lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-11 21:41:47 +03:00
Code Activity
32,851 Commits 173 Branches 272 Tags
features/tls-defragmentation/development
Commit Graph

13540 Commits

Author SHA1 Message Date
Jerry Yu
4da7c22cd6 add early data flag check function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:17:44 +08:00
Jerry Yu
ea96ac3da9 fix various issues 
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:17:37 +08:00
Jerry Yu
3db60dfe5e rename nst early data write function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:16:56 +08:00
Jerry Yu
fceddb310e Add early data permission check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:14:54 +08:00
Jerry Yu
01da35e2c8 add early data extension of NST 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:14:52 +08:00
Valerio Setti
bced8bc8d7 ssl_tls12_server: export/import PK parsed key in TLS side 
Instead of setting both algorithm and enrollement algorithm in the
PK module when parsing the key:

- for Weierstrass keys we only set ECDSA algorithm,
- for Montgomery keys we don't set any algorithm.

Reasons:
- PK module can only do ECDSA and not ECDH
- ECDH is only used in TLS
- Montgomery keys cannot be used to do ECDSA, while Weierstrass ones
  can do both ECDSA and ECDH.

So the idea is that once TLS needs the key to do ECDH (either Weierstrass
and Montgomery), it exports the one parsed from the PK module and then
re-imports it setting proper algorithm and flags. In this way the TLS
module will own the new key so it will be its duty to clear it on
exit.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-06 10:40:47 +01:00
Valerio Setti
fbbafa0d2d pkparse: do not set key algorithm for Montgomery keys in pk_ecc_set_key() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-06 10:07:34 +01:00
Ronald Cron
40f3f1c36f Merge pull request #7058 from yuhaoth/pr/tls13-early-data-parsing-0-rtt-data 
TLS 1.3 EarlyData SRV: Parsing 0-RTT data
 2023-12-06 06:47:32 +00:00
Jerry Yu
42020fb186 revert output message which used by testing 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-05 17:35:53 +08:00
Ronald Cron
a1e867c676 Merge pull request #8576 from yanrayw/issue/fix-tls13-session_negotiate-assignment 
TLS13: CLI: EarlyData: Assign ciphersuite after associated verification in EE
 2023-12-05 08:31:24 +00:00
Valerio Setti
4ac2c18834 pk_wrap: try both ECDSA signature schemes in ecdsa_sign_psa() 
Instead of extracting key's properties in order to check whether it
supports deterministic or non-deterministic ECDSA, we try both.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-05 07:59:01 +01:00
Jerry Yu
ebb1b1d48f fix ci test failure 
"skip parse certificate verify" can not be changed.
It is used in `Authentication: client badcert, server none`
test.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-05 11:02:15 +08:00
Jerry Yu
b55f9eb5c5 fix various issues 
- remove unnecessary statements
- improve macro name
- improve output message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-05 10:27:17 +08:00
Valerio Setti
8aec84f3a7 pkwrite: minor code reshape 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 16:04:21 +01:00
Valerio Setti
83e0de8481 crypto_extra: revert changes to mbedtls_psa_random_free() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:42 +01:00
Valerio Setti
402cfba4dc psa: free RNG implementation before checking for remaining open key slots 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:41 +01:00
Valerio Setti
5f4b28defc ctr_drbg: add alternative PSA implementation when AES_C is not defined 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-04 11:04:41 +01:00
Dave Rodgman
9afc0200c7 Merge pull request #8563 from Oldes/issues-8562 
Fixed compilation for Haiku OS
 2023-12-04 09:53:08 +00:00
Yanray Wang
fb0f47b1f8 tls13: srv: check tls version in ClientHello with min_tls_version 
When server is configured as TLS 1.3 only and receives ClientHello
from a TLS 1.2 only client, it's expected to abort the handshake
instead of downgrading protocol to TLS 1.2 and continuing handshake.
This commit adds a check to make sure server min_tls_version always
larger than received version in ClientHello.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-04 17:50:36 +08:00
Yanray Wang
197199f154 tls12 & tls13 server: remove RNG check in write_server_hello 
RNG check is added in ssl_conf_check when calling mbedtls_ssl_setup,
so there is no need to check it again.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-04 11:03:14 +08:00
Yanray Wang
c83186effa ssl_client: remove RNG check in write_client_hello 
RNG check is added in ssl_conf_check when calling mbedtls_ssl_setup,
so there is no need to check it again.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-04 11:03:14 +08:00
Jerry Yu
7bb40a3650 send unexpected alert when not received eoed or app during reading early data 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-04 10:04:15 +08:00
Jerry Yu
fbf039932a Send decode error alert when EOED parsing fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-04 10:00:37 +08:00
Jerry Yu
3be850782c fix various issues 
- improve comments
- rename function and macros name
- remove unnecessary comments
- remove extra empty lines
- remove unnecessary condition

