lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity
31,805 Commits 174 Branches 272 Tags
features/tls-defragmentation/3.6
Commit Graph

13507 Commits

Author SHA1 Message Date
Ronald Cron
2e7dfd5181 tls13: Remove unnecessary cast from size_t to uint32_t 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-05 13:48:11 +01:00
Gilles Peskine
d06244b813 Merge pull request #8821 from davidhorstmann-arm/fix-config-bitflag 
Update `SSL_SERIALIZED_SESSION_CONFIG_BITFLAG` with new flags
 2024-03-05 09:59:42 +00:00
Gilles Peskine
8462146d01 Merge pull request #8867 from gilles-peskine-arm/psa_key_attributes-remove_core 
Merge psa_core_key_attributes_t back into psa_key_attributes_t
 2024-03-05 09:59:24 +00:00
Dave Rodgman
a38fad9dad Adjust defaults 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-04 18:27:32 +00:00
Gabor Mezei
1b5b58d4d9 Fix merge 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-03-04 17:15:08 +01:00
Gilles Peskine
48230e84cb In library, with make, only require the framework for generated files 
This way, `make lib` will work in the absence of the framework, as long as
generated files are present.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 17:12:59 +01:00
Gilles Peskine
f9bbe0de4c Show guidance if the framework is not found 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 17:12:59 +01:00
Gilles Peskine
1c13aa78c2 Framework submodule: fix the libtestdriver1 build 
`make -C tests libtestdriver1` copies `library/Makefile` to
`tests/libtestdriver1/library/Makefile`, where `../framework` does not point
to the framework submodule.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-04 17:12:59 +01:00
Gábor Mezei
716cf2d4e0 Merge branch 'development-restricted' into buffer_protection_for_cipher 
Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>
 2024-03-04 15:38:05 +00:00
Gilles Peskine
fad79fcdd9 Merge remote-tracking branch 'development' into ecp-write-ext-3.6 
Conflicts:
* library/pk.c: mbedtls_pk_wrap_as_opaque() changed in the feature branch
  and was removed in the target branch.
 2024-03-04 08:52:08 +01:00
Minos Galanakis
2abbac74dc x509: Added mbedtls_x509_crt_get_ca_istrue() API accessor. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 02:22:01 +00:00
Manuel Pégourié-Gonnard
e33b349c90 Merge pull request #8864 from valeriosetti/issue8848 
Deprecate or remove mbedtls_pk_wrap_as_opaque
 2024-03-01 15:54:32 +00:00
Dave Rodgman
8a4df2293a Adjust default unroll settings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-01 15:12:59 +00:00
Ronald Cron
5dbfcceb81 tls13: cli: Fix error code not checked 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 15:15:30 +01:00
Ronald Cron
de9b03dcba tls13: Rename early_data_count to total_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 15:14:17 +01:00
Ronald Cron
62f971aa60 tls13: cli: Enforce maximum size of early data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 15:10:22 +01:00
Ronald Cron
a4f0a71a01 ssl: Add early_data_count field 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 15:10:22 +01:00
David Horstmann
71fa1a94e7 Fix code style 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 12:32:18 +00:00
David Horstmann
76ba26a542 Fixup: add peer_cert_digest_type to comment 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 12:03:35 +00:00
David Horstmann
f686f1dc17 Fix naming inconsistencies in config bits 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 11:20:32 +00:00
Ronald Cron
19bfe0a631 tls13: Rename early_data_count to total_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
70eab45ba6 tls13: generic: Fix log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
01d273d31f Enforce maximum size of early data in case of HRR 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
919e596c05 Enforce maximum size of early data when rejected 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
8571804382 tls13: srv: Enforce maximum size of early data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:09 +01:00
Ronald Cron
c286519747 tls13: srv: Do not forget to include max_early_data_size in the ticket 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:03:51 +01:00
Ronald Cron
26a9811027 ssl: Add early_data_count field 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:03:51 +01:00
David Horstmann
531aca2810 Fix missing fields in ssl session struct comment 
The endpoint and version were factorized out into the main session.
Update the session struct comment to reflect these new fields, as was
previously missed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 18:14:28 +00:00
David Horstmann
cb01b361e1 Move session descriptions into a single comment 
Describe the TLS 1.2, TLS 1.3 and full session structs in the same
place for ease of reference.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 18:10:13 +00:00
David Horstmann
80a9668762 Add config guards to session struct comments 
This shows which fields of the session are dependent on which config
options.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 18:00:32 +00:00
David Horstmann
e59f970f28 Move session functions to same part of file 
Ensure that session save and load functions are not scattered
throughout ssl_tls.c but are in the same part of the file.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 17:50:44 +00:00
David Horstmann
92b258bb50 Update ssl session serialization config bitflag 
Add config bits for server name indication, early data and record size
limit, which all cause the serialized session to be structured
differently.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 17:41:31 +00:00
David Horstmann
5c5a32f52a Add session config bit for KEEP_PEER_CERTIFICATE 
This config option decides whether the session stores the entire
certificate or just a digest of it, but was missing from the
serialization config bitflag.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 17:41:31 +00:00
Gilles Peskine
469f7811fa Require framework directory to exist when building 
The framework directory will be provided by a submodule.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-29 18:19:56 +01:00
Valerio Setti
1a58e9a232 psa_util: change guard for mbedtls_psa_get_random() to CRYPTO_CLIENT 
This commit also:
- updates changelog
- add a stub function to be used in component_test_psa_crypto_client()
  test

