesn't help if we're not using PSA from TLS 1.2...

Also, move the definition of PSA_HAVE_FULL_ECDSA outside the
MBEDTLS_PSA_CRYPTO_CONFIG guards so that it is available in all cases.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-10 12:37:15 +01:00
Gilles Peskine 4da92832b0
Merge pull request #7117 from valeriosetti/issue6862 
driver-only ECDSA: enable ECDSA-based TLS 1.2 key exchanges
 2023-03-09 20:49:44 +01:00
Dave Rodgman bf4016e5d5
Merge pull request #6567 from mprse/ecjpake-driver-dispatch 2023-03-09 19:23:05 +00:00
Tom Cosgrove 94e841290d Don't check prerequisites for MBEDTLS_AESCE_C if we won't use it 
Fixes #7234

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-09 17:17:42 +00:00
Przemek Stekiel b8eaf635ba Remove MBEDTLS_SHA256_C from PSA_WANT_ALG_JPAKE config and adapt test dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-09 12:14:26 +01:00
Dave Rodgman 5e5aa4a4e6
Merge pull request #7218 from tom-cosgrove-arm/fix-typos-230307 
Fix typos in development prior to release
 2023-03-08 17:19:59 +00:00
Valerio Setti 1470ce3eba fix typos 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:50:12 +01:00
Valerio Setti 30c4618970 Add new PSA_HAS_FULL_ECDSA macro for easily signal that PSA has full ECDSA support 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-08 16:47:28 +01:00
Gilles Peskine ed7b5978cd
Merge pull request #6172 from gilles-peskine-arm/doc-tls13-psa_crypto_init 
Document the need to call psa_crypto_init for TLS 1.3
 2023-03-07 20:13:53 +01:00
Gilles Peskine a2fc399f57
Merge pull request #6829 from AndrzejKurek/unify-psa-errors 
Unify PSA to Mbed TLS error translation
 2023-03-07 19:55:44 +01:00
Tom Cosgrove 5c8505f061 Fix typos 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-03-07 11:39:52 +00:00
Przemek Stekiel 4aa99403f4 Fix configuration for accelerated jpake 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-07 10:50:09 +01:00
Pengyu Lv 7b6299b49b ssl_cache: Add an interface to remove cache entry by session id 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-07 15:00:22 +08:00
Dave Rodgman 45cef61fa4
Merge branch 'development' into md-light 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-03-03 14:28:13 +00:00
Dave Rodgman 1f39a62ce6
Merge pull request #7151 from gilles-peskine-arm/psa-headers-alt 
Allow alternative names for overridable PSA headers
 2023-03-03 12:37:51 +00:00
Przemek Stekiel 57207711d8 Add MBEDTLS_ASN1_CHK_CLEANUP_ADD macro to be able to release memory on failure 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-03 12:58:29 +01:00
Przemek Stekiel 5a49d3cce3 Replace mbedtls_x509_san_node with mbedtls_x509_subject_alternative_name 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-03-03 12:58:11 +01:00
Andrzej Kurek 270b3f9790 Rename error_pair_t to mbedtls_error_pair_t 
Required by our coding standards.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-03 05:54:13 -05:00
Andrzej Kurek daf5b56b02 Translate to MD errors in ssl-tls.c 
With the introduction of #7047, ssl_tls.c uses 
mbedtls_md_error_from_psa. This complicates
the dependencies for compiling in psa_to_md_errors,
since now these should be ifdeffed also by
MBEDTLS_USE_PSA_CRYPTO followed by a series of or'ed
MBEDTLS_HAS_ALG_SHA_XXX_VIA_MD_OR_PSA_BASED_ON_USE_PSA.
Since this mechanism will be removed soon, we can simplify it to
just MBEDTLS_USE_PSA_CRYPTO.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-03 05:52:28 -05:00
Andrzej Kurek 747ab4ea5e Introduce error_pair_t to psa utils 
This way error handling can be written in a cleaner way.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-03 05:23:45 -05:00
Andrzej Kurek 138b30ac62 Add missing const qualifiers 
Also improve documentation
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-03 05:23:45 -05:00
Andrzej Kurek 8a045ce5e6 Unify PSA to Mbed TLS error translation 
Move all error translation utilities to psa_util.c.
Introduce macros and functions to avoid having
a local copy of the error translating function in
each place.
Identify overlapping errors and introduce a
generic function.
Provide a single macro for all error translations
(unless one file needs a couple of different ones).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-03-03 05:23:44 -05:00
Dave Rodgman 05b80a4eee
Merge pull request #6201 from gilles-peskine-arm/tls13_only-renegotiation 
Disable MBEDTLS_SSL_RENEGOTIATION in TLS-1.3-only builds
 2023-03-03 09:56:51 +00:00
Gilles Peskine 6def41b146
Merge pull request #6932 from yuhaoth/pr/fix-arm64-host-build-and-illegal_instrucion-fail 
Replace CPU modifier check with file scope target cpu modifiers
 2023-03-02 15:36:41 +01:00