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-04 09:58:54 +08:00
Yanray Wang
744577a429 tls13: early_data: cli: check a PSK has been selected in EE 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-01 23:03:37 +08:00
Dave Rodgman
f1be1f6740 Remove unused code 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-12-01 13:53:45 +00:00
Oldes Huhuman
304fa091cf Shortening a comment line 
Related to: https://github.com/Mbed-TLS/mbedtls/issues/8562

Signed-off-by: Oldes Huhuman <oldes.huhuman@gmail.com>
 2023-12-01 12:23:26 +01:00
Yanray Wang
9ae6534c20 tls13: early_data: cli: improve comment 
This commit improves comment of why we assign the identifier of the
ciphersuite in handshake to `ssl->session_negotiate`.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-01 17:46:08 +08:00
Yanray Wang
03a00768c0 tls13: early_data: cli: improve comment 
This commit improves comment of the check for handshake parameters
in Encrypted Extension.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-01 17:40:21 +08:00
Jerry Yu
0af63dc263 improve comments and output message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 17:18:04 +08:00
Jerry Yu
ee4d729555 print received early application data 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:53:50 +08:00
Jerry Yu
e96551276a switch inbound transform to handshake 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:53:50 +08:00
Jerry Yu
75c9ab76b5 implement parser of eoed 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:53:50 +08:00
Jerry Yu
b4ed4602f2 implement coordinate of eoed 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:34:00 +08:00
Jerry Yu
d5c3496ce2 Add dummy framework of eoed state 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:32:31 +08:00
Jerry Yu
59d420f17b empty process_end_of_early_data 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:30:34 +08:00
Yanray Wang
b422cab052 tls: check RNG in ssl_conf_check when calling mbedtls_ssl_setup 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-01 16:29:21 +08:00
Ronald Cron
857d29f29a Merge pull request #8528 from yanrayw/issue/6933/parse-max_early_data_size 
TLS1.3 EarlyData: client: parse max_early_data_size
 2023-12-01 08:27:26 +00:00
Jerry Yu
9b72e39701 re-introduce process_wait_flight2 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:27:08 +08:00
Jerry Yu
e32fac3d23 remove wait_flight2 state 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-01 16:25:16 +08:00
Yanray Wang
e72dfff1d6 tls13: early_data: cli: improve comment 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-01 12:05:16 +08:00
Yanray Wang
2bef7fbc8d tls13: early_data: cli: remove guard to fix failure 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-12-01 12:02:56 +08:00
Dave Rodgman
059f66ce7c Remove redundant check 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-30 11:02:03 +00:00
Dave Rodgman
6eee57bc07 Merge remote-tracking branch 'origin/development' into msft-aarch64 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-30 11:01:50 +00:00
Dave Rodgman
12d1c3ad4f Use MBEDTLS_HAVE_NEON_INTRINSICS in aesce 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-30 09:38:38 +00:00
Dave Rodgman
d879b47b52 tidy up macros in mbedtls_xor 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-30 09:35:14 +00:00
Dave Rodgman
59059ec503 Merge remote-tracking branch 'origin/development' into msft-aarch64 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-30 09:34:41 +00:00
Yanray Wang
b3e207d762 tls13: early_data: cli: rename early_data parser in nst 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-30 16:49:51 +08:00
Yanray Wang
0790041dc6 Revert "tls13: early_data: cli: remove nst_ prefix" 
This reverts commit 3781ab40fb.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-30 16:44:44 +08:00
Dave Rodgman
10dfe76425 Merge pull request #8573 from daverodgman/iar-aesce2 
Disable hw AES on Arm for IAR
 2023-11-30 08:22:09 +00:00