lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-13 19:21:32 +03:00
Code Activity
30,067 Commits 172 Branches 268 Tags
75e33fa12e24ee4e930b45c5b8d69c35aa152e39
Commit Graph

332 Commits

Author SHA1 Message Date
Ronald Cron
93795f2639 tls13: Improve comment about cast to uint32_t 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-07 09:57:07 +01:00
Ronald Cron
2e7dfd5181 tls13: Remove unnecessary cast from size_t to uint32_t 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-05 13:48:11 +01:00
Ronald Cron
19bfe0a631 tls13: Rename early_data_count to total_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
70eab45ba6 tls13: generic: Fix log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
8571804382 tls13: srv: Enforce maximum size of early data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:09 +01:00
Ronald Cron
9b4e964c2c Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data 
TLS 1.3: Add mbedtls_ssl_write_early_data() API
 2024-02-29 14:31:55 +00:00
Ronald Cron
5fbd27055d tls13: Use a flag not a counter for CCS and HRR handling 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-15 17:19:02 +01:00
Ronald Cron
e273f7203d tls13: client: Improve CCS handling 
Call unconditionally the CCS writing function
when sending a CCS may be necessary in the
course of an handshake. Enforce in the writing
function and only in the writing function that
only one CCS is sent.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-14 10:24:00 +01:00
Manuel Pégourié-Gonnard
e6c80bc6e5 Merge pull request #8755 from ronald-cron-arm/tls13-client-early-data-status 
TLS 1.3: Refine and test client early data status
 2024-02-13 20:36:42 +00:00
Manuel Pégourié-Gonnard
1d7bc1ecdf Merge pull request #8717 from valeriosetti/issue8030 
PSA FFDH: feature macros for parameters
 2024-02-07 10:06:03 +00:00
Ronald Cron
fe59ff794d tls13: Send dummy CCS only once 
Fix cases where the client was sending
two CCS, no harm but better to send only one.

Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Manuel Pégourié-Gonnard
32c28cebb4 Merge pull request #8715 from valeriosetti/issue7964 
Remove all internal functions from public headers
 2024-02-05 15:09:15 +00:00
Valerio Setti
b4f5076270 debug: move internal functions declarations to an internal header file 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 15:30:46 +01:00
Gilles Peskine
4d4891e18a Merge pull request #8666 from valeriosetti/issue8340 
Export the mbedtls_md_psa_alg_from_type function
 2024-01-18 13:58:55 +00:00
Valerio Setti
ecaf7c5690 ssl_tls: add guards for enabled DH key types 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:30 +01:00
Waleed Elmelegy
3ff472441a Fix warning in ssl_tls13_generic.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
e1ac98d888 remove mbedtls_ssl_is_record_size_limit_valid function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Waleed Elmelegy
148dfb6457 Change record size limit writing function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Yanray Wang
faf70bdf9d ssl_tls13_generic: check value of RecordSizeLimit in helper function 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2024-01-10 16:17:27 +00:00
Tom Cosgrove
3a6059beca Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit 
Comply with the received Record Size Limit extension
 2024-01-09 15:22:17 +00:00
Valerio Setti
384fbde49a library/tests: replace md_psa.h with psa_util.h as include file for MD conversion 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-02 13:27:32 +01:00
Waleed Elmelegy
049cd302ed Refactor record size limit extension handling 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-20 17:28:31 +00:00
Waleed Elmelegy
26e3698357 Revert back checking on handshake messages length 
Revert back checking on handshake messages length due to
limitation on our fragmentation support of handshake
messages.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-14 16:23:25 +00:00
Waleed Elmelegy
9aec1c71f2 Add record size checking during handshake 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-06 15:18:15 +00:00
Jan Bruckner
f482dcc6c7 Comply with the received Record Size Limit extension 
Fixes #7010

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-12-06 15:18:08 +00:00
Jerry Yu
c59c586ac4 change prototype of write_early_data_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:21:15 +08:00
Jerry Yu
ebe1de62f9 fix various issue 
- rename connection time variable
- remove unnecessary comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:20:25 +08:00
Jerry Yu
5233539d9f share write_early_data_ext function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:50 +08:00
Dave Rodgman
16799db69a update headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 19:47:20 +00:00
Dave Rodgman
8e00fe0cd8 Merge pull request #8309 from daverodgman/iar-warnings2 
Fix IAR warnings
 2023-10-06 13:24:12 +00:00
Dave Rodgman
2eab462a8c Fix IAR warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-05 13:30:37 +01:00
Gilles Peskine
530c423ad2 Improve some debug messages and error codes 
On a parsing error in TLS, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE, not a
crypto error code.

