1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-12 08:21:54 +03:00
Commit Graph

88 Commits

Author SHA1 Message Date
d4a5d461de library: add remaining changes for the new ECP_LIGHT symbol
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
8a12aeec93 tls: Initialize SSL context tls_version in mbedtls_ssl_setup()
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2023-04-06 10:26:18 +02:00
43cc127d3a Fix code style
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
b8b07aa24a Handle errors from functions that now return int
A few functions were changed from returning void to returning int three
commits ago. Make sure their callers check the return values.

This commits was basically a matter of declaring newly-int-returning
functions MBEDTLS_CHECK_RETURN_CRITICAL and then fixing the resulting
warnings. A few functions had to be made int in the process; they were
applied the same process as well.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-02-21 15:39:12 +01:00
934ce6f6a9 Rename the finalize_client{server}_hello()
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
7179f810f1 Restore the empty lines
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
44051f6376 Refine the state change after write client hello
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:48 +00:00
79f77528f5 Move state change to finalize client hello
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
592021aceb Add CCS after client hello in case of early data and comp mode
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:47 +00:00
b46275c7ec Add TLS1_3 guard to finalize_write_client_hello() to fix compile issue
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:47:43 +00:00
126929f825 Move early keys generation into mbedtls_ssl_tls13_finalize_write_client_hello
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:46:45 +00:00
854db28bb7 Set hs_psk,ciphercuit_info and kex mode when writing pre-share key
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:44:00 +00:00
df6f52e2b2 Generate early key and switch outbound key to it after write client hello
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-02-08 05:43:59 +00:00
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
28d4d43416 Merge pull request from valeriosetti/issue6830
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
2023-01-10 10:01:17 +01:00
cd0a565644 Merge pull request from yuhaoth/pr/tls13-misc-from-prototype
TLS 1.3: Upstream misc fix from prototype
2023-01-05 14:35:54 +01:00
18c9fed857 tls: remove dependency from mbedtls_ecp_curve functions
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-03 13:03:34 +01:00
4064a82802 Merge pull request from yuhaoth/pr/refactor-cookie-members-of-handshake
Refactor cookie members of handshake
2022-12-14 10:55:34 +01:00
141bbe7bee tls13: Adjust include files
- remove duplicate and unused included
- Adjust the order to system, mbedtls global, local.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-09 09:51:20 +08:00
e01304f6d8 fix type conversion issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 19:58:46 +08:00
ac5ca5a0ea Refactor cookie members of handshake struct
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 19:58:45 +08:00
1797b05602 Fix typos prior to release
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
97be6a913e fix various issues
- typo error
- replace `ssl->hanshake` with handshake

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-09 22:43:31 +08:00
7de2ff0310 Refactor extension list print
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-08 23:51:39 +08:00
63a459cde5 Refactor client_hello parser and writer
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-06 11:54:21 +08:00
4b8f2f7266 Refactor sent extension message output
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-11-06 11:54:21 +08:00
c4bf5d658e fix various issues
- Signature of
  - mbedtls_tls13_set_hs_sent_ext_mask
  - check_received_extension and issues
- Also fix comment issue.
- improve readablity.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
0c354a211b introduce sent/recv extensions field
And remove `extensions_present`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
744fd37d23 Merge pull request from davidhorstmann-arm/fix-unusual-macros-0
Fix unusual macros
2022-10-25 19:55:29 +02:00
7aee0ec0ba Minor improvements in ssl_client.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:38:25 +01:00
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
41a443a68d tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
49e4184812 Merge pull request from xkqian/tls13_add_servername_check
Add server name check when proposing pre-share key
2022-10-13 16:00:59 +02:00
0fe6631486 Merge pull request from gilles-peskine-arm/platform.h-unconditional-3.2
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
307a7303fd Rebase and replace session_negotiate
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:14:32 +00:00
ed3afcd6c3 Fix various typo and macro guards issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
ed0620cb13 Refine code base on comments
Move code to proper macro guards protection
Fix typo issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
03409290d2 Add MBEDTLS_SSL_SESSION_TICKETS guard to server name check
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
d7adc374d3 Refine the server name compare logic
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
a3b451f950 Adress kinds of comments base on review
Rename function name to mbedtls_ssl_session_set_hostname
Add two extra check cases for server name
Fix some coding styles

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:51 +00:00
2f9efd3038 Address comments base on review
Change function name to ssl_session_set_hostname()
Remove hostname_len
Change hostname to c_string
Update test cases to multi session tickets

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:49 +00:00
bc663a0461 Refine code based on commnets
Change code layout
Change hostname_len type to size_t
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:01 +00:00
ecd7528c7f Address some comments
Hostname_len has at least one byte
Change structure serialized_session_tls13
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:44 +00:00
281fd1bdd8 Add server name check when proposeing pre-share key
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:41 +00:00
22c18c1432 Add NULL check in prepare hello
`session_negotiate` is used directly in `ssl_prepare_client_hello`
without NULL check. Add the check in the beggining to avoid segment
fault.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-11 18:07:19 +08:00
4f77ecf409 disable session resumption when ticket expired
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 22:10:08 +08:00
21f9095fa8 Revert "move ciphersuite validation to set_session"
This reverts commit 19ae6f62c7.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:35:34 +08:00
379b91a393 add ticket age check
Remove ticket if it is expired.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 10:21:15 +08:00
4a28563e84 Refactor macro-spanning ifs in ssl_client.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-07 14:08:42 +01:00
945b23c46f Include platform.h unconditionally: automatic part
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:33:07 +02:00