lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-28 23:14:56 +03:00
Code Activity
33,752 Commits 176 Branches 276 Tags
c8823a262d4985757f03e2b4cc7eca4ac7932bb3
Commit Graph

216 Commits

Author SHA1 Message Date
Valerio Setti
e7cefae5f4 ssl: fix getting group id in ssl_check_key_curve() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-10-06 13:19:48 +02:00
Gilles Peskine
3713bee34c Remove leftover local debug line 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-02 18:43:18 +02:00
Gilles Peskine
530c423ad2 Improve some debug messages and error codes 
On a parsing error in TLS, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE, not a
crypto error code.

On error paths, emit a level-1 debug message. Report the offending sizes.

Downgrade an informational message's level to 3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-02 15:42:11 +02:00
Gilles Peskine
c8df898204 Fix buffer overflow in TLS 1.2 ClientKeyExchange parsing 
Fix a buffer overflow in TLS 1.2 ClientKeyExchange parsing. When
MBEDTLS_USE_PSA_CRYPTO is enabled, the length of the public key in an ECDH
or ECDHE key exchange was not validated. This could result in an overflow of
handshake->xxdh_psa_peerkey, overwriting further data in the handshake
structure or further on the heap.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-02 15:02:33 +02:00
Gilles Peskine
eda1b1f744 Merge pull request #7921 from valeriosetti/issue7613 
TLS: Clean up ECDSA dependencies
 2023-09-20 12:47:55 +00:00
Dave Rodgman
b7825ceb3e Rename uint->bool operators to reflect input types 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-10 11:58:18 +01:00
Dave Rodgman
c98f8d996a Merge branch 'development' into safer-ct5 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-08-07 11:47:35 +01:00
Valerio Setti
e9646ecd08 tls: fix guards for ECDSA support 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-03 09:15:28 +02:00
Valerio Setti
45d56f3d25 tls: replace ECDSA_C and PK_CAN_ECDSA_SOME with key exchange related ones 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-01 19:02:38 +02:00
Manuel Pégourié-Gonnard
de8f56e936 Merge pull request #7884 from valeriosetti/issue7612 
TLS: Clean up (EC)DH dependencies
 2023-08-01 07:13:36 +00:00
Gilles Peskine
bb07377458 Merge pull request #7935 from AgathiyanB/add-enum-casts 
Add type casts for integer and enum types
 2023-07-26 11:27:27 +02:00
Valerio Setti
ea59c43499 tls: fix a comment a rename a variable/symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-25 11:14:03 +02:00
Valerio Setti
60d3b91eba tls: use TLS 1.2 macros in ssl_tls12_server.c 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-25 10:43:53 +02:00
Agathiyan Bragadeesh
8b52b88b6d Add type casts in ssl library 
Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>
 2023-07-17 15:14:42 +01:00
Valerio Setti
c2232eadfb tls: replace PK_CAN_ECDH guards with new helpers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Valerio Setti
7aeec54094 tls: replace ECDH_C guards with new helpers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 17:23:53 +02:00
Przemek Stekiel
46b2d2b643 Fix code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-07 09:34:17 +02:00
Przemek Stekiel
615cbcdbdf Provide additional comments for claryfication 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-06 12:16:39 +02:00
Przemek Stekiel
7ac93bea8c Adapt names: dh -> xxdh 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:26:26 +02:00
Przemek Stekiel
6f199859b6 Adapt handshake fields to ffdh 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:25:00 +02:00
Manuel Pégourié-Gonnard
56b159a12a Merge pull request #7627 from mprse/ffdh_tls13_v2 
Make use of FFDH keys in TLS 1.3 v.2
 2023-07-03 10:12:33 +02:00
Dave Rodgman
9fbb0cf08e Merge remote-tracking branch 'origin/development' into safer-ct5 2023-06-28 18:52:02 +01:00
Przemek Stekiel
7dda271c1d Fix description of functions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-28 09:16:08 +02:00
Tom Cosgrove
db041cc82f Merge pull request #7665 from AndrzejKurek/optimize-error-translation-code-size 
Optimize error translation code size
 2023-06-28 08:09:00 +01:00
Valerio Setti
6835b4a6ed tls: always zeroize buffer on exit 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-22 09:06:31 +02:00
Valerio Setti
3589a4c644 tls: keep buffer declaration in a single line 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-22 09:02:44 +02:00
Valerio Setti
b46217d5c1 tls: never destroy a priavte key that is not owned/created by TLS module 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 13:18:52 +02:00
Valerio Setti
0813b6f28d tls: optimize code in ssl_get_ecdh_params_from_cert() 
When MBEDTLS_PK_USE_PSA_EC_DATA is defined, opaque and non-opaque keys
are basically stored in the same way (only a diffferent ownership for
the key itself), so they should be treated similarly in the code.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-06-16 12:18:53 +02:00
Andrzej Kurek
1e4a030b00 Fix wrong array size calculation in error translation code 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:47 -04:00
Andrzej Kurek
1c7a99856f Add missing ifdefs 
Make sure that the error translating functions
are only defined when they're used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:47 -04:00
Andrzej Kurek
0064484a70 Optimize error translation code size 
Introducing an intermediate function
saves code size that's otherwise taken by excessive,
repeated arguments in each place that
was translating errors.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-06-13 05:46:46 -04:00
Dave Rodgman
c216d94560 Merge remote-tracking branch 'origin/development' into safer-ct5 2023-06-13 10:36:37 +01:00
Przemek Stekiel
75a5a9c205 Code cleanup 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-13 09:57:23 +02:00
Przemek Stekiel
da4fba64b8 Further code optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel
24e50d3dbd Compile out length check to silent the compiler warning 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Manuel Pégourié-Gonnard
6076f4124a Remove hash_info.[ch] 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
8857984b2f Replace hash_info macro with MD macro 
Now the MD macro also accounts for PSA-only hashes.

