lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-19 01:04:04 +03:00
Code
32,028 Commits 172 Branches 267 Tags
Commit Graph

655 Commits

Author SHA1 Message Date
Max Fillinger
6f7cf0e402 Use mbedtls_calloc, not regular calloc 
Also fix the allocation size.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
a442aea2be Fix memory leak in example programs 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:49 +02:00
Max Fillinger
951b886801 Create MBEDTLS_SSL_KEYING_MATERIAL_EXPORT option 
Add the option MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to mbedtls_config.h
to control if the function mbedtls_ssl_export_keying_material() should
be available. By default, the option is disabled.

This is because the exporter for TLS 1.2 requires client_random and
server_random need to be stored after the handshake is complete.

Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-04-16 11:20:50 +02:00
Max Fillinger
7b52328f6c Remove TLS 1.2 Exporter if we don't have randbytes 
The TLS-Exporter in TLS 1.2 requires client_random and server_random.
Unless MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined, these aren't stored
after the handshake is completed.

Therefore, mbedtls_ssl_export_keying_material() exists only if either
MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined or MBEDTLS_SSL_PROTO_TLS1_2
is *not* defined.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:20:50 +02:00
Max Fillinger
948e15d3b7 Fix typos in comments 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:20:50 +02:00
Max Fillinger
9359f4d703 Fix coding style 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-04-16 11:20:49 +02:00
Max Fillinger
77a447ba97 Actually set exporter defaults in ssl_client2 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:20:49 +02:00
Max Fillinger
de3d5fdc83 Add TLS-Exporter options to ssl_client2 
Prints out the exported key on the command line for testing purposes.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:20:49 +02:00
Minos Galanakis
7a95d16a31 Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.3rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:28:26 +00:00
Minos Galanakis
eec6eb9cd4 programs -> ssl_client2.c: Added option renego_delay to set record buffer depth. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:10 +00:00
Gilles Peskine
b3de9da6b0 mbedtls_ssl_set_hostname tests: baseline 
Test the current behavior.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-13 21:24:01 +01:00
Bence Szépkúti
5544b280ed
Merge pull request #9118 from jetm/ssl-client2-get-req-host-3.6 
Backport 3.6: ssl_client2: Add Host to HTTP GET request
 2024-10-31 11:32:55 +00:00
Manuel Pégourié-Gonnard
aa80f5380c Use libary default in ssl_client2 for new_session_tickets 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-06 10:06:38 +02:00
David Horstmann
9f10979853 Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.1rc0-pr 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-08-28 20:48:27 +01:00
Ronald Cron
9f44c883f4 Rename some "new_session_tickets" symbols 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-28 17:47:46 +02:00
Ronald Cron
d67f801c63 Do not add a new field in the SSL config 
We cannot add a new field in SSL config in
an LTS. Use `session_tickets` field instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-28 10:41:54 +02:00
Ronald Cron
57ad182644 ssl_client2: Fix new_session_tickets option parsing 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-28 10:30:24 +02:00
Ronald Cron
23303a47f4 Enable TLS 1.3 ticket handling in resumption tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-08-27 16:20:40 +02:00
Gilles Peskine
cd4da16eea Don't call psa_crypto_init in test programs when not required for TLS 1.3 
For backward compatibility with Mbed TLS <=3.5.x, applications must be able
to make a TLS connection with a peer that supports both TLS 1.2 and TLS 1.3,
regardless of whether they call psa_crypto_init(). Since Mbed TLS 3.6.0,
we enable TLS 1.3 in the default configuration, so we must take care of
calling psa_crypto_init() if needed. This is a change from TLS 1.3 in
previous versions, where enabling MBEDTLS_SSL_PROTO_TLS1_3 was a user
choice and could have additional requirement.

This commit changes our test programs to validate that the library
does not have the compatibility-breaking requirement.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-08-25 10:44:39 +02:00
Gilles Peskine
4002e6fdee Merge remote-tracking branch 'mbedtls-3.6' into mbedtls-3.6-restricted 2024-08-23 11:15:11 +02:00
Manuel Pégourié-Gonnard
013d0798c0 Always print detailed cert errors in test programs 
Previously the client was only printing them on handshake success, and
the server was printing them on success and some but not all failures.

