lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-28 23:14:56 +03:00
Code Activity
32,052 Commits 176 Branches 276 Tags
e51bde06daff0ac92f0545ebe4406bda260542e5
Commit Graph

349 Commits

Author SHA1 Message Date
David Horstmann
9f10979853 Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.1rc0-pr 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-08-28 20:48:27 +01:00
Gilles Peskine
50476272a9 Error translation and init are needed in PSK-only builds as well 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-08-26 09:28:41 +02:00
Gilles Peskine
069bccdf78 Call psa_crypto_init in the library when required for TLS 1.3 
For backward compatibility with Mbed TLS <=3.5.x, applications must be able
to make a TLS connection with a peer that supports both TLS 1.2 and TLS 1.3,
regardless of whether they call psa_crypto_init(). Since Mbed TLS 3.6.0,
we enable TLS 1.3 in the default configuration, so we must take care of
calling psa_crypto_init() if needed. This is a change from TLS 1.3 in
previous versions, where enabling MBEDTLS_SSL_PROTO_TLS1_3 was a user
choice and could have additional requirement.

This commit makes the library call psa_crypto_init() when it needs PSA
crypto in a situation where the application might not have called it,
namely, when starting a TLS 1.3 connection.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-08-25 10:44:39 +02:00
Manuel Pégourié-Gonnard
ce60330dfb Merge 1.2 and 1.3 certificate verification 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Manuel Pégourié-Gonnard
dee6ffa961 Add support for context f_vrfy callback in 1.3 
This was only supported in 1.2 for no good reason.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Manuel Pégourié-Gonnard
e910ac8627 Improve a variable's name 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Manuel Pégourié-Gonnard
523a7e4aaf Restrict the scope of a few variables 
In particular, make sure pointer variables are initialized right after
being declared.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Ronald Cron
cb7f63266f tls13: Add support for trusted certificate callback 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Manuel Pégourié-Gonnard
2b98a4ee3b Allow no authentication of the server in 1.3 
See notes about optional two commits ago for why we're doing this.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Manuel Pégourié-Gonnard
e1cc926717 Allow optional authentication of the server in 1.3 
This is for compatibility, for people transitioning from 1.2 to 1.3.
See https://github.com/Mbed-TLS/mbedtls/issues/9223 "Mandatory server
authentication" and reports linked from there.

In the future we're likely to make server authentication mandatory in
both 1.2 and 1.3. See https://github.com/Mbed-TLS/mbedtls/issues/7080

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Manuel Pégourié-Gonnard
4d4c0c72da Add comments about 1.3 server sending no cert 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Manuel Pégourié-Gonnard
85b864e1db Rm translation code for unused flag 
We don't check the non-standard nsCertType extension, so this flag can't
be set, so checking if it's set is useless.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Manuel Pégourié-Gonnard
4938b693f3 Make mbedtls_ssl_check_cert_usage() work for 1.3 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-20 22:03:10 +02:00
Manuel Pégourié-Gonnard
ef41d8ccbe Fix 1.3 failure to update flags for (ext)KeyUsage 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-08-08 12:34:56 +02:00
Gilles Peskine
400659b565 Use unsigned long rather than size_t for format string readability 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-05 11:49:51 +02:00
Gilles Peskine
eeb4ff5662 Fix uint32_t printed as unsigned int 
This is ok in practice since we don't support 16-bit platforms, but it makes
`arm-none-eabi-gcc-10 -mthumb -Wformat` complain.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-06-05 11:49:50 +02:00
Tom Cosgrove
b32d7ae0fe Fix compilation of ssl_tls13_generic.c when memcpy() is a function-like macro 
Fixes #8994

