lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-29 11:41:15 +03:00
Code Activity
20,713 Commits 174 Branches 272 Tags
8b718b5a6663609b1ae29e2d2ec661cac38a8cad
Commit Graph

20713 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ronald Cron
9d6a545714 tls13: Re-organize EncryptedExtensions message parsing code 
Align the organization of the EncryptedExtensions
message parsing code with the organization of the
other message parsing codes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:18:42 +02:00
Ronald Cron
154d1b68d6 tls13: Fix wrong usage of MBEDTLS_SSL_CHK_BUF(_READ)_PTR macros 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:18:42 +02:00
Ronald Cron
c80835943c tls13: Fix pointer calculation before space check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:18:42 +02:00
Ronald Cron
2827106199 tls13: Add missing buffer overread check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:18:42 +02:00
Ronald Cron
b94854f8e3 Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests 
TLS 1.3: Enable and add tests
 2022-06-28 09:15:17 +02:00
Gilles Peskine
5969a4b5e0 Don't call memcpy(NULL, 0) which has undefined behavior 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 23:59:53 +02:00
Gilles Peskine
bf918b9cfe Use headlinese for added functions, per request 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 23:34:32 +02:00
Gilles Peskine
3dc9ac95ec Spelling 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 23:02:58 +02:00
Gilles Peskine
ed5c21dc37 Declare deprecated option for no_deprecated configs 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 23:02:09 +02:00
Glenn Strauss
01d2f52a32 Inline mbedtls_x509_dn_get_next() in x509.h 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-06-27 14:20:07 -04:00
Przemek Stekiel
18399d8d53 Add comment to config_psa.h about enabling PSA_HKDF/PSA_HKDF_EXRACT/PSA_HKDF_EXPAND algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-27 15:36:06 +02:00
Dave Rodgman
f5b7082f6e Merge pull request #5811 from polhenarejos/bug_x448 
Fix order value for curve x448
 2022-06-27 13:47:24 +01:00
Gilles Peskine
251ca25d94 Clarify potential ambiguity in changelog entry 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 14:47:15 +02:00
Werner Lewis
9b0e940135 Fix case where final special char exceeds buffer 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 12:01:22 +01:00
Przemek Stekiel
9e30fc94f3 Remove redundant spaces 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-27 12:48:35 +02:00
Werner Lewis
fd8cfe4f8e Replace parsing with outputting 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 11:23:43 +01:00
Werner Lewis
31ecb9600a Add tests for exceeded buffer size 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 11:23:43 +01:00
Werner Lewis
b33dacdb50 Fix parsing of special chars in X509 DN values 
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 11:19:50 +01:00
Przemek Stekiel
6a5e01858f ssl_tls13_parse_certificate_verify(): remove md dependency 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-27 11:53:13 +02:00
Przemek Stekiel
6230d0d398 mbedtls_x509_sig_alg_gets(): remove md dependency 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-27 11:19:04 +02:00
Werner Lewis
4abd7c2545 Minor phrasing changes 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 09:42:34 +01:00
Werner Lewis
129d6adc0e Use mbedtls-2.28 branch for documentation link 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 09:42:34 +01:00
Werner Lewis
4b8aaa4e60 Add clarification on 2.x branch choice 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 09:41:54 +01:00
Werner Lewis
f5b86f3b16 Add clarification for 2.x section 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 09:20:01 +01:00
Ronald Cron
cf600bc07c Comment fixes 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:28:49 +02:00
Ronald Cron
e0d7367a9e Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:28:49 +02:00
Ronald Cron
2b1a43c101 tls13: Add missing overread check in Certificate msg parsing. 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:28:49 +02:00
Ronald Cron
e7b9b6b380 tls13: Add checks of overread check failures 
In Certificate message parsing tests with
invalid vector lengths, add checks that the
parsing failed on the expected overread check.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:28:49 +02:00
Ronald Cron
ad8c17b9c6 tls: Add overread/overwrite check failure tracking 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:28:49 +02:00
Ronald Cron
e3dac4aaa1 tls13: Add Certificate msg parsing tests with invalid vector lengths 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:28:42 +02:00
Ronald Cron
a8d79b9eb6 ssl-opt.sh: Remove one pattern check 
In "Authentication: client cert not trusted,
server required" ssl-opt.sh test, depending
on client and server execution speed, the
handshake on the client side may complete
successfully: the TLS connection is aborted
by the server because it is not able to
authenticate the client but at that time
the client may have completed the handshake
on its side. Thus, do not check that the
client handshake failed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:05:35 +02:00
Ronald Cron
07040bb179 Merge pull request #5951 from xkqian/tls13_add_alpn 
Add ALPN extension to the server side
 2022-06-27 08:33:03 +02:00
Ronald Cron
9738a8d0fd Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks 
TLS 1.3: Fix certificate key usage checks
 2022-06-27 08:32:17 +02:00
Gilles Peskine
0ff241a1ea Remove largely useless bit of test log to silence GCC 12 
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.

Fixes #5974.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-25 14:29:23 +02:00
Paul Elliott
668b31f210 Fix the wrong variable being used for TLS record size checks 
Fix an issue whereby a variable was used to check the size of incoming
TLS records against the configured maximum prior to it being set to the
right value.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-06-24 20:09:37 +01:00
Werner Lewis
f8a478795c Add guidance for generating deprecated list 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-24 11:10:48 +01:00
Ronald Cron
21a1b2d374 Enable "Sending app data" SSL unit tests for TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
Ronald Cron
c78511b59a ssl-opt.sh: Enable some authentication tests for TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
Ronald Cron
1938588e80 tls13: Align some debug messages with TLS 1.2 ones 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
Ronald Cron
a4417c13a1 ssl-opt.sh: Add Small/Large packets TLS 1.3 tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
Ronald Cron
ba80d4d60b ssl-opt.sh: Enable Event-driven I/O tests for TLS 1.3 
The other "Event-driven I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
Ronald Cron
2cffd284bc ssl-opt.sh: Enable Non-blocking I/O tests for TLS 1.3 
The other "Non-blocking I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
XiaokangQian
0b776e282a Change some comments for alpn 
Change-Id: Idf066e94cede9d26aa41d632c3a81dafcee38587
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-24 09:04:59 +00:00
Manuel Pégourié-Gonnard
93a7f7d7f8 Merge pull request #5954 from wernerlewis/x509_next_merged 
Add mbedtls_x509_dn_get_next function
 2022-06-24 09:59:22 +02:00
Manuel Pégourié-Gonnard
fc425ee9a4 Merge pull request #5838 from mprse/HKDF_2 
HKDF 2: Use HKDF-Expand/Extract from PSA in TLS 1.3
 2022-06-24 09:28:17 +02:00
XiaokangQian
95d5f549f1 Fix coding styles 
Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-24 05:42:15 +00:00
Werner Lewis
016cec17e8 Add deprecated macros to migration guide 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-23 16:55:52 +01:00
Werner Lewis
745fcde406 Add reference to 2.x docs to migration guide 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-23 16:51:45 +01:00
Werner Lewis
3e5585b45d Replace TEST_ASSERT macro uses 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-23 15:12:10 +01:00
Werner Lewis
ac80a66395 Reduce buffer sizes to expected size 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-23 15:11:50 +01:00