lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-14 20:01:00 +03:00
Code Activity
28,106 Commits 173 Branches 272 Tags
a765eaa33e6e35bc24aa45f8082aded641ceddfa
Commit Graph

12305 Commits

Author SHA1 Message Date
Dave Rodgman
cba4091581 Merge pull request #8516 from mschulz-at-hilscher/fixes/divided-assembler-syntax-error-gcc493 
Fixes invalid default choice of thumb assembler syntax.
 2023-11-14 17:57:37 +00:00
Manuel Pégourié-Gonnard
752dd39a69 Merge pull request #8508 from valeriosetti/issue6323 
[G3] Driver-only cipher+aead: TLS: ssl-opt.sh
 2023-11-14 11:39:06 +00:00
Matthias Schulz
e94525bd17 Updated comments. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-11-13 14:01:02 +01:00
Matthias Schulz
35842f52f2 Simplified check. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-11-13 13:57:05 +01:00
Matthias Schulz
ca8981c1ee Added proposed fixes 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-11-13 10:04:19 +01:00
Tom Cosgrove
08ea9bfa1f Merge pull request #8487 from yanrayw/issue/6909/rename_tls13_conf_early_data 
TLS 1.3: Rename early_data and max_early_data_size configuration function
 2023-11-10 19:35:46 +00:00
Valerio Setti
01c4fa3e88 ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h 
This is useful to properly define MBEDTLS_PSK_MAX_LEN when
it is not defined explicitly in mbedtls_config.h

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-11-10 08:12:07 +01:00
Matthias Schulz
2e068cef09 fixes invalid default choice of thumb assembler syntax. 
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
 2023-11-09 15:25:52 +01:00
Manuel Pégourié-Gonnard
7d7ce0e66a Merge pull request #8495 from lpy4105/issue/6322/driver-only-cipher_aead-tls 
[G3] Driver-only cipher+aead: TLS: main test suite
 2023-11-09 11:10:34 +00:00
Gilles Peskine
4dec9ebdc2 Merge pull request #8378 from mschulz-at-hilscher/fixes/issue-8377 
Fixes "CSR parsing with critical fields fails"
 2023-11-08 18:07:04 +00:00
Dave Rodgman
0d22539de0 Merge pull request #8468 from daverodgman/mbedtls-3.5.1-pr 
Mbed TLS 3.5.1
 2023-11-08 18:01:32 +00:00
Dave Rodgman
28d40930ae Restore bump version 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-08 11:40:08 +00:00
Pengyu Lv
2bd56de3f4 ssl: replace MBEDTLS_SSL_HAVE_*_CBC with two seperate macros 
MBEDTLS_SSL_HAVE_<block_cipher>_CBC equals
MBEDTLS_SSL_HAVE_<block_cipher> and MBEDTLS_SSL_HAVE_CBC.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-08 14:21:19 +08:00
Pengyu Lv
65458fa969 ssl: MBEDTLS_SSL_HAVE_* in ssl_misc.h 
Done by commands:

```
sed -i "300,$ s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-08 12:16:29 +08:00
Pengyu Lv
829dd2048a ssl: use MBEDTLS_SSL_HAVE_* in ssl_ciphersuites.c 
Mainly done by the commands, with some manual adjust.

