1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-24 13:32:59 +03:00
Commit Graph

64 Commits

Author SHA1 Message Date
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Andrzej Kurek
92d7417d89 Formatting fixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Leonid Rozenboim
116f50cd96 Fix resource leaks
These potential leaks were flagged by the Coverity static analyzer.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-07-04 06:49:26 -04:00
Manuel Pégourié-Gonnard
a3115dc0e6 Mark static int SSL functions CHECK_RETURN_CRITICAL
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:52 +02:00
Hanno Becker
78196e366f Fix search for outdated entries in SSL session cache
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 14:55:15 +01:00
Hanno Becker
c3f4a97b8f Don't infer last element of SSL session cache twice
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 14:54:24 +01:00
Hanno Becker
466ed6fd08 Improve local variable naming in SSL session cache implementation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 14:54:00 +01:00
Hanno Becker
5cf6f7eafe Fix swapping of first and last entry in SSL session cache
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 14:45:04 +01:00
Hanno Becker
006f2cce2e Fix compile-time guard in session cache implementation
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-14 04:57:44 +01:00
Hanno Becker
845ceb7cc8 Improve readability and efficiency of SSL cache reference impl
The reference session cache implementation may end up storing multiple
sessions associated to the same session ID if the set()-call for the
second session finds an outdated cache entry prior to noticing the entry
with the matching session ID. While this logically overwrites the existing
entry since we always search the cache in order, this is at least a waste
of resources.

This commit fixes this by always checking first whether the given ID is
already present in the cache.

It also restructures the code for easier readability.

Fixes #4509.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-13 07:11:30 +01:00
Hanno Becker
f47199da26 Improve naming of helper function for reference session cache
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-05-13 07:09:09 +01:00
Hanno Becker
aee4cc4cbb Use sizeof() instead of magic constant
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 16:49:32 +01:00
Hanno Becker
7e6eb9fa27 Simplify SSL session cache implementation via session serialization
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 10:47:40 +01:00
Hanno Becker
f938c436fb Add helper function to find entry in SSL session cache
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 10:47:40 +01:00
Hanno Becker
02a68ebc0e Add helper function to finding a fresh entry in the SSL cache
This commit improves the readability of the SSL session cache
reference implementation of mbedtls_ssl_cache_set() by moving
the logic for finding a suitable free slot for the session to
store into a static helper function.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 10:47:40 +01:00
Hanno Becker
ccdaf6ed22 Add session ID as explicit parameter to SSL session cache API
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 10:47:40 +01:00
Hanno Becker
64ce974180 Don't check ciphersuite and compression in SSL session cache lookup
Session-ID based session resumption requires that the resumed session
is consistent with the client's ClientHello in terms of choice of
ciphersuite and choice of compression.

This check was previously assumed to be performed in the session cache
implementation, which seems wrong: The session cache should be an id-based
lookup only, and protocol specific checks should be left to Mbed TLS.

This commit
- adds an explicit ciphersuite and compression consistency check after
  the SSL session cache has been queried
- removes the ciphersuite and compression consistency check from
  Mbed TLS' session cache reference implementation.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 10:47:40 +01:00
Chris Jones
84a773f8e6 Rename ssl_internal.h to ssl_misc.h
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Chris Jones
e2191cd789 Update includes to use library/ instead of include/mbedtls/
Simple find and replace using `#include (<|")mbedtls/(.*)_internal.h(>|")`
and `#include $1$2_internal.h$3`.

Also re-generated visualc files by running
`scripts/generate_visualc_files.pl`.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-03-10 12:52:37 +00:00
Bence Szépkúti
1e14827beb Update copyright notices to use Linux Foundation guidance
As a result, the copyright of contributors other than Arm is now
acknowledged, and the years of publishing are no longer tracked in the
source files.

Also remove the now-redundant lines declaring that the files are part of
MbedTLS.

This commit was generated using the following script:

# ========================
#!/bin/sh

# Find files
find '(' -path './.git' -o -path './3rdparty' ')' -prune -o -type f -print | xargs sed -bi '

# Replace copyright attribution line
s/Copyright.*Arm.*/Copyright The Mbed TLS Contributors/I

# Remove redundant declaration and the preceding line
$!N
/This file is part of Mbed TLS/Id
P
D
'
# ========================

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2020-08-19 10:35:41 +02:00
Gilles Peskine
db09ef6d22 Include common.h instead of config.h in library source files
In library source files, include "common.h", which takes care of
including "mbedtls/config.h" (or the alternative MBEDTLS_CONFIG_FILE)
and other things that are used throughout the library.

