lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity
31,805 Commits 174 Branches 272 Tags
features/tls-defragmentation/3.6
Commit Graph

13507 Commits

Author SHA1 Message Date
Paul Elliott
304766ffa8 Add early exit if zero length AEAD AD passed in. 
With multipart AEAD, if we attempt to add zero length additional data,
then with the buffer sharing fixes this can now lead to undefined
behaviour when using gcm. Fix this by returning early, as there is
nothing to do if the input length is zero.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-04-26 19:20:45 +01:00
Valerio Setti
4a350cac4f pk: fix unused variable in copy_from_psa() 
key_bits is unused when neither MBEDTLS_RSA_C or MBEDTLS_PK_HAVE_ECC_KEYS
are defined.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-17 05:28:36 +02:00
Gilles Peskine
974006b00d Merge pull request #9000 from tom-cosgrove-arm/fix-compilation-when-memcpy-is-function-like-macro-3.6 
Backport 3.6: Fix compilation when memcpy() is a function-like macro
 2024-04-09 11:34:51 +00:00
Ronald Cron
8d63084bd1 tls13: Do not initiate at all resumption if tickets not supported 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
698c8e902e ssl_msg.c: Rename _check_new_session_ticket to _is_new_session_ticket 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
6071f611f6 tls13: cli: Ignore tickets if not supported 
If a TLS 1.3 client receives a ticket and
the feature is not enabled, ignore it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Norbert Fabritius
93b2c32ece Constify parameter of ssl_tls13_session_load 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-04-05 14:16:31 +02:00
Norbert Fabritius
ba1de9fa4e Enable ssl_tls13_get_ciphersuite_hash_alg only if macro is active 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-04-05 14:16:31 +02:00
Norbert Fabritius
b6ff6101d9 Unconditionally define session variable 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-04-05 14:16:31 +02:00
Ronald Cron
5e297b984d tls13: srv: Fix guards of _is_psk_(ephemeral_)available 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:31 +02:00
Norbert Fabritius
da0d169fae Guard ticket specific TLS 1.3 function with macro 
Guard ssl_tls13_write_new_session_ticket_coordinate with
MBEDTLS_SSL_SESSION_TICKETS macro.

Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-04-05 14:16:31 +02:00
Bence Szépkúti
ec17c1c1ab Merge pull request #9005 from valeriosetti/issue8712-backport 
[Backport 3.6] Clarify the documentation of mbedtls_pk_setup_opaque
 2024-04-04 13:41:15 +00:00
Valerio Setti
a53f54350e pk: simplify mbedtls_pk_sign_ext() 
In case of opaque keys skip the check of the supported primary/enrollment
algorithms. Just try to perfom the signature and if the wrapped key
does not support RSA PSS the operation will fail automatically.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-04 09:42:01 +02:00
Troy-Butler
da73abc8d7 Fix NULL handling in mbedtls_ssl_config.free() function 
Signed-off-by: Troy-Butler <squintik@outlook.com>
 2024-04-02 13:37:31 -04:00
Tom Cosgrove
b32d7ae0fe Fix compilation of ssl_tls13_generic.c when memcpy() is a function-like macro 
Fixes #8994

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2024-04-02 14:52:29 +01:00
Paul Elliott
30978ec650 Merge pull request #8874 from stevenwdv/development 
Fix compilation on macOS without apple-clang
 2024-03-29 13:59:36 +00:00
Minos Galanakis
9860056006 Revert "Autogenerated files for 3.6.0" 
This reverts commit e8a6833b28.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-27 17:36:15 +00:00
Troy-Butler
9ac3e23f5d Fix NULL argument handling in mbedtls_xxx_free() functions 
Signed-off-by: Troy-Butler <squintik@outlook.com>
 2024-03-22 14:46:04 -04:00
Minos Galanakis
e8a6833b28 Autogenerated files for 3.6.0 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 16:00:55 +00:00
Minos Galanakis
4492dbd286 Version Bump for 3.6.0 
./scripts/bump_version.sh --version 3.6.0 --so-crypto 16 --so-x509 7  --so-tls 21

