lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-13 19:21:32 +03:00
Code Activity
24,652 Commits 172 Branches 268 Tags
93533b51a833644e7bf816b61e8108d738bf7026
Commit Graph

1851 Commits

Author SHA1 Message Date
Dave Rodgman
fac3ea5656 Merge pull request #6184 from leorosen/ssl_tls_curve_group_id_null_protect 
mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing
 2022-08-24 15:16:45 +01:00
Tom Cosgrove
bcc13c943f Add further missing whitespaces inside parentheses 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>

Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-24 15:08:16 +01:00
Tom Cosgrove
20c1137350 Fix coding style 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>

Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-24 15:06:13 +01:00
Andrzej Kurek
cccb044804 Style & formatting fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-23 05:26:02 -04:00
Andrzej Kurek
8c95ac4500 Add missing dependencies / alternatives 
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate, 
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-22 17:46:50 -04:00
Andrzej Kurek
25f271557b Update SHA and MD5 dependencies in the SSL module 
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO
is defined and respective SHA / MD5 defines are missing.
A new set of macros added in #6065 is used to reflect these dependencies.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-22 17:46:50 -04:00
Andrzej Kurek
a242e83b21 Rename the sha384 checksum context to reflect its purpose 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-22 17:02:04 -04:00
Jerry Yu
9f7f646b11 Revert "remove psk key when ephemeral selected" 
This reverts commit 5c28e7aa0e.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:59:17 +08:00
Jerry Yu
24b8c813c4 fix comments and wrong initial value issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:55:45 +08:00
Jerry Yu
5d01c05d93 fix various issues 
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:55:01 +08:00
Jerry Yu
6cf6b47b5c fix format and comment issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:54:53 +08:00
Leonid Rozenboim
19e5973566 mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing 
Avoid the shorthand practice of the form 'x = func(foo)->bar' which
exposes the code to NULL pointer de-referencing when the 'func()'
returns a NULL pointer.

The first chunk is for when the curve group code is not recognized by
the library, and is cleanly rejected if offered.

The second chunk addresses the unlikely case of an internal error:
if 'mbedtls_pk_can_do()' returns TRUE, it should rule out
'mbedtls_pk_ec()' returning a NULL, unless there is a regression.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-08-19 11:49:22 -07:00
Jerry Yu
e28d9745a1 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-18 15:44:03 +08:00
Jerry Yu
3419107e8d Add checks for ticket and resumption_key fields 
From RFC 8446 and the definition of session, we
should check the length.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-18 11:28:41 +08:00
Jerry Yu
e36fdd676c Change signature of tls13_session_save 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-17 21:50:25 +08:00
Jerry Yu
5c28e7aa0e remove psk key when ephemeral selected 
ephemeral is selected, `handshake->psk` must be removed.
Otherwise the encrypt key will be caculate fail.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu
ccc68a466e change handshake psk key type for tls13 
PSK key type of TLS1.3 must be HKDF_EXTRACT and the algo is
decided when create binder

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Dave Rodgman
8a9f88899d Merge pull request #6186 from leorosen/ssl_tls_null_on_invalid_code 
ssl_tls: avoid the appearance of a potential NULL dereferencing
 2022-08-11 10:12:34 +01:00
Leonid Rozenboim
e9d8dcdbf5 ssl_tls: avoid the appearance of a potential NULL dereferencing 
Looking at the bigger picture it is clear that if `ssl->session` is NULL,
there will be a failure much earlier, and that is well protected from,
however, the practice of dereferencing a pointer which has not been
verified in prior for validity goes against secure coding practices.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-08-09 12:34:30 -07:00
Dave Rodgman
f421d45869 Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype 
Fix build error due to  missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled
 2022-08-09 11:27:42 +01:00
Aditya Patwardhan
3096f331ee Fix missing prototype warning when MBEDTLS_DEPRECATED_REMOVED is 
enabled

Added the changelog.d entry

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
 2022-08-02 11:15:18 +05:30
Jerry Yu
09a99fcf8a Add rsa_pss_rsae_* sig algos for tls12 default 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Jerry Yu
379b1ff3a5 remove useless comment 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Jerry Yu
693a47ab1d add rsa_pss_rsae_* support in tls12 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Dave Rodgman
aba26d0099 Merge pull request #5963 from tom-daubney-arm/remove_ssl_compression_new 
Remove use of SSL session compression
 2022-07-28 10:28:23 +01:00
Manuel Pégourié-Gonnard
f6b8c3297a Merge pull request #6065 from mpg/explore2 
Driver-only hashes: RSA 1.5 and PK + strategy doc
 2022-07-28 10:43:38 +02:00
Thomas Daubney
54e38ea9cd Remove remaining references to compression in docs 
Some references to compression exist in the docs.
This commit removes those instances.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-07-26 16:13:23 +01:00
Thomas Daubney
20f89a9605 Remove uses of SSL compression 
Remove or modify current uses of session compression.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-07-26 16:13:03 +01:00
Ronald Cron
e579ece305 Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load 
TLS 1.3: Add serialize session save load
I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in  #6123. Thus I am ok to merge it as it is.
 2022-07-23 08:57:11 +02:00
Ronald Cron
340c559cb3 Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks 
TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.
 2022-07-23 08:50:45 +02:00
Jerry Yu
bc7c1a4260 fix typo/format/name issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:09:40 +08:00
Jerry Yu
438ddd835b Add tls13 session save/load 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:08:43 +08:00
Jerry Yu
568ec2502a fix format/name issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 21:27:34 +08:00
Ronald Cron
4beb870fa8 Merge pull request #6064 from xkqian/tls13_add_psk 
Add psk code to tls13 client side
 2022-07-22 11:35:05 +02:00
XiaokangQian
adab9a6440 Fix transcript issues and add cases against openssl 
Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
Jerry Yu
1c105560b4 add offered psks parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu
6dcd18d55b export hdr checksum function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu
fca4d579a4 fix various issues 
- unnecessary comments
- format issue
- improve readability

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 10:37:48 +08:00
Jerry Yu
251a12e942 Add dummy session save 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 22:40:59 +08:00
Manuel Pégourié-Gonnard
abac037a7b Migrate from old inline to new actual function. 
This is mostly:

    sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \
    library/*.c tests/suites/*.function

This should be good for code size as the old inline function was used
from 10 translation units inside the library, so we have 10 copies at
least.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-18 21:28:38 +02:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Manuel Pégourié-Gonnard
4d7af2aee0 Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection 
Permissions 2a: TLS 1.2 ciphersuite selection
 2022-07-04 12:37:02 +02:00
Ronald Cron
0e39ece23f Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk 
Refactor signature algorithm chooser
 2022-07-04 09:10:08 +02:00
Neil Armstrong
971f30d917 Fix mbedtls_ssl_get_ciphersuite_sig_alg() by returning MBEDTLS_PK_NONE for MBEDTLS_KEY_EXCHANGE_RSA 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 16:23:50 +02:00
Jerry Yu
52b7d923fe fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-01 18:12:44 +08:00
Neil Armstrong
96eceb8022 Refine mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg() when USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 18:05:05 +02:00
Jerry Yu
2fe6c638e2 remove supported check from parse sig algs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:20:17 +08:00
Jerry Yu
660cb4209c Remove pkcs1 from key cert and sig alg map 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:20:17 +08:00
Jerry Yu
71b18844ff fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:19:49 +08:00
Jerry Yu
cc5391048e fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:18:30 +08:00