lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-25 12:41:56 +03:00
Code Activity
20,503 Commits 173 Branches 268 Tags
f0762e929eccf33b01e42c04d70f3fc5842dba0b
Commit Graph

1661 Commits

Author SHA1 Message Date
Jerry Yu
f46b016058 skip some extensions if ephemeral not enabled 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 16:28:00 +08:00
Jerry Yu
63282b4321 Refactor write supported group 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 15:43:53 +08:00
Jerry Yu
7f029d8a94 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-11 11:08:53 +08:00
Andrzej Kurek
03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO 
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-03 12:53:24 +01:00
Jerry Yu
1ea9d10687 fix test_ref_configs build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-21 14:52:38 +08:00
Glenn Strauss
cee11296aa Reset dhm_P and dhm_G if config call repeated 
Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated
to avoid leaking memory.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2021-12-20 20:24:56 -05:00
Jerry Yu
1753261083 change write_supported_groups_ext prototype 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-20 22:32:09 +08:00
Jerry Yu
ba07342cd6 Add generic write_supported-groups_ext 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-20 22:22:15 +08:00
Gilles Peskine
a4174312da Initialize hash_len before using it 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 14:38:40 +01:00
Gilles Peskine
f0fd4c3aee mbedtls_ssl_parse_finished: zeroize expected finished value on error 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-13 12:36:15 +01:00
Dave Rodgman
050ad4bb50 Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac 
Check HMAC return values
 2021-12-13 10:51:27 +00:00
Gilles Peskine
ecf6bebb9c Catch failures of md_hmac operations 
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.

Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-11 15:00:57 +01:00
Ronald Cron
db6adc5aad ssl: Fix some compilation guards for TLS 1.3 signature algorithms 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 14:25:35 +01:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:47:55 +01:00
Manuel Pégourié-Gonnard
b873577fc3 Merge pull request #5240 from duckpowermb/development 
[session] fix a session copy bug
 2021-12-09 09:23:23 +01:00
Gilles Peskine
392113434a Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x 
Forward port to 3.x: Introduce PSA test driver library to test PSA configuration
 2021-12-07 12:52:20 +01:00
Ronald Cron
69a63426af psa: Fix the size of hash buffers 
Fix the size of hash buffers for PSA hash
operations.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-03 18:55:33 +01:00
吴敬辉
0b71611c80 [session] fix a session copy bug 
fix a possible double reference on 'ticket'
when peer_cert/peer_cert_digest calloc failed.

Signed-off-by: 吴敬辉 <11137405@vivo.com>
 2021-11-29 10:50:04 +08:00
Xiaofei Bai
6dc90da740 Rebased on 74217ee and add fixes 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:12:43 +00:00
Xiaofei Bai
9539501120 Rebase and add fixes 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:09:26 +00:00
Xiaofei Bai
746f9481ea Fix 1_3/13 usages in macros and function names 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
XiaokangQian
a83014db4a TLS1.3: Add signature scheme pkcs1 v1.5 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-25 02:21:16 +00:00
Gilles Peskine
e2d707fea5 Merge pull request #4866 from gabor-mezei-arm/3649_move_constant_time_functions_into_separate_module 
Move constant-time functions into a separate module
 2021-11-24 19:33:00 +01:00
Gabor Mezei
be7b21da22 Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module 2021-11-24 10:44:13 +01:00
XiaokangQian
4b82ca1b70 Refine test code and test scripts 
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 05:50:12 +00:00
XiaokangQian
82d34ccf47 Add signature scheme rsa pss 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 05:50:12 +00:00
Ronald Cron
bb41a88f2e Merge pull request #5120 from yuhaoth/pr/fix-memory-leak-and-version-header 
TLS1.3 :fix memory leak and version header
 2021-11-12 13:49:26 +01:00
Jerry Yu
a1a568c2f6 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-11-09 10:17:21 +08:00
Jerry Yu
ba9c727e94 fix memory leak issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-30 20:23:45 +08:00
Brett Warren
e0edc8407b Add mbedtls_ssl_conf_groups to API 
mbedtls_ssl_conf_groups allows supported groups for key
sharing to be configured via their IANA NamedGroup ID.

This is added in anticipation of PQC and Hybrid key
sharing algorithms being integrated into Mbed TLS.

mbedtls_ssl_conf_curves is deprecated in favor of
mbedtls_ssl_conf_groups. handshake_init has been
modified to translate and copy curves configured
via conf_curves into a heap allocatied array of
NamedGroup IDs. This allows the refactoring of code
interacting with conf_curve related variables (such
as curve_list) to use NamedGroup IDs while retaining
the deprecated API.

Signed-off-by: Brett Warren <brett.warren@arm.com>
 2021-10-29 11:27:00 +01:00
Gabor Mezei
90437e3762 Rename constant-time functions to have mbedtls_ct prefix 
Rename functions to better suite with the module name.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-10-20 11:59:27 +02:00
Gilles Peskine
9202ba37b1 Merge pull request #4960 from mpg/cleanup-tls-cipher-psa-3.x 
Clean up some remnants of TLS pre-1.2 support
 2021-10-19 21:59:15 +02:00
Gabor Mezei
765862c4f3 Move mbedtls_cf_memcmp to a new public header 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2021-10-19 12:22:25 +02:00
Gilles Peskine
6210320215 Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys 
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
 2021-10-18 17:53:56 +02:00
Ronald Cron
e23bba04ee Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils 
TLS 1.3: ServerHello: add  utils functions used by ServerHello
Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012) thus we can consider that this PR passed CI.
 2021-10-11 11:01:11 +02:00
Jerry Yu
fd320e9a6e Replace zeroize with memset 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 21:52:41 +08:00
Jerry Yu
ae0b2e2a2f Rename counter_len 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 15:40:14 +08:00
Jerry Yu
c1ddeef53a fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-10-08 15:40:14 +08:00
Andrzej Kurek
a72fe641cc Do not zeroize the ssl context if a key exporting function is set 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2021-09-29 17:08:31 -04:00
Andrzej Kurek
324f72ec9c Fix a bug where the ssl context is used after it's nullified 
When not using DEBUG_C, but using the DTLS CID feature -
a null pointer was accessed in ssl_tls.c.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2021-09-29 10:15:52 -04:00
Andrzej Kurek
5902cd64e2 Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on 
This option only gated an ability to set a callback,
but was deemed unnecessary as it was yet another define to
remember when writing tests, or test configurations. Fixes #4653.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2021-09-29 10:15:42 -04:00
Gilles Peskine
bfe3d87f24 Merge pull request #4842 from gilles-peskine-arm/public_fields-3.0-info 
Make some structure fields public: key info, ASN.1 and X.509 parsing, socket fd
 2021-09-29 12:37:09 +02:00
Jerry Yu
d96a5c2d86 Fix wrong usage of counter len macro 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-29 17:46:51 +08:00
gabor-mezei-arm
4602564d7a Unify memcmp functions 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-09-28 16:33:47 +02:00
gabor-mezei-arm
db9a38c672 Move contatnt-time memcmp functions to the contant-time module 
Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>
 2021-09-28 16:16:14 +02:00
Jerry Yu
d9a94fe3d0 Add counter length macro 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-28 20:10:26 +08:00
Jerry Yu
148165cc6f Remove psa version of get_handshake_transcript 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
000f976070 Rename get_handshake_transcript 
- Remove tls13 prefix
- Remove TLS1_3 macro wrap

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
24c0ec31f9 tls13: add get_handshake_transcript 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:34:58 +08:00
Jerry Yu
3bf1f97a0e fix various issue on pending send alert 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-09-27 16:25:38 +08:00