FROM=$'#if !defined(MBEDTLS_CONFIG_FILE)\n#include "mbedtls/config.h"\n#else\n#include MBEDTLS_CONFIG_FILE\n#endif' perl -i -0777 -pe 's~\Q$ENV{FROM}~#include "common.h"~' library/*.c 3rdparty/*/library/*.c scripts/data_files/error.fmt scripts/data_files/version_features.fmt

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2020-07-02 11:26:57 +02:00
Hanno Becker
a887d1a5b6 Remove peer CRT from cache if !MBEDTLS_SSL_KEEP_PEER_CERTIFICATE 2019-02-26 14:38:09 +00:00
Hanno Becker
aee8717877 Simplify session cache implementation via mbedtls_ssl_session_copy() 2019-02-26 14:38:09 +00:00
Ron Eldor
22360825ae Address PR review comments
set `cache->chain` to NULL,
instead of setting the whole structure to zero.
2017-10-29 17:53:52 +02:00
Ron Eldor
e1a9a4a826 Fix crash when calling mbedtls_ssl_cache_free twice
Set `cache` to zero at the end of `mbedtls_ssl_cache_free` #1104
2017-10-17 18:15:41 +03:00
Simon Butcher
a55e084bce Fix naked call to time() with platform call
In ssl_cache.c a call to time() was being made instead of it's platform
equivalent.
2017-07-28 23:46:43 +01:00
Simon Butcher
b5b6af2663 Puts platform time abstraction into its own header
Separates platform time abstraction into it's own header from the
general platform abstraction as both depend on different build options.
(MBEDTLS_PLATFORM_C vs MBEDTLS_HAVE_TIME)
2016-07-13 14:46:18 +01:00
SimonB
d5800b7761 Abstracts away time()/stdlib.h into platform
Substitutes time() into a configurable platform interface to allow it to be
easily substituted.
2016-04-26 14:49:59 +01:00
Manuel Pégourié-Gonnard
37ff14062e Change main license to Apache 2.0 2015-09-04 14:21:07 +02:00
Manuel Pégourié-Gonnard
6fb8187279 Update date in copyright line 2015-07-28 17:11:58 +02:00
Manuel Pégourié-Gonnard
12ad798c87 Rename ssl_session.length to id_len 2015-06-18 15:50:37 +02:00
Manuel Pégourié-Gonnard
1b8de57827 Remove a few redundant memset after calloc.
Using the following semantic patch provided by Mansour Moufid:

@@
expression x;
@@
  x = mbedtls_calloc(...)
  ...
- memset(x, 0, ...);
2015-05-27 16:58:55 +02:00
Manuel Pégourié-Gonnard
7551cb9ee9 Replace malloc with calloc
- platform layer currently broken (not adapted yet)
- memmory_buffer_alloc too
2015-05-26 16:04:06 +02:00
Manuel Pégourié-Gonnard
2cf5a7c98e The Great Renaming
A simple execution of tmp/invoke-rename.pl
2015-04-08 13:25:31 +02:00
Manuel Pégourié-Gonnard
7f8099773e Rename include directory to mbedtls 2015-03-10 11:23:56 +00:00
Manuel Pégourié-Gonnard
fe44643b0e Rename website and repository 2015-03-06 13:17:10 +00:00
Mansour Moufid
99b9259f76 Fix whitespace of 369e6c20. 2015-02-16 10:43:52 +00:00
Mansour Moufid
c531b4af3c Apply the semantic patch rm-malloc-cast.cocci.
for dir in library programs; do
        spatch --sp-file scripts/rm-malloc-cast.cocci --dir $dir \
        --in-place;
    done
2015-02-16 10:43:52 +00:00
Rich Evans
00ab47026b cleanup library and some basic tests. Includes, add guards to includes 2015-02-10 11:28:46 +00:00
Manuel Pégourié-Gonnard
860b51642d Fix url again 2015-01-28 17:12:07 +00:00
Manuel Pégourié-Gonnard
085ab040aa Fix website url to use https. 2015-01-23 11:06:27 +00:00
Manuel Pégourié-Gonnard
9698f5852c Remove maintainer line. 2015-01-23 10:59:00 +00:00
Manuel Pégourié-Gonnard
19f6b5dfaa Remove redundant "all rights reserved" 2015-01-23 10:54:00 +00:00
Manuel Pégourié-Gonnard
a658a4051b Update copyright 2015-01-23 09:55:24 +00:00
Manuel Pégourié-Gonnard
967a2a5f8c Change name to mbed TLS in the copyright notice 2015-01-22 14:28:16 +00:00
Manuel Pégourié-Gonnard
e5b0fc1847 Make malloc-init script a bit happier 2014-11-13 12:42:12 +01:00
Paul Bakker
14b16c62e9 Minor optimizations (original by Peter Vaskovic, modified by Paul Bakker)
Move strlen out of for loop.
Remove redundant null checks before free.
2014-05-28 11:34:33 +02:00
Paul Bakker
b9e4e2c97a Fix formatting: fix some 'easy' > 80 length lines 2014-05-01 14:18:25 +02:00
Manuel Pégourié-Gonnard
cef4ad2509 Adapt sources to configurable config.h name 2014-04-30 16:40:20 +02:00
Manuel Pégourié-Gonnard
84c30c7e83 Fix memory leak in ssl_cache 2014-03-14 08:41:01 +01:00