mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-21 23:05:55 +03:00

Author	SHA1	Message	Date
Gilles Peskine	ad84044386	Test split, coalesced-split and empty handshake records Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-04-01 10:39:48 +02:00
Gilles Peskine	da5f5b23d0	Add a log message on every SSL state transition Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-04-01 10:39:09 +02:00
Gilles Peskine	49f179d9c8	Always call mbedtls_ssl_handshake_set_state Call a single function for all handshake state changes, for easier tracing. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-04-01 10:39:04 +02:00
Minos Galanakis	05657d9dee	Revert "Add auto-generated files" This reverts commit 22098d41c6620ce07cf8a0134d37302355e1e5ef. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-03-23 13:09:30 +00:00
Minos Galanakis	22098d41c6	Add auto-generated files Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-03-20 09:33:09 +00:00
Minos Galanakis	e62ef05344	Version Bump for 3.6.3 ./scripts/bump_version.sh --version 3.6.3 Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-03-18 17:11:54 +00:00
Minos Galanakis	7a95d16a31	Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.3rc0-pr Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-03-18 16:28:26 +00:00
Manuel Pégourié-Gonnard	b6ad19b2b8	Merge pull request #9976 from mpg/defragment-ext-test-3.6 Defragment ext test 3.6	2025-03-17 11:44:28 +00:00
Minos Galanakis	dfc8e43614	Merge remote-tracking branch 'upstream/mbedtls-3.6' into pre-3.6.3-upstream-merge	2025-03-14 14:23:23 +00:00
Gilles Peskine	c03cd1124c	Merge pull request #10025 from waleed-elmelegy-arm/mbedtls-3.6-fix-key-deriv-bad-state-error Backport 3.6: Fix psa_key_derivation_input_integer() not detecting bad state	2025-03-14 10:11:40 +00:00
Manuel Pégourié-Gonnard	051b1e21d6	Reduce the level of logging used in tests This should avoid running into a bug with printf format specifiers one windows. It's also a logical move for actual tests: I used the highest debug level for discovery, but we don't need that all the time. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2025-03-14 09:21:59 +01:00
Manuel Pégourié-Gonnard	00ad6f6b03	New test function inject_client_content_on_the_wire() Not used for real stuff so far, just getting the tooling in place. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2025-03-14 09:21:59 +01:00
Gilles Peskine	3dbe333ab0	Merge pull request #10051 from Vge0rge/key_id_range_backport PSA core: Allow enabling one volatile/builtin key	2025-03-13 09:27:12 +00:00
David Horstmann	26f0044ad0	Merge pull request #1319 from davidhorstmann-arm/calc-finished-check-return-3.6 [Backport 3.6] TLS1.2: Check for failures in Finished calculation	2025-03-12 17:35:40 +00:00
Minos Galanakis	104bd06826	Merge remote-tracking branch 'origin/features/tls-defragmentation/3.6' into feature_merge_defragmentation_36 Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-03-12 15:21:56 +00:00
Gilles Peskine	43f636ff4d	Merge pull request #1316 from gilles-peskine-arm/zeroize-psa-202503-3.6 Backport 3.6: Zeroize PSA temporary heap buffers	2025-03-11 17:38:28 +01:00
Georgios Vasilakis	d5e64f71db	PSA core: Allow enabling one volatile/builtin key The current impelementation asserts if the user sets MBEDTLS_PSA_KEY_SLOT_COUNT to one or if they limit their builtin range to one key. This removes the requirement and allows for only one key volatile/builtin to be enabled. Signed-off-by: Georgios Vasilakis <georgios.vasilakis@nordicsemi.no>	2025-03-11 09:37:29 +01:00
Manuel Pégourié-Gonnard	8a4ec49671	Cleanly reject non-HS in-between HS fragments Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2025-03-10 21:38:48 +01:00
Waleed Elmelegy	443908bc5d	Replace zero by PSA_ALG_NONE in key derivation input functions Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-03-10 14:20:09 +00:00
David Horstmann	b5ef7da7cb	TLS1.2: Check for failures in Finished calculation If the calc_finished function returns an error code, don't ignore it but instead return the error code to stop the handshake as the Finished message may be incorrect. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2025-03-07 17:25:54 +00:00
Gilles Peskine	c22e315086	Fix a log message Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-07 10:44:57 +01:00
Gilles Peskine	229e200cb4	Note unused variables when debugging is disabled Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-06 21:33:32 +01:00
Gilles Peskine	dee926359c	Pacify uncrustify Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-06 21:33:29 +01:00
Gilles Peskine	ce726b23fa	Fix uninitialized variable The of m_bytes value isn't actually used when it's uninitialized, because *data is null, but that's very fragile. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-06 19:27:50 +01:00
Gilles Peskine	0a467ccd24	Unify handshake fragment log messages There is no longer any different processing at this point, just near-identical log messages. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-06 19:22:52 +01:00
Gilles Peskine	b888cca5b6	Fix handshake defragmentation when the record has multiple messages A handshake record may contain multiple handshake messages, or multiple fragments (there can be the final fragment of a pending message, then zero or more whole messages, and an initial fragment of an incomplete message). This was previously untested, but supported, so don't break it. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-06 19:22:40 +01:00
Gilles Peskine	3175fc3be2	Fix end check before memmove Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-06 19:10:41 +01:00
Gilles Peskine	184cac1eb6	Zeroize temporary heap buffers used when deriving an ECC key Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-06 12:42:30 +01:00
Gilles Peskine	e847afd9ef	Zeroize temporary heap buffers used in PSA operations Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-06 12:41:59 +01:00
Gilles Peskine	58c3301f65	Make conversion explicit to silence MSVC warning Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-05 17:03:20 +01:00