This makes ssl-opt.sh more consistent as we can always check for the
presence of the expected message in the output, regardless of whether
the failure is hard or soft.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-08 12:34:56 +02:00
Michael Schuster
82984bc1be Adjust spacing in sample programs 
Signed-off-by: Michael Schuster <michael@schuster.ms>
 2024-08-06 12:09:13 +01:00
Michael Schuster
6fa32fd12d Fix missing-prototype errors in sample programs 
Signed-off-by: Michael Schuster <michael@schuster.ms>
 2024-08-06 12:09:13 +01:00
Javier Tia
7a312d7247
ssl_client2: Add Host to HTTP GET request 
If an IP address shares multiple domain names with different SSL
certificates and makes a GET request without the remote server name
(host), it will fail with a 421 Misdirect Request.

Signed-off-by: Javier Tia <javier.tia@linaro.org>
 2024-05-06 14:01:28 -06:00
Ronald Cron
7201bc6b05 ssl_client2: Fix early data log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 16:03:09 +01:00
Manuel Pégourié-Gonnard
e33b349c90
Merge pull request #8864 from valeriosetti/issue8848 
Deprecate or remove mbedtls_pk_wrap_as_opaque
 2024-03-01 15:54:32 +00:00
Ronald Cron
9b4e964c2c
Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data 
TLS 1.3: Add mbedtls_ssl_write_early_data() API
 2024-02-29 14:31:55 +00:00
Valerio Setti
7541ebea52 programs: remove usage of mbedtls_pk_wrap_as_opaque() from tests 
This is replaced with: mbedtls_pk_get_psa_attributes() +
mbedtls_pk_import_into_psa() + mbedtls_pk_setup_opaque().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-02-27 10:44:33 +01:00
Ronald Cron
0aead12706 ssl_client2: Improve loop writing early data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-21 17:37:33 +01:00
Ronald Cron
b4fd47e897 ssl_client2: Default to library default for early data enablement 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-21 17:37:33 +01:00
Ronald Cron
a5561893e7 ssl_client2: Add support for early data writing 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
2fe0ec8c31 ssl_client2: Add buffer overflow check 
Add buffer overflow check to build_http_request().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
ccfaefa361 ssl_client2: Switch from int to size_t 
Switch from int to size_t for some
data lengths and counter local
variables.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
4e1bd470fb ssl_client2: Move code to build http request 
Move code to build http request into a
dedicated function.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Ronald Cron
54a3829453 ssl_client2: Simplify early_data option 
No need to define specific early data,
the idea is rather to just send the
usual request data as early data
instead of standard application data.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-07 08:06:46 +01:00
Benson Liou
6d0a093582 use mbedtls_ssl_session_init() to init session variable 
Use mbedtls_ssl_session_init() to init variable just like
session-family APIs described

Signed-off-by: Benson Liou <benson.liou@sony.com>
 2023-12-27 22:03:24 +08:00
Xiaokang Qian
a9581d2d5f Fix CI failure of uninitialized fp 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-11 01:50:34 +00:00
Xiaokang Qian
aedfc0932b Revert to ae952174a7 and addressing some comments 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-08 10:43:24 +00:00
Xiaokang Qian
963468035d Add the test framework of early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-07 09:19:43 +00:00
Xiaokang Qian
daddfb520d Open the file once read in the file path 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-07 08:14:30 +00:00
Xiaokang Qian
35c026c09e Read early data file 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-07 06:10:34 +00:00
Xiaokang Qian
2a8035b495 Add read early data code 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-07 03:54:40 +00:00
Xiaokang Qian
57db590586 Rework to revert the early_data enabled flag 
We have two options for early data.
early_data to indicate early data enable or not.
early_data_file to provide path file to read early data from

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-07 03:29:22 +00:00
Xiaokang Qian
ae952174a7 Enable early data depend on whether the early data file exist 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 10:27:27 +00:00
Xiaokang Qian
611c717c02 Sync the early_data option with internal parameters in ssl_client2 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 09:24:58 +00:00
Xiaokang Qian
f8fe11d14d Remove the generic file read functions and simply the early data read 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 07:40:50 +00:00
Xiaokang Qian
eaebedb30b Refine the detect code to enable early data or not 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 02:55:16 +00:00
Xiaokang Qian
b1db72923e Rename the generic read functions to ssl_read_file_text 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 02:33:38 +00:00
Xiaokang Qian
6c678d7543 Improve the comments of early data input 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-06 02:20:51 +00:00
Xiaokang Qian
70fbdcf904 Change early data flag to input file 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-12-05 05:50:08 +00:00