```
sed -i "s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
sed -i "s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
sed -i "s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_ciphersuites.c
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-08 12:01:26 +08:00
Pengyu Lv
f1b86b088f ssl: add macro to indicate CBC mode is available 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-08 11:28:42 +08:00
Pengyu Lv
e870cc8c86 ssl: add macro for available key types 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-08 11:28:36 +08:00
Tom Cosgrove
53199b1c0a Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed 
TLS 1.3: EarlyData SRV: Write early data extension  in EncryptedExtension
 2023-11-07 13:59:13 +00:00
Tom Cosgrove
4122c16abd Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination 
TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption
 2023-11-07 09:26:21 +00:00
Jerry Yu
7ef9fd8989 fix various issues 
- Debug message
- Improve comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-07 14:31:37 +08:00
Jerry Yu
2bea94ce2e check the ticket version unconditional 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-07 14:18:17 +08:00
Yanray Wang
0751761b49 max_early_data_size: rename configuration function 
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-07 11:49:34 +08:00
Yanray Wang
d5ed36ff24 early data: rename configuration function 
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2023-11-07 11:49:24 +08:00
Pengyu Lv
44670c6eda Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption" 
This reverts commit dadeb20383.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-07 09:58:53 +08:00
Dave Rodgman
4b67ac8adf Merge pull request #8444 from Mbed-TLS/cvv-code-size 
code size for mbedtls_cipher_validate_values
 2023-11-06 12:50:37 +00:00
Gilles Peskine
8b6b41f6cd Merge pull request #8434 from valeriosetti/issue8407 
[G2] Make TLS work without Cipher
 2023-11-04 15:05:00 +00:00
Dave Rodgman
4eb44e4780 Standardise some more headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-03 12:15:12 +00:00
Dave Rodgman
ce38adb731 Fix header in ssl_tls13_keys.c 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-03 10:29:25 +00:00
Dave Rodgman
f8be5f6ade Fix overlooked files 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 20:43:00 +00:00
Dave Rodgman
16799db69a update headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 19:47:20 +00:00
Dave Rodgman
e91d7c5d68 Update comment to mention IAR 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 10:36:38 +00:00
Jerry Yu
960b7ebbcf move psk check to EE message on client side 
early_data extension is sent in EE. So it should
not be checked in SH message.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-01 10:32:18 +08:00
Jerry Yu
82fd6c11bd Add selected key and ciphersuite check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-01 10:32:17 +08:00
Jerry Yu
ce3b95e2c9 move ticket version check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-01 10:32:17 +08:00
Jerry Yu
454dda3e25 fix various issues 
- improve output message
- Remove unnecessary checks
- Simplify test command

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-01 10:28:43 +08:00
Dave Rodgman
9ba640d318 Simplify use of __has_builtin 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 23:34:02 +00:00
Dave Rodgman
90c8ac2205 Add case for MSVC 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 23:27:24 +00:00
Dave Rodgman
64bdeb89b9 Use non-empty definition for fallback 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 23:27:04 +00:00
Dave Rodgman
52e7052b6c tidy up comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 23:26:44 +00:00
Dave Rodgman
3e5cc175e0 Reduce code size in mbedtls_cipher_validate_values 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 18:00:01 +00:00
Dave Rodgman
6d2c1b3748 Restructure mbedtls_cipher_validate_values 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 18:00:01 +00:00
Dave Rodgman
fb24a8425a Introduce MBEDTLS_ASSUME 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-31 17:59:56 +00:00
Pengyu Lv
dbd1e0d986 tls13: add helpers to check if psk[_ephemeral] allowed by ticket 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-31 10:17:17 +08:00
Pengyu Lv
29daf4a36b tls13: server: fully check ticket_flags with available kex mode. 
We need to fully check if the provided session ticket could be
used in the handshake, so that we wouldn't cause handshake
failure in some cases. Here we bring f8e50a9 back.

Example scenario:
A client proposes to a server, that supports only the psk_ephemeral
key exchange mode, two tickets, the first one is allowed only for
pure PSK key exchange mode and the second one is psk_ephemeral only.
We need to select the second tickets instead of the first one whose
ticket_flags forbid psk_ephemeral and thus cause a handshake
failure.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-31 09:34:14 +08:00
Dave Rodgman
b06d701f56 Merge pull request #8406 from beni-sandu/aesni 
AES-NI: use target attributes for x86 32-bit intrinsics
 2023-10-30 17:01:06 +00:00
Tom Cosgrove
3857bad9a2 Merge pull request #8427 from tom-cosgrove-arm/fix-linux-builds-in-conda-forge 
Fix builds in conda-forge, which doesn't have CLOCK_BOOTTIME
 2023-10-30 15:29:26 +00:00
Valerio Setti
467271dede ssl_misc: ignore ALG_CBC_PKCS7 for MBEDTLS_SSL_HAVE_xxx_CBC 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-30 11:40:32 +01:00
Valerio Setti
1ebb6cd68d ssl_misc: add internal MBEDTLS_SSL_HAVE_[AES/ARIA/CAMELLIA]_CBC symbols 
These are used in tests to determine whether there is support for
one of those keys for CBC mode.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-30 11:36:32 +01:00
Pengyu Lv
cfb23b8090 tls13: server: parse pre_shared_key only when some psk is selectable 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-30 15:26:26 +08:00
Beniamin Sandu
800f2b7c02 AES-NI: use target attributes for x86 32-bit intrinsics 
This way we build with 32-bit gcc/clang out of the box.
We also fallback to assembly for 64-bit clang-cl if needed cpu
flags are not provided, instead of throwing an error.

Signed-off-by: Beniamin Sandu <beniaminsandu@gmail.com>
 2023-10-27 17:02:22 +01:00