lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-09 10:01:18 +03:00
Code
32,322 Commits 172 Branches 268 Tags
Commit Graph

545 Commits

Author SHA1 Message Date
Gilles Peskine
cd0a565644
Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype 
TLS 1.3: Upstream misc fix from prototype
 2023-01-05 14:35:54 +01:00
Valerio Setti
67419f0e11 tls: fix + save code size when DEBUG_C is not enabled 
Some PSA curves' symbols (PSA_WANT_) were not matching the corresponding
MBEDTLS_ECP_DP_. This was fixed together with the removal of extra code
when DEBUG_C is not enabled.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-04 17:36:00 +01:00
Valerio Setti
40d9ca907b tls: remove useless legacy function 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-04 16:08:04 +01:00
Valerio Setti
18c9fed857 tls: remove dependency from mbedtls_ecp_curve functions 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2023-01-03 13:03:34 +01:00
Dave Rodgman
01f6e61781
Merge pull request #986 from Mbed-TLS/merge-back-3.3.0-3 
Merge back 3.3.0 3
 2022-12-14 19:18:05 +00:00
Manuel Pégourié-Gonnard
4064a82802
Merge pull request #5600 from yuhaoth/pr/refactor-cookie-members-of-handshake 
Refactor cookie members of handshake
 2022-12-14 10:55:34 +01:00
Jerry Yu
ddda050604 tls13: Upstream various fix in prototype 
- Adjust max input_max_frag_len
- Guard transform_negotiate
- Adjust function position
- update comments
- fix wrong requirements

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-09 09:51:20 +08:00
Dave Rodgman
a5b2c52885 Merge remote-tracking branch 'restricted/development-restricted' into mbedtls-3.3.0rc0-pr 2022-12-08 14:10:59 +00:00
Jerry Yu
ac5ca5a0ea Refactor cookie members of handshake struct 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-05 19:58:45 +08:00
Dave Rodgman
acbb6dc364 Merge remote-tracking branch 'origin/development' into merge-dev 2022-12-05 10:59:23 +00:00
Tom Cosgrove
1797b05602 Fix typos prior to release 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-04 17:19:59 +00:00
Jerry Yu
3ce61ffca6 fix comments and function name issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Jerry Yu
3d9b590f02 guards transform_earlydata 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-28 17:34:06 +08:00
Dave Rodgman
bf9b23abf8
Merge pull request #6648 from gilles-peskine-arm/psa-ecb-null-0 
Fix NULL+0 undefined behavior in PSA crypto ECB
 2022-11-25 17:07:46 +00:00
Gilles Peskine
5a34b36bbd Remove more now-redundant definitions of inline 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-25 13:26:44 +01:00
Manuel Pégourié-Gonnard
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847 
Use PSA EC-JPAKE in TLS (1.2) - Part 2
 2022-11-23 13:27:30 +01:00
Valerio Setti
d4a9b1ab8d tls: psa_pake: remove useless defines and fix a comment 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-22 11:11:10 +01:00
Valerio Setti
6b3dab03b5 tls: psa_pake: use a single function for round one and two in key exchange read/write 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 17:14:54 +01:00
Valerio Setti
9bed8ec5d8 tls: psa_pake: make round two reading function symmatric to the writing one 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 16:36:19 +01:00
Valerio Setti
a08b1a40a0 tls: psa_pake: move move key exchange read/write functions to ssl_tls.c 
Inlined functions might cause the compiled code to have different sizes
depending on the usage and this not acceptable in some cases.
Therefore read/write functions used in the initial key exchange are
moved to a standard C file.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 16:34:59 +01:00
Valerio Setti
4a9caaa0c9 tls12: psa_pake: check elliptic curve's TLS ID on handshake 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-16 14:50:10 +01:00
Valerio Setti
fbbc1f3812 tls12: psa_pake: use proper defines for the output size of each step in ECJPAKE 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-16 14:49:52 +01:00
Valerio Setti
02c25b5f83 tls12: psa_pake: use common code for parsing/writing round one and round two data 
Share a common parsing code for both server and client for parsing
round one and two.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-16 13:56:12 +01:00
Ronald Cron
e9f92c4fbc tls: Fix in_cid buffer size in transform structure 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-16 10:23:05 +01:00
Xiaokang Qian
a042b8406d Address some format issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:19 +00:00
Xiaokang Qian
f447e8a8d3 Address comments base on reviews 
Improve early data indication check
Update test case to gnutls server

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:36 +00:00
Xiaokang Qian
ecc2948f21 Fix format issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:05 +00:00
Xiaokang Qian
338f727683 Move EARLY_DATA_OFF/ON guard to ssl_misc.h 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:15:03 +00:00
Xiaokang Qian
b781a2323c Move ssl_tls13_has_configured_ticket() back to tls13 client 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:13:51 +00:00
Xiaokang Qian
893ad81966 Remove useless early_secrets field 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:13:51 +00:00
Xiaokang Qian
0e97d4d16d Add early data indication to client side 
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:13:50 +00:00
Jerry Yu
b95dd3683b Add missing mask set and tls13 unrecognized extension 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-08 23:51:38 +08:00
Jerry Yu
ea52ed91cf fix typo and spell issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-08 21:01:17 +08:00
Neil Armstrong
ca7d506556 Use PSA PAKE API when MBEDTLS_USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-08 10:58:45 +01:00
Jerry Yu
d25cab0327 Refactor debug helpers for exts and hs message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-06 11:54:21 +08:00
Jerry Yu
df0ad658a3 tls13: Add allowed extesions constants. 
- And refactor check_received_extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-02 21:35:27 +08:00
Jerry Yu
7a485c1fdf Add ext id and utilities 
- Remove `MBEDTLS_SSL_EXT_*`
- Add macros and functions for translating iana identifer.
- Add internal identity for extension

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
c4bf5d658e fix various issues 
- Signature of
  - mbedtls_tls13_set_hs_sent_ext_mask
  - check_received_extension and issues
- Also fix comment issue.
- improve readablity.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
03112ae022 change input extension_type 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
0c354a211b introduce sent/recv extensions field 
And remove `extensions_present`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
ffa1582793 move get_extension mask 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
d15992d3ce fix wrong setting of unrecognized ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Jerry Yu
e18dc7eb9a Add forbidden extensions check for ClientHello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-31 16:41:42 +08:00
Ronald Cron
73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED 
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED 
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
41a443a68d tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED 
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
928cbd34e7 tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED 
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.

Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
d29e13eb1b tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Ronald Cron
3b056202d3 tls13: keys: Do not use handshake->premaster 
`handshake->premaster` was used to store the
(EC)DHE shared secret but in TLS 1.3 there is
no need to store it in a context.

Futhermore, `handshake->premaster` and more
specifically its sizing is TLS 1.2 specific
thus better to not use it in TLS 1.3.

Allocate a buffer to store the shared secret
instead. Allocation instead of a stack buffer
as the maintenance of the size of such buffer
is harder (new elliptic curve for ECDHE,
support for FFDHE ... ).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:34:20 +02:00
Xiaokang Qian
ed3afcd6c3 Fix various typo and macro guards issues 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:51 +00:00