lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-19 01:04:04 +03:00
Code
33,152 Commits 172 Branches 267 Tags
Commit Graph

705 Commits

Author SHA1 Message Date
Max Fillinger
22728dc5e3 Use mbedtls_calloc, not regular calloc 
Also fix the allocation size.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
144cccecb7 Fix memory leak in example programs 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 17:08:12 +01:00
Max Fillinger
2fe35f61bf Create MBEDTLS_SSL_KEYING_MATERIAL_EXPORT option 
Add the option MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to mbedtls_config.h
to control if the function mbedtls_ssl_export_keying_material() should
be available. By default, the option is disabled.

This is because the exporter for TLS 1.2 requires client_random and
server_random need to be stored after the handshake is complete.

Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-03-28 16:53:58 +01:00
Max Fillinger
281fb79116 Remove TLS 1.2 Exporter if we don't have randbytes 
The TLS-Exporter in TLS 1.2 requires client_random and server_random.
Unless MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined, these aren't stored
after the handshake is completed.

Therefore, mbedtls_ssl_export_keying_material() exists only if either
MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined or MBEDTLS_SSL_PROTO_TLS1_2
is *not* defined.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 16:53:58 +01:00
Max Fillinger
dbe864569e Fix typos in comments 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 16:53:58 +01:00
Max Fillinger
7b72220d42 Fix coding style 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-03-28 16:53:58 +01:00
Max Fillinger
32ba7f4a17 Add TLS-Exporter options to ssl_server2 
The program prints out the derived symmetric key for testing purposes.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 16:53:57 +01:00
Ben Taylor
47111a1cb1 initial remove of mbedtls_ssl_conf_rng 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-26 13:32:10 +00:00
Ben Taylor
440cb2aac2 Remove RNG from x509 and PK 
remove the f_rng and p_rng parameter from x509 and PK.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-26 08:17:38 +00:00
Gabor Mezei
e99e591179
Remove key exchange based on encryption/decryption 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:07 +01:00
Ben Taylor
0cfe54e4e0 remove RNG parameters from SSL API's 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-10 13:24:31 +00:00
Valerio Setti
73cd415c0b programs: remove DHM_C from ssl_client2 and ssl_server2 
MBEDTLS_DHM_C is being removed so all its occurencies should be removed
as well.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:22 +01:00
Ben Taylor
837130cf65 Improve Changelog and correct alg selection 
Improve the description of the API changes in the changelog and
fix some incorrect alg selection variables in ssl_server2.c.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-02-04 07:50:19 +00:00
Ben Taylor
0c29cf87b1 Move ssl_ticket to the PSA API 
Convert the mbedtl_ssl_ticket_setup function to use the TF_PSA_Crypto
API.

Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-01-30 08:22:40 +00:00
Elena Uziunaite
8d8620bf18 Address review comments: add PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-09 11:18:10 +01:00
Elena Uziunaite
a6950b8ce7 Replace MBEDTLS_PK_CAN_ECDSA_SOME with PSA_HAVE_ALG_SOME_ECDSA 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-09 11:17:36 +01:00
Gilles Peskine
99b57bd35a
Merge pull request #1272 from eleuzi01/forward-1263 
Fix 1.3 cli-auth optional reporting of (ext)KeyUsage issues
 2024-08-28 19:38:36 +02:00
Manuel Pégourié-Gonnard
92a391e0fe Always print detailed cert errors in test programs 
Previously the client was only printing them on handshake success, and
the server was printing them on success and some but not all failures.

