yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
20532 commits 1 branch 0 tags 94 MiB
Commit graph

9050 commits

Author SHA1 Message Date
Ronald Cron
2d8b7ac898 TLS 1.3: Fix selected key exchange mode check 
ECDHE operations have to be done in
ephemeral and PSK-ephemeral key exchange
mode, not just ephemeral key exhange mode.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-20 17:46:58 +02:00
Dave Rodgman
7085aa42ee
Merge pull request #5896 from wernerlewis/aes_shallow_copy 
Refactor AES context to be shallow-copyable
 2022-07-20 15:16:37 +01:00
Jerry Yu
3afdf36de7 Add hash length check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 18:12:08 +08:00
Jerry Yu
0a430c8aaf Rename resumption_key and the hardcode len 
`resumption_key` is better name.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu
b14413804a Remove ticket_flags 
It should be added later.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu
08aed4def9 fix comments and time_t type issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu
a0446a0344 Add check_return flag 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu
4e6c42a533 fix various issues 
- wrong typo
- unnecessary comments/debug code
- wrong location

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu
cb3b1396f3 move resume psk ticket computation to end 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu
af2c0c8dd6 fix various comment/format issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu
a357cf4d4c Rename new_session_ticket state 
Both client and server side use
`MBEDTLS_SSL_NEW_SESSION_TICKET` now

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu
f8a4994ec7 Add tls13 new session ticket parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu
c62ae5f539 Add new session ticket message check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu
a270f67340 Add tls13 session fields 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Ronald Cron
d5b1eb51db
Merge pull request #6078 from yuhaoth/pr/add-tls13-paser-psk-kex-mode-ext 
TLS 1.3: PSK: Add parser of psk kex mode ext on server side
 2022-07-18 11:34:24 +02:00
Jerry Yu
854dd9e23f fix comment issue 
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-15 14:38:38 +08:00
Jerry Yu
299e31f10e fix various issue 
- remove unused test case
- add alert message
- improve readabitlity

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-13 23:06:36 +08:00
Paul Elliott
af4b90db3f Revert "Add missing library/psa_crypto_driver_wrappers.c" 
This reverts commit c2a9387110

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-12 11:30:17 +01:00
Paul Elliott
81c69b547a Revert "Revert "Revert "Add generated files for 3.2.0 release""" 
This reverts commit 185d24ba0e.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-12 11:29:34 +01:00
Jerry Yu
e19e3b9eb8 Add psk_key_exchange_modes parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-12 09:53:35 +00:00
Paul Elliott
cd08ba0326 Bump version to 3.2.1 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-12 10:51:55 +01:00
Dave Rodgman
c2a9387110 Add missing library/psa_crypto_driver_wrappers.c 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-12 10:51:55 +01:00
Dave Rodgman
185d24ba0e Revert "Revert "Add generated files for 3.2.0 release"" 
This reverts commit 7adb8cbc0e.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-12 10:51:44 +01:00
Paul Elliott
7adb8cbc0e Revert "Add generated files for 3.2.0 release" 
This reverts commit cb21f2eab3.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 18:18:30 +01:00
Paul Elliott
cb21f2eab3 Add generated files for 3.2.0 release 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 13:56:01 +01:00
Paul Elliott
20362cd1ca Bump library and so versions for 3.2.0 release 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 13:56:01 +01:00
Paul Elliott
f518f81d41 Ensure return for mbedtls_ssl_write_alpn_ext() is checked 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 12:37:47 +01:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Paul Elliott
6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash 
Fix DTLS 1.2 session resumption
 2022-07-06 15:03:36 +01:00
Andrzej Kurek
21b50808cd Clarify the need for calling mbedtls_ssl_derive_keys after extension parsing 
Use a more straightforward condition to note that session resumption
is happening.
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-06 03:26:55 -04:00
Werner Lewis
c1999d5746 Add fallback when rk unaligned with padlock 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-07-05 11:55:15 +01:00
Andrzej Kurek
92d7417d89 Formatting fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-07-04 10:21:59 -04:00
Paul Elliott
072d2b094d Add pem_free() to other error paths in pk_parse_public_key() 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-04 06:49:26 -04:00
Leonid Rozenboim
116f50cd96 Fix resource leaks 
These potential leaks were flagged by the Coverity static analyzer.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-07-04 06:49:26 -04:00
Manuel Pégourié-Gonnard
4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection 
Permissions 2a: TLS 1.2 ciphersuite selection
 2022-07-04 12:37:02 +02:00
Paul Elliott
41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf 
Turn off stdio buffering with setbuf()
 2022-07-04 10:12:22 +01:00
Ronald Cron
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk 
Refactor signature algorithm chooser
 2022-07-04 09:10:08 +02:00
Paul Elliott
bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints 
Add accessors to config DN hints for cert request
 2022-07-01 17:23:14 +01:00
Paul Elliott
c466ec2e73 Fix code formatting 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-01 16:43:25 +01:00
Neil Armstrong
971f30d917 Fix mbedtls_ssl_get_ciphersuite_sig_alg() by returning MBEDTLS_PK_NONE for MBEDTLS_KEY_EXCHANGE_RSA 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-07-01 16:23:50 +02:00
Manuel Pégourié-Gonnard
8b8a1610f7
Merge pull request #936 from paul-elliott-arm/fix_tls_record_size_check 
Fix the wrong variable being used for TLS record size checks
 2022-07-01 12:29:48 +02:00
Jerry Yu
52b7d923fe fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-01 18:12:44 +08:00
Neil Armstrong
96eceb8022 Refine mbedtls_ssl_tls12_get_preferred_hash_for_sig_alg() when USE_PSA_CRYPTO is selected 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-06-30 18:05:05 +02:00
Gilles Peskine
da0913ba6b Call setbuf when reading or writing files: library 
After opening a file containing sensitive data, call mbedtls_setbuf() to
disable buffering. This way, we don't expose sensitive data to a memory
disclosure vulnerability in a buffer outside our control.

This commit adds a call to mbedtls_setbuf() after each call to fopen(),
except:
* In ctr_drbg.c, in load_file(), because this is only used for DH parameters
  and they are not confidential data.
* In psa_its_file.c, in psa_its_remove(), because the file is only opened
  to check its existence, we don't read data from it.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 17:03:40 +02:00
Gilles Peskine
6497b5a1d1 Add setbuf platform function 
Add a platform function mbedtls_setbuf(), defaulting to setbuf().

The intent is to allow disabling stdio buffering when reading or writing
files with sensitive data, because this exposes the sensitive data to a
subsequent memory disclosure vulnerability.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 17:01:40 +02:00
Ronald Cron
cb67e1a890
Merge pull request #5917 from gilles-peskine-arm/asn1write-0-fix 
Improve ASN.1 write tests
 2022-06-30 15:42:16 +02:00
Paul Elliott
f6a56cf5ff
Merge pull request #939 from ronald-cron-arm/tls13-add-missing-overread-check 
TLS 1.3: Add missing overread check
 2022-06-29 17:01:14 +01:00
Werner Lewis
7656a373b6 Reformat AES changes for readability 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-29 16:17:50 +01:00
Werner Lewis
dd76ef359d Refactor AES context to be shallow-copyable 
Replace RK pointer in AES context with a buffer offset, to allow
shallow copying. Fixes #2147.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-29 16:17:50 +01:00
Dave Rodgman
5b50f38f92
Merge pull request #934 from gilles-peskine-arm/mpi-0-mod-2 
Fix null pointer dereference in mpi_mod_int(0, 2)
 2022-06-29 15:02:59 +01:00