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-29 16:14:29 +01:00
Ronald Cron
9b4e964c2c Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data 
TLS 1.3: Add mbedtls_ssl_write_early_data() API
 2024-02-29 14:31:55 +00:00
David Horstmann
c5688a2629 Merge branch 'development-restricted' into generate-random-buffer-protection 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 14:25:56 +00:00
Signed-off-by: Steven WdV
bcfed50917 Fix compilation on macOS without apple-clang 
Signed-off-by: Steven WdV <swdv@cs.ru.nl>
 2024-02-29 15:19:06 +01:00
Minos Galanakis
d753738fc0 echd: Added mbedtls_ecdh_get_grp_id getter. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-02-29 13:31:34 +00:00
Gabor Mezei
0b04116cc8 Do not copy the content to the local output buffer with allocation 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-29 10:08:16 +00:00
tom-daubney-arm
840dfe8b41 Merge branch 'development-restricted' into asymmetric_encrypt_buffer_protection 
Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>
 2024-02-28 15:42:38 +00:00
Gabor Mezei
358eb218ab Fix buffer protection handling for cipher_generate_iv 
Use the `LOCAL_OUTPUT_` macros for buffer protection instead of the existing
local variable.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-28 15:17:19 +00:00
Gabor Mezei
7abf8ee51b Add buffer protection for cipher_generate_iv and cipher_set_iv 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-28 15:17:18 +00:00
Gabor Mezei
8b8e485961 Move local buffer allocation just before usage 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-28 15:17:18 +00:00
Gabor Mezei
4892d75e9b Add LOCAL_OUTPUT_ALLOC_WITH_COPY macro if buffer protection is disabled 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-28 15:17:17 +00:00
Gabor Mezei
c25fbd2cc1 Fix ASAN error for psa_cipher_update 
The ASAN gives an error for `psa_cipher_update` when the `input_length`
is 0 and the `input` buffer is `NULL`. The root cause of this issue is
`mbedtls_cipher_update` always need a valid pointer for the
input buffer even if the length is 0.
This fix avoids the `mbedtls_cipher_update` to be called if the
input buffer length is 0.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-28 15:17:17 +00:00
Gabor Mezei
212eb08884 Add buffer protection for cipher functions 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-02-28 15:15:49 +00:00
David Horstmann
e097bbdcf3 Add missing guards around exit label 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-28 14:17:10 +00:00
Gilles Peskine
84a7bfbd33 mbedtls_ecp_write_key_ext(): Upgrade import_pair_into_psa as well 
It wasn't done with the others because that code was added in a concurrent
branch.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-28 14:21:32 +01:00
Gilles Peskine
b395e74edd mbedtls_ecp_write_key_ext(): make key const 
Having a non-const `key` parameter was anotherf defect of
mbedtls_ecp_write_key(). Take this opportunity to fix it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-02-28 14:18:28 +01:00