Just a search-and-replace, plus manually removing the definition in
hash_info.h.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard
7b1136836c Merge pull request #7438 from valeriosetti/issue7074 
Avoid parse/unparse private ECC keys in PK with USE_PSA when !ECP_C
 2023-06-01 10:06:45 +02:00
Dave Rodgman
293eedd3ad Use new CT interface in ssl_tls12_server.c 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-05-26 12:42:48 +01:00
Valerio Setti
d0405093d9 tls: use pk_get_group_id() instead of directly accessing PK's structure 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-24 16:02:32 +02:00
Thomas Daubney
f9f0ba8211 Use functions in alignment.h to get value 
Refactor code using get functions from alignment.h to
read values.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2023-05-24 06:24:16 +01:00
Valerio Setti
972077820b tls/x509: minor enhancement for using the new private key format 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-23 15:12:07 +02:00
Valerio Setti
3f00b84dd1 pk: fix build issues 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-15 12:57:06 +02:00
Valerio Setti
77a75685ed pk: align library and tests code to the new internal functions 
Note = programs are not aligned to this change because:
- the original mbedtls_pk_ec is not ufficially deprecated
- that function is used in tests when ECP_C is defined, so
  the legacy version of that function is available in that
  case

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-15 11:18:46 +02:00
Valerio Setti
4f387ef277 pk: use better naming for the new key ID field 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-05 10:59:32 +02:00
Valerio Setti
048cd44f77 pk: fix library code for using the new opaque key solution 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-05-05 10:59:32 +02:00
Ronald Cron
fe01ec2d57 tls12: srv: Use sizeof() instead of constant 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:05 +02:00
Ronald Cron
c564938180 Add downgrade protection mechanism 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:05 +02:00
Ronald Cron
6291b23080 tls: Add logic in handshake step to enable server version negotiation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Valerio Setti
77a904c761 ssl: remove useless guard 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-28 16:26:48 +02:00