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-22 11:46:25 +00:00
Minos Galanakis
d9d6435bc5 Merge branch 'development-restricted' into mbedtls-3.6.0rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-21 15:44:11 +00:00
Valerio Setti
144c27b0f3 pkwrite: add new internal symbol for the max supported public key DER length 
This is also used in pk_psa_sign() to properly size buffers holding
the public key.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 17:10:35 +01:00
Valerio Setti
d45836a1c3 pk_wrap: fix algorithm selection in rsa_opaque_decrypt() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 15:42:55 +01:00
Minos Galanakis
b70f0fd9a9 Merge branch 'development' into 'development-restricted' 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-19 22:24:40 +00:00
Valerio Setti
4f3262de2d pk_wrap: fix algorithm selection in rsa_opaque_sign_wrap() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Ronald Cron
a5c5c58107 tls13: srv: Fix potential stack buffer overread 
Fix potential stack buffer overread when
checking PSK binders.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-19 14:46:21 +01:00
Steven WdV
9f0858db30 Check C/C++ compilers separately for AppleClang ranlib 
Signed-off-by: Steven WdV <swdv@cs.ru.nl>
 2024-03-19 11:39:44 +01:00
Valerio Setti
07500fd874 pk: check PK context type in mbedtls_pk_verify_ext() before trying RSA PSS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-18 16:22:33 +01:00
Paul Elliott
78064ac9e0 Merge pull request #8901 from paul-elliott-arm/make_psa_global_data_safe 
Make PSA global_data thread safe
 2024-03-15 19:50:01 +00:00
Paul Elliott
b24e36d07b Add explanatory comment for init flags 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 16:25:48 +00:00
Paul Elliott
d35dce6e23 Add comments about RNG mutex requirements 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 16:06:20 +00:00
Paul Elliott
0db6a9033a Start subsystem IDs at 1 instead of 0 
Catch potential invalid calls to init.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 16:06:20 +00:00
Paul Elliott
78279962d6 Fix minor style issues 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 13:34:01 +00:00
Waleed Elmelegy
4dfb0e7c90 Add ALPN checking when accepting early data 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-15 12:12:15 +00:00
Waleed Elmelegy
131b2ffd89 Fix bug in ALPN negotiating 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-15 12:12:15 +00:00
Ronald Cron
6bee910dbd Merge pull request #8858 from waleed-elmelegy-arm/add_alpn_to_session 
Add ALPN information in session tickets
 2024-03-15 09:50:24 +00:00
Gilles Peskine
7b333f1e88 Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime 
TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime
 2024-03-14 15:59:25 +00:00
Gilles Peskine
1c5ebf4352 Merge pull request #8697 from BensonLiou/random_bye_on_hrr 
Do not generate new random number while receiving HRR
 2024-03-14 15:59:21 +00:00
David Horstmann
4a48becdba Invert and rename config option 
Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse:
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer
protection is enabled by default without any change to the Mbed TLS
config file.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-14 14:47:48 +00:00
Gilles Peskine
93b305dc8e tls13: Use a flag not a counter for CCS and HRR handling 
Reconcile with 5fbd27055d on another branch

Signed-off-by: Gilles Peskine <gilles.peskine@arm.com>
 2024-03-14 15:05:09 +01:00
Gilles Peskine
91f7e07c63 Merge pull request #1196 from davidhorstmann-arm/buffer-sharing-merge 
Update development-restricted after buffer-sharing work
 2024-03-14 13:28:35 +01:00
Manuel Pégourié-Gonnard
93071cfeec Merge pull request #8920 from valeriosetti/issue8919 
Generalize some PK functions from MBEDTLS_PSA_CRYPTO_C to MBEDTLS_PSA_CRYPTO_CLIENT
 2024-03-14 11:32:23 +00:00
BensonLiou
368debd384 Merge branch 'development' of https://github.com/Mbed-TLS/mbedtls into random_bye_on_hrr 2024-03-14 11:42:25 +08:00
Waleed Elmelegy
b28ab0a45a Fix code style in ssl_tls.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
daa4da781a Increase ALPN length in saved session to 2 bytes 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
5bc5263b2c Add code improvments and refactoring in dealing with ALPN 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
7dfba34475 Fix possible overflow in ALPN length when saving session 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
75e33fa12e Fix code style in ssl_tls.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
fe9ae085e3 Update serialized session description with ALPN information 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
1102563685 Add ALPN bit flag to session header 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00