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2024-04-02 14:52:29 +01:00
Ronald Cron
93795f2639 tls13: Improve comment about cast to uint32_t 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-07 09:57:07 +01:00
Ronald Cron
2e7dfd5181 tls13: Remove unnecessary cast from size_t to uint32_t 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-05 13:48:11 +01:00
Ronald Cron
19bfe0a631 tls13: Rename early_data_count to total_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
70eab45ba6 tls13: generic: Fix log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
8571804382 tls13: srv: Enforce maximum size of early data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:09 +01:00
Ronald Cron
9b4e964c2c Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data 
TLS 1.3: Add mbedtls_ssl_write_early_data() API
 2024-02-29 14:31:55 +00:00
Ronald Cron
5fbd27055d tls13: Use a flag not a counter for CCS and HRR handling 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-15 17:19:02 +01:00
Ronald Cron
e273f7203d tls13: client: Improve CCS handling 
Call unconditionally the CCS writing function
when sending a CCS may be necessary in the
course of an handshake. Enforce in the writing
function and only in the writing function that
only one CCS is sent.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-14 10:24:00 +01:00
Manuel Pégourié-Gonnard
e6c80bc6e5 Merge pull request #8755 from ronald-cron-arm/tls13-client-early-data-status 
TLS 1.3: Refine and test client early data status
 2024-02-13 20:36:42 +00:00
Manuel Pégourié-Gonnard
1d7bc1ecdf Merge pull request #8717 from valeriosetti/issue8030 
PSA FFDH: feature macros for parameters
 2024-02-07 10:06:03 +00:00
Ronald Cron
fe59ff794d tls13: Send dummy CCS only once 
Fix cases where the client was sending
two CCS, no harm but better to send only one.

Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Manuel Pégourié-Gonnard
32c28cebb4 Merge pull request #8715 from valeriosetti/issue7964 
Remove all internal functions from public headers
 2024-02-05 15:09:15 +00:00
Valerio Setti
b4f5076270 debug: move internal functions declarations to an internal header file 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-18 15:30:46 +01:00
Gilles Peskine
4d4891e18a Merge pull request #8666 from valeriosetti/issue8340 
Export the mbedtls_md_psa_alg_from_type function
 2024-01-18 13:58:55 +00:00
Valerio Setti
ecaf7c5690 ssl_tls: add guards for enabled DH key types 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-17 15:56:30 +01:00
Waleed Elmelegy
3ff472441a Fix warning in ssl_tls13_generic.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
e1ac98d888 remove mbedtls_ssl_is_record_size_limit_valid function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Waleed Elmelegy
148dfb6457 Change record size limit writing function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Yanray Wang
faf70bdf9d ssl_tls13_generic: check value of RecordSizeLimit in helper function 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2024-01-10 16:17:27 +00:00
Tom Cosgrove
3a6059beca Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit 
Comply with the received Record Size Limit extension
 2024-01-09 15:22:17 +00:00
Valerio Setti
384fbde49a library/tests: replace md_psa.h with psa_util.h as include file for MD conversion 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-02 13:27:32 +01:00
Waleed Elmelegy
049cd302ed Refactor record size limit extension handling 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-20 17:28:31 +00:00
Waleed Elmelegy
26e3698357 Revert back checking on handshake messages length 
Revert back checking on handshake messages length due to
limitation on our fragmentation support of handshake
messages.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-14 16:23:25 +00:00
Waleed Elmelegy
9aec1c71f2 Add record size checking during handshake 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-06 15:18:15 +00:00
Jan Bruckner
f482dcc6c7 Comply with the received Record Size Limit extension 
Fixes #7010

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-12-06 15:18:08 +00:00
Jerry Yu
c59c586ac4 change prototype of write_early_data_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:21:15 +08:00
Jerry Yu
ebe1de62f9 fix various issue 
- rename connection time variable
- remove unnecessary comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:20:25 +08:00
Jerry Yu
5233539d9f share write_early_data_ext function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-12-06 18:18:50 +08:00
Dave Rodgman
16799db69a update headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 19:47:20 +00:00
Dave Rodgman
8e00fe0cd8 Merge pull request #8309 from daverodgman/iar-warnings2 
Fix IAR warnings
 2023-10-06 13:24:12 +00:00
Dave Rodgman
2eab462a8c Fix IAR warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-05 13:30:37 +01:00
Gilles Peskine
530c423ad2 Improve some debug messages and error codes 
On a parsing error in TLS, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE, not a
crypto error code.

On error paths, emit a level-1 debug message. Report the offending sizes.

Downgrade an informational message's level to 3.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-02 15:42:11 +02:00
Gilles Peskine
12c5aaae57 Fix buffer overflow in TLS 1.3 ECDH public key parsing 
Fix a buffer overflow in TLS 1.3 ServerHello and ClientHello parsing. The
length of the public key in an ECDH- or FFDH-based key exchange was not
validated. This could result in an overflow of handshake->xxdh_psa_peerkey,
overwriting further data in the handshake structure or further on the heap.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-10-02 15:02:10 +02:00