This makes ssl-opt.sh more consistent as we can always check for the
presence of the expected message in the output, regardless of whether
the failure is hard or soft.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-16 17:24:05 +01:00
Gilles Peskine
0858fdca38
Merge pull request #9189 from misch7/fix-v3.6-issues-9186-and-9188 
Fix build of v3.6 (issues #9186 and #9188)
 2024-08-12 09:34:17 +00:00
Michael Schuster
f672b694fa Use correct conditionals in programs/ssl (fix unused-function errors) 
Signed-off-by: Michael Schuster <michael@schuster.ms>
 2024-08-09 10:29:59 +01:00
Michael Schuster
0420093795 Adjust spacing in sample programs 
Signed-off-by: Michael Schuster <michael@schuster.ms>
 2024-08-09 10:29:58 +01:00
Michael Schuster
8db8d6182f Fix missing-prototype errors in sample programs 
Signed-off-by: Michael Schuster <michael@schuster.ms>
 2024-08-09 10:29:58 +01:00
Elena Uziunaite
8dde3b3dec Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-05 15:41:58 +01:00
Elena Uziunaite
b476d4bf21 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-03 10:20:41 +01:00
Ronald Cron
74191a56e8 ssl_server2: Split early data enablement from max_early_data_size setting 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:00:42 +01:00
Valerio Setti
7541ebea52 programs: remove usage of mbedtls_pk_wrap_as_opaque() from tests 
This is replaced with: mbedtls_pk_get_psa_attributes() +
mbedtls_pk_import_into_psa() + mbedtls_pk_setup_opaque().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-27 10:44:33 +01:00
Manuel Pégourié-Gonnard
0ecb5fd6f5
Merge pull request #8574 from ronald-cron-arm/ssl-tickets 
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
 2024-02-21 09:38:46 +00:00
Jerry Yu
192e0f9b1d ssl_server2: Add read early data support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 16:40:47 +01:00
Ronald Cron
d1c106c787 Define ticket creation time in TLS 1.2 case as well 
The purpose of this change is to eventually base
the calculation in ssl_ticket.c of the ticket age
when parsing a ticket on the ticket creation time
both in TLS 1.2 and TLS 1.3 case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Tom Cosgrove
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit 
Comply with the received Record Size Limit extension
 2024-01-09 15:22:17 +00:00
Jan Bruckner
f482dcc6c7 Comply with the received Record Size Limit extension 
Fixes #7010

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-12-06 15:18:08 +00:00
Jerry Yu
750e06743f remove misbehavior tests and code 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:22:15 +08:00
Jerry Yu
ea96ac3da9 fix various issues 
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:17:37 +08:00
Jerry Yu
3c2b21ed0e Enable multi max_early_data_size value for connections 
For test purpose, we set different value for each
session

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:14:56 +08:00
Jerry Yu
713ce1f889 various improvement 
- improve change log entry
- improve comments
- remove unnecessary statement
- change type of client_age

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:25 +08:00
Jerry Yu
cf9135100e fix various issues 
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
25ba4d40ef rename ticket_creation to ticket_creation_time 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
3ff0b1fda3 Cleanup ticket negative tests. 
- improve comments
- case 3/4 is for server age check.
- case 5/6 is for client age check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
ec6d07870d Replace start with ticket_creation 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
f16efbc78d fix various issues 
- Add comments for ticket test hooks
- improve code style.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
cebffc3446 change time unit of ticket to milliseconds 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Manuel Pégourié-Gonnard
752dd39a69
Merge pull request #8508 from valeriosetti/issue6323 
[G3] Driver-only cipher+aead: TLS: ssl-opt.sh
 2023-11-14 11:39:06 +00:00
Valerio Setti
38e75fb1a7 ssl_server2: remove usage of mbedtls_cipher_info_from_string() 
This removes the dependency from cipher module and legacy key/modes
symbols which are used in cipher_wrap.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-10 08:27:39 +01:00
Yanray Wang
0751761b49 max_early_data_size: rename configuration function 
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-07 11:49:34 +08:00
Yanray Wang
d5ed36ff24 early data: rename configuration function 
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-07 11:49:24 +08:00
Gilles Peskine
8b6b41f6cd
Merge pull request #8434 from valeriosetti/issue8407 
[G2] Make TLS work without Cipher
 2023-11-04 15:05:00 +00:00
Dave Rodgman
16799db69a update headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 19:47:20 +00:00
Valerio Setti
74d48c89fa ssl_server2: small improvement of code readability 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-02 16:43:55 +01:00
Valerio Setti
bdf04e840a ssl_server2: support ticket_aead only when CIPHER_C is defined 
Cipher parsing requires mbedtls_cipher_info_from_string() which
depends on CIPHER_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-30 11:36:32 +01:00
Gilles Peskine
5d055f8206
Merge pull request #7844 from mpg/ssl-progs-usage 
Fix usage & error reporting in SSL programs
 2023-10-26 08:19:25 +00:00