c37ad4432b
misc type fixes in ssl
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-21 17:09:46 +00:00
a3d0f61aec
Use MBEDTLS_GET_UINTxx_BE macro
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-21 17:09:46 +00:00
e4a6f5a7ec
Use size_t cast for pointer subtractions
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-21 17:09:46 +00:00
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-02 19:47:20 +00:00
f6f4695824
Merge pull request #8320 from valeriosetti/issue8263
...
Fix dependencies of mbedtls_pk_ec_ro and mbedtls_pk_ec_rw
2023-10-18 10:03:46 +00:00
74cb404b0d
ssl: improve ssl_check_key_curve()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-16 13:40:50 +02:00
4d0e84628c
ssl: reorganize guards surrounding ssl_get_ecdh_params_from_cert()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-11 13:15:29 +02:00
e7cefae5f4
ssl: fix getting group id in ssl_check_key_curve()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-10-06 13:19:48 +02:00
3713bee34c
Remove leftover local debug line
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-02 18:43:18 +02:00
530c423ad2
Improve some debug messages and error codes
...
On a parsing error in TLS, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE, not a
crypto error code.
On error paths, emit a level-1 debug message. Report the offending sizes.
Downgrade an informational message's level to 3.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-02 15:42:11 +02:00
c8df898204
Fix buffer overflow in TLS 1.2 ClientKeyExchange parsing
...
Fix a buffer overflow in TLS 1.2 ClientKeyExchange parsing. When
MBEDTLS_USE_PSA_CRYPTO is enabled, the length of the public key in an ECDH
or ECDHE key exchange was not validated. This could result in an overflow of
handshake->xxdh_psa_peerkey, overwriting further data in the handshake
structure or further on the heap.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-02 15:02:33 +02:00
eda1b1f744
Merge pull request #7921 from valeriosetti/issue7613
...
TLS: Clean up ECDSA dependencies
2023-09-20 12:47:55 +00:00
b7825ceb3e
Rename uint->bool operators to reflect input types
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-08-10 11:58:18 +01:00
c98f8d996a
Merge branch 'development' into safer-ct5
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-08-07 11:47:35 +01:00
e9646ecd08
tls: fix guards for ECDSA support
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-08-03 09:15:28 +02:00
45d56f3d25
tls: replace ECDSA_C and PK_CAN_ECDSA_SOME with key exchange related ones
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-08-01 19:02:38 +02:00
de8f56e936
Merge pull request #7884 from valeriosetti/issue7612
...
TLS: Clean up (EC)DH dependencies
2023-08-01 07:13:36 +00:00
bb07377458
Merge pull request #7935 from AgathiyanB/add-enum-casts
...
Add type casts for integer and enum types
2023-07-26 11:27:27 +02:00
ea59c43499
tls: fix a comment a rename a variable/symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-25 11:14:03 +02:00
60d3b91eba
tls: use TLS 1.2 macros in ssl_tls12_server.c
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-25 10:43:53 +02:00
8b52b88b6d
Add type casts in ssl library
...
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com >
2023-07-17 15:14:42 +01:00
c2232eadfb
tls: replace PK_CAN_ECDH guards with new helpers
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-07 17:23:53 +02:00
7aeec54094
tls: replace ECDH_C guards with new helpers
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-07 17:23:53 +02:00
46b2d2b643
Fix code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-07-07 09:34:17 +02:00
615cbcdbdf
Provide additional comments for claryfication
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-07-06 12:16:39 +02:00
7ac93bea8c
Adapt names: dh -> xxdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-07-05 09:26:26 +02:00
6f199859b6
Adapt handshake fields to ffdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-07-05 09:25:00 +02:00
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2
...
Make use of FFDH keys in TLS 1.3 v.2
2023-07-03 10:12:33 +02:00
9fbb0cf08e
Merge remote-tracking branch 'origin/development' into safer-ct5
2023-06-28 18:52:02 +01:00
7dda271c1d
Fix description of functions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-28 09:16:08 +02:00
db041cc82f
Merge pull request #7665 from AndrzejKurek/optimize-error-translation-code-size
...
Optimize error translation code size
2023-06-28 08:09:00 +01:00
6835b4a6ed
tls: always zeroize buffer on exit
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-06-22 09:06:31 +02:00
3589a4c644
tls: keep buffer declaration in a single line
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-06-22 09:02:44 +02:00
b46217d5c1
tls: never destroy a priavte key that is not owned/created by TLS module
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-06-16 13:18:52 +02:00
0813b6f28d
tls: optimize code in ssl_get_ecdh_params_from_cert()
...
When MBEDTLS_PK_USE_PSA_EC_DATA is defined, opaque and non-opaque keys
are basically stored in the same way (only a diffferent ownership for
the key itself), so they should be treated similarly in the code.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-06-16 12:18:53 +02:00
1e4a030b00
Fix wrong array size calculation in error translation code
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-06-13 05:46:47 -04:00
1c7a99856f
Add missing ifdefs
...
Make sure that the error translating functions
are only defined when they're used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-06-13 05:46:47 -04:00
0064484a70
Optimize error translation code size
...
Introducing an intermediate function
saves code size that's otherwise taken by excessive,
repeated arguments in each place that
was translating errors.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-06-13 05:46:46 -04:00
c216d94560
Merge remote-tracking branch 'origin/development' into safer-ct5
2023-06-13 10:36:37 +01:00
75a5a9c205
Code cleanup
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-13 09:57:23 +02:00
da4fba64b8
Further code optimizations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:09 +02:00
24e50d3dbd
Compile out length check to silent the compiler warning
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:08 +02:00
6076f4124a
Remove hash_info.[ch]
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
8857984b2f
Replace hash_info macro with MD macro
...
Now the MD macro also accounts for PSA-only hashes.
Just a search-and-replace, plus manually removing the definition in
hash_info.h.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
7b1136836c
Merge pull request #7438 from valeriosetti/issue7074
...
Avoid parse/unparse private ECC keys in PK with USE_PSA when !ECP_C
2023-06-01 10:06:45 +02:00
293eedd3ad
Use new CT interface in ssl_tls12_server.c
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-05-26 12:42:48 +01:00
d0405093d9
tls: use pk_get_group_id() instead of directly accessing PK's structure
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-24 16:02:32 +02:00
f9f0ba8211
Use functions in alignment.h to get value
...
Refactor code using get functions from alignment.h to
read values.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2023-05-24 06:24:16 +01:00
972077820b
tls/x509: minor enhancement for using the new private key format
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-23 15:12:07 +02:00
3f00b84dd1
pk: fix build issues
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-05-15 12:57:06 +02:00