On error paths, emit a level-1 debug message. Report the offending sizes.

Downgrade an informational message's level to 3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-02 15:42:11 +02:00
Gilles Peskine
12c5aaae57 Fix buffer overflow in TLS 1.3 ECDH public key parsing 
Fix a buffer overflow in TLS 1.3 ServerHello and ClientHello parsing. The
length of the public key in an ECDH- or FFDH-based key exchange was not
validated. This could result in an overflow of handshake->xxdh_psa_peerkey,
overwriting further data in the handshake structure or further on the heap.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-02 15:02:10 +02:00
Gilles Peskine
ff2558a470 Fix unused variable in some TLS 1.3 builds 
Fix unused variable when MBEDTLS_SSL_PROTO_TLS1_3 and
MBEDTLS_SSL_SESSION_TICKETS are enabled but not MBEDTLS_DEBUG_C.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-09-05 21:10:39 +02:00
Valerio Setti
711f853b48 ssl_tls13: fix guard for FFDH function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-11 06:33:52 +02:00
Manuel Pégourié-Gonnard
de8f56e936 Merge pull request #7884 from valeriosetti/issue7612 
TLS: Clean up (EC)DH dependencies
 2023-08-01 07:13:36 +00:00
Valerio Setti
c9ae862225 tls: use TLS 1.3 guards in ssl_tls13 modules 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-25 11:23:50 +02:00
Valerio Setti
ea59c43499 tls: fix a comment a rename a variable/symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-25 11:14:03 +02:00
Gilles Peskine
6aca2c9613 Merge pull request #7716 from mpg/psa-util-internal 
Split psa_util.h between internal and public
 2023-07-10 18:33:23 +02:00
Valerio Setti
3d237b5ff1 ssl_misc: fix guards for PSA data used in XXDH key exchanges 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 19:02:16 +02:00
Manuel Pégourié-Gonnard
2be8c63af7 Create psa_util_internal.h 
Most functions in psa_util.h are going to end up there (except those
that can be static in one file), but I wanted to have separate commits
for file creation and moving code around, so for now the new file's
pretty empty but that will change in the next few commits.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:42:33 +02:00
Przemek Stekiel
408569f91a Adapt function name: mbedtls_ssl_tls13_generate_and_write_dh_key_exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-06 12:16:44 +02:00
Przemek Stekiel
7ac93bea8c Adapt names: dh -> xxdh 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:26:26 +02:00
Przemek Stekiel
d5f79e7297 Adapt functions names for ffdh 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:26:26 +02:00
Przemek Stekiel
6f199859b6 Adapt handshake fields to ffdh 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:25:00 +02:00
Valerio Setti
dbd01cb677 tls13: fix guards for PSA error translating function 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-04 09:18:52 +02:00
Manuel Pégourié-Gonnard
56b159a12a Merge pull request #7627 from mprse/ffdh_tls13_v2 
Make use of FFDH keys in TLS 1.3 v.2
 2023-07-03 10:12:33 +02:00
Andrzej Kurek
a6033ac431 Add missing guards in tls 1.3 
Error translation is only used with these
defines on.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:47 -04:00
Andrzej Kurek
1e4a030b00 Fix wrong array size calculation in error translation code 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:47 -04:00
Andrzej Kurek
0064484a70 Optimize error translation code size 
Introducing an intermediate function
saves code size that's otherwise taken by excessive,
repeated arguments in each place that
was translating errors.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:46 -04:00