lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity
23,791 Commits 174 Branches 272 Tags
02edb7546fc1bea36cece9738b51b6c78c1e6a94
Commit Graph

23791 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Xiaokang Qian
6be8290aba Change to CCS after client hello only if we offer early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
7179f810f1 Restore the empty lines 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
b58462157e Refine the ciphersuite and select id check for early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
44051f6376 Refine the state change after write client hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
7892b6caad Refine the comment about generating early secrects in post server hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
bd0ab06d50 Skip CCS once we proposed early data even it is rejected 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
f6d8fd3d6b Improve the coding style of new lines 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:48 +00:00
Xiaokang Qian
79f77528f5 Move state change to finalize client hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian
3f616c2493 Move selected_identity zero check to post_server_hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian
1d8e86ce00 Get hash_alg by mbedtls_psa_translate_md 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian
ea28a78384 Revert new field and check ciphersuite match when resume by exist info_id 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian
4224244883 Improve coding styles and add comments 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian
33ff868dca Fix various errors 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian
43a83f247c Move the place where call set_outbound_transform to switch handshake key 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian
907461319a Fix compile error and warnings 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian
f10f474981 Check server selected cipher suite indicating a Hash associated with the PSK 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian
592021aceb Add CCS after client hello in case of early data and comp mode 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian
303f82c5b9 Skip generating early secrets in some cases 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian
b46275c7ec Add TLS1_3 guard to finalize_write_client_hello() to fix compile issue 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:43 +00:00
Xiaokang Qian
2a674937dd Pend a illeagal allert when selected_identity isn't 0 
Handshake should abort will illeagal parameter allert when
receiving early data extentions but the selected_identity
parsed from pre-share key isn't equal to 0.

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:46:48 +00:00
Xiaokang Qian
5b410075cf Remove useless comments about handshake messages for TLS13 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:46:48 +00:00
Xiaokang Qian
126929f825 Move early keys generation into mbedtls_ssl_tls13_finalize_write_client_hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:46:45 +00:00
Xiaokang Qian
19d4416a45 Refine code to remove finalize_write_end_of_early_data() 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian
7094f66879 Remove useless duplicted mbedtls_ssl_tls13_ticket_get_psk 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian
854db28bb7 Set hs_psk,ciphercuit_info and kex mode when writing pre-share key 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian
57a138d5c3 Update message log for end of early data test cases 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian
742578ca2c Remove end_of_early_data_coordinate() to align with exist style 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian
bc75bc0c3a Switch to MBEDTLS_SSL_END_OF_EARLY_DATA as needed 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian
c81a15a019 Change the comment format of end_of_early_data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian
7ed30e59af Fix the issue that gnutls server doesn't support packet 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:44:00 +00:00
Xiaokang Qian
8804e6d0ac Put kex_exchange_mode in the guard of TLS13 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:43:59 +00:00
Xiaokang Qian
94dd1dd6fa Update test case to indicate parsing of end of early data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:43:59 +00:00
Xiaokang Qian
da8402dde6 Switch outbound back to handshake key after end_of_early_data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:43:59 +00:00
Xiaokang Qian
bf09376bda Remove useless prepare_write_end_of_early_data 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:43:59 +00:00
Xiaokang Qian
df6f52e2b2 Generate early key and switch outbound key to it after write client hello 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:43:59 +00:00
Xiaokang Qian
d05ac5dfce Add extern apis mbedtls_ticket_get_psk. 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:43:59 +00:00
Xiaokang Qian
32af4fbbdb Set ciphersuite info and kex mode in set_session in re-connection 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:43:59 +00:00
Xiaokang Qian
34aab55aa7 Add prepare function to switch transform to early keys 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:43:58 +00:00
Xiaokang Qian
125afcb060 Add end-of-early-data write 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:43:58 +00:00
Jerry Yu
837e9cfc77 fix wrong typo 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-02-08 10:57:23 +08:00
Pengyu Lv
acbeb7fa30 code_style.py: Add helpers to print warning and skipped files 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-08 09:59:40 +08:00
Pengyu Lv
8c6325cc8e code_style.py: Apply exclusions to the file list 
This commit rename `--files` options to `--subset` and
it means to check a subset of the files known to git.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-02-08 09:59:27 +08:00
Nick Child
3dafc6c3b3 pkcs7: Drop support for signature in contentInfo of signed data 
The contentInfo field of PKCS7 Signed Data structures can
optionally contain the content of the signature. Per RFC 2315
it can also contain any of the PKCS7 data types. Add test and
comments making it clear that the current implementation
only supports the DATA content type and the data must be empty.

Return codes should be clear whether content was invalid or
unsupported.
Identification and fix provided by:
 - Demi Marie Obenour <demiobenour@gmail.com>
 - Dave Rodgman <dave.rodgman@arm.com>

Signed-off-by: Nick Child <nick.child@ibm.com>
 2023-02-07 20:04:52 +00:00
Gilles Peskine
fad34a4f10 Support all legacy algorithms in PSA 
This is not strictly mandatory, but it helps.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-02-07 20:37:56 +01:00
Valerio Setti
5b16e9eabc pk_wrap: keep ECDSA_C for ECP_RESTARTABLE contexts 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-07 16:21:36 +01:00
Andrzej Kurek
7dcdc132d5 Change SHA256_C to HAS_ALG_SHA256_VIA[..] in x509 tests 
This way these tests won't be skipped in a configuration with a driver.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-07 05:24:34 -05:00
Hanno Becker
dae916b05f X.509: Add length consistency checks to x509_get_other_name() 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-07 05:24:32 -05:00
Hanno Becker
2a15a0c868 X.509: Remove red'n bounds checks and zeroiz'n in OtherName parsing 
- ASN.1 parsing functions check that length don't exceed buffer bounds,
  so checks `p + len > end` are redundant.
- If `p + len == end`, this is erroneous because we expect further fields,
  which is automatically caught by the next ASN.1 parsing call.

Hence, the two branches handling `p + len >= end` in x509_get_other_name()
can be removed.

Further, zeroization of the `other_name` structure isn't necessary
because it's not confidential (and it's also not performed on other
error conditions in this function).
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-07 05:15:27 -05:00
Hanno Becker
5d82c3b99c X.509: Improve negative testing for SubjectAltName parsing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-07 05:10:29 -05:00
Hanno Becker
dc0e8b92f8 Add a ChangeLog entry 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-02-07 05:10:29 -05:00