Gilles Peskine	302f37b05d	Fix dodgy printf calls Pacify `clang -Wformat-pedantic`. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-05 17:03:20 +01:00
Gilles Peskine	cc856a2c0e	Handshake defragmentation: reassemble incrementally Reassemble handshake fragments incrementally instead of all at the end. That is, every time we receive a non-initial handshake fragment, append it to the initial fragment. Since we only have to deal with at most two handshake fragments at the same time, this simplifies the code (no re-parsing of a record) and is a little more memory-efficient (no need to store one record header per record). This commit also fixes a bug. The previous code did not calculate offsets correctly when records use an explicit IV, which is the case in TLS 1.2 with CBC (encrypt-then-MAC or not), GCM and CCM encryption (i.e. all but null and ChachaPoly). This led to the wrong data when an encrypted handshake message was fragmented (Finished or renegotiation). The new code handles this correctly. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-05 17:03:20 +01:00
Gilles Peskine	22c51b9a0b	mbedtls_ssl_prepare_handshake_record(): log offsets after decryption Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-05 17:03:20 +01:00
Gilles Peskine	af0c461f39	mbedtls_ssl_prepare_handshake_record(): refactor first fragment prep Minor refactoring of the initial checks and preparation when receiving the first fragment. Use `ssl->in_hsfraglen` to determine whether there is a pending handshake fragment, for consistency, and possibly for more robustness in case handshake fragments are mixed with non-handshake records (although this is not currently supported anyway). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-05 17:03:20 +01:00
Gilles Peskine	1e81d349b8	Tweak handshake fragment log message In preparation for reworking mbedtls_ssl_prepare_handshake_record(), tweak the "handshake fragment:" log message. This changes what information is displayed when a record contains data beyond the expected end of the handshake message. This case is currently untested and its handling will change in a subsequent commit. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-05 17:03:20 +01:00
Gilles Peskine	3d490a91ad	Tweak "waiting for more handshake fragments" log message In preparation for reworking mbedtls_ssl_prepare_handshake_record(), tweak the "waiting for more handshake fragments" log message in ssl_consume_current_message(), and add a similar one in mbedtls_ssl_prepare_handshake_record(). Assert both. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-03-05 17:03:20 +01:00
Waleed Elmelegy	82cd324fd4	Fix code style for key derivation input function Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-03-03 15:04:17 +00:00
Waleed Elmelegy	72b391fe07	Fix psa_key_derivation_input_integer() not detecting bad state Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2025-03-03 12:37:02 +00:00
Valerio Setti	05b3835bd6	psa: move definition of psa_can_do_hash() to crypto_extra.h This allows any implementer of the PSA client interface to easily include this header and therefore function's prototype. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-02-21 15:01:04 +01:00
Waleed Elmelegy	4726d20320	Remove unused variable in ssl_server.c Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com> Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-19 22:03:28 +01:00
Deomid rojer Ryabkov	2878a0559e	Remove obselete checks due to the introduction of handhsake defragmen... tation. h/t @waleed-elmelegy-arm `909e71672f` Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com> Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-19 22:03:13 +01:00
Gilles Peskine	cb72cd2ec3	Don't reset badmac_seen on a DTLS client reconnect Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-17 16:36:36 +01:00
Gilles Peskine	b710599e4a	Merge in_hsfraglen with badmac_seen_or_in_hsfraglen In the `mbedtls_ssl_context` structure, merge the field `in_hsfraglen` into `badmac_seen_or_in_hsfraglen`. This restores the ABI of `libmbedtls` as it was in Mbed TLS 3.6.0 through 3.6.2. The field `badmac_seen_or_in_hsfraglen` (formerly `badmac_seen`) was only used for DTLS (despite being present in non-DTLS builds), and the field `in_hsfraglen` was only used in non-DTLS TLS. Therefore the two values can be stored in the same field. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-17 16:28:51 +01:00
Gilles Peskine	ebdd405f68	Change the type of in_hsfraglen to unsigned In the `mbedtls_ssl_context` structure, change the type of `in_hsfraglen` from `size_t` to `unsigned`. This is in preparation for merging `in_hsfraglen` into `badmac_seen_or_in_hsfraglen`, which has the type `unsigned` and cannot change since we do not want to change the ABI. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-17 16:26:27 +01:00
Gilles Peskine	f6a676d93f	Rename badmac_seen to badmac_seen_or_in_hsfraglen Prepare to unify two fields of the `mbedtls_ssl_context` structure: `badmac_seen` (always present but only used in DTLS) and `in_hsfraglen` (always present but only used in non-DTLS TLS). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-17 16:10:14 +01:00
Gilles Peskine	69f8f45e6f	Minor readability improvement No behavior change. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2025-02-17 16:08:59 +01:00
Deomid rojer Ryabkov	bbe8745d19	Remove in_hshdr The first fragment of a fragmented handshake message always starts at the beginning of the buffer so there's no need to store it. Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-17 15:59:55 +01:00
Deomid rojer Ryabkov	85ec2b3632	Add a safety check for in_hsfraglen Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-17 15:59:04 +01:00
Deomid rojer Ryabkov	5c853ea2c5	Allow fragments less HS msg header size (4 bytes) Except the first Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-17 15:59:04 +01:00
Deomid rojer Ryabkov	96e2290e3d	Remove mbedtls_ssl_reset_in_out_pointers Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>	2025-02-17 15:59:04 +01:00

1 2 3 4 5 ...

13535 Commits