yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
20757 commits 1 branch 0 tags 94 MiB
Commit graph

20757 commits

This branch
This branch
All branches
Author SHA1 Message Date
Jerry Yu
6688669124 replace psk&dhe with psk_or_ephemeral 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 17:08:34 +08:00
Jerry Yu
7101b87040 fix wrong description 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 14:15:23 +08:00
Jerry Yu
1e05b6dd6d fix coding style and unnecessary assignment 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 10:35:52 +08:00
Jerry Yu
63d40e6b46 shorten the description 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-30 09:45:40 +08:00
Jerry Yu
e5834fd0d7 remove unnecessary test 
also optimize check sum

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-29 20:33:33 +08:00
Jerry Yu
e7b4b58403 Add psk kex mode tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-25 20:47:44 +08:00
Jerry Yu
3e06fce260 Remove old tests. 
only reserve "no valid ciphersuite" test

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-25 17:51:57 +08:00
Jerry Yu
3c01d47ef7 Update test cases 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-25 11:34:36 +08:00
Jerry Yu
0baf907e11 remove select_ciphersuite 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-25 11:21:04 +08:00
Jerry Yu
c5a23a0f12 fix various issues 
- code style
- variable initialize
- update comments


Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-25 11:09:35 +08:00
Jerry Yu
2185c0f2e9 add force ciphersuite tls-aes-256-gcm-sha384 test 
PSK hash alg of server is sha256. If client send only
tls-aes-256-gcm-384, there is no valid ciphersuite
available, handshake should be abort.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-23 22:01:58 +08:00
Jerry Yu
f35ba384ff Add select ciphersuite entry function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-23 22:01:58 +08:00
Jerry Yu
dd1bef788e Add ciphersuite_info check 
return null if no valid ciphersuite info

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-23 17:57:02 +08:00
Jerry Yu
29d9faa468 fix various issues. 
- comments issues
- code format style issues
- naming improvement.
- error return improvements

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-23 17:53:43 +08:00
Jerry Yu
66f35f2402 fix wrong requires setting 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-23 15:33:37 +08:00
Jerry Yu
5725f1cf3a Align ciphersuite with overwrite. 
Selected ciphersuite MUST be same with ciphsersuite of PSK.
Overwrite the old ciphersuite with the one of PSK.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 17:50:27 +08:00
Jerry Yu
01e42d2d4c fix issues in export handshake psk 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 13:00:07 +08:00
Jerry Yu
9f7f646b11 Revert "remove psk key when ephemeral selected" 
This reverts commit 5c28e7aa0e.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:59:17 +08:00
Jerry Yu
e9d4fc09a3 fix binder value security issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:59:17 +08:00
Jerry Yu
24b8c813c4 fix comments and wrong initial value issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:55:45 +08:00
Jerry Yu
5d01c05d93 fix various issues 
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:55:01 +08:00
Jerry Yu
6cf6b47b5c fix format and comment issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:54:53 +08:00
Jerry Yu
b25d10f153 Add mismatch key tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:53:53 +08:00
Jerry Yu
2b7a51ba8f Add psk_or_ephemeral mode and tests 
psk_or_ephemeral exists in theory. This change is for
improving test coverage.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:51:53 +08:00
Jerry Yu
63c78b869f add all mode tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:50:38 +08:00
Jerry Yu
3b70b3cce9 add epemeral_all tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:49:41 +08:00
Jerry Yu
badd46f040 add psk_all tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:48:01 +08:00
Jerry Yu
fa8c306258 add ephemeral tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:46:07 +08:00
Jerry Yu
9b83fa1149 add psk_ephemeral tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:44:16 +08:00
Jerry Yu
6a9bebaefd Add psk mode tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:42:19 +08:00
Jerry Yu
5c28e7aa0e remove psk key when ephemeral selected 
ephemeral is selected, `handshake->psk` must be removed.
Otherwise the encrypt key will be caculate fail.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu
56acc9421c Write key_share base on key_exchange mode. 
In ServerHello, write key share should base on key_exchange mode, not
base on configuration.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu
f0bad2554a Continue check next psk key when binder mismatch 
with matched identity and mismatch binder, should check next psk key.
Exit with error will break multi-psk cases.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu
32e1370fbc Add config check for pre_shared_key parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu
e95c8af266 Align ciphersuite with psk key 
With OpenSSL and GnuTLS client, if the MAC of ciphersuite
does not match selected binder, client will reject connection.
This change is to select ciphersuite base on algo of psk binder.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu
ccc68a466e change handshake psk key type for tls13 
PSK key type of TLS1.3 must be HKDF_EXTRACT and the algo is
decided when create binder

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Ronald Cron
295d93ebe8 Add psk handshake with gnutls 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu
40f3771e18 Add handshake psk export function. 
Rename `ssl_tls13_get_psk` and export the
function.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Dave Rodgman
8a9f88899d
Merge pull request #6186 from leorosen/ssl_tls_null_on_invalid_code 
ssl_tls: avoid the appearance of a potential NULL dereferencing
 2022-08-11 10:12:34 +01:00
Dave Rodgman
322a7a19e7
Merge pull request #6155 from yuhaoth/pr/add-any-all-configs-enabled 
Add ability to check if any/all configs are enabled/disabled for ssl-opt
 2022-08-11 09:40:38 +01:00
Jerry Yu
62c8763de7 Improve macro expansion help message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 10:18:36 +08:00
Jerry Yu
08dccc1f75 Improve help message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-10 10:02:04 +08:00
Leonid Rozenboim
e9d8dcdbf5 ssl_tls: avoid the appearance of a potential NULL dereferencing 
Looking at the bigger picture it is clear that if `ssl->session` is NULL,
there will be a failure much earlier, and that is well protected from,
however, the practice of dereferencing a pointer which has not been
verified in prior for validity goes against secure coding practices.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-08-09 12:34:30 -07:00
Dave Rodgman
f421d45869
Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype 
Fix build error due to  missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled
 2022-08-09 11:27:42 +01:00
Dave Rodgman
384f1e61f7
Merge pull request #5950 from savent404/development 
cmake: IAR support option( MBEDTLS_FATAL_WARNINGS)
 2022-08-09 10:52:31 +01:00
Dave Rodgman
953ce3962f
Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12 
Add rsa pss rsae for tls12
 2022-08-09 10:21:45 +01:00
Gilles Peskine
5740ff5f1f
Merge pull request #5949 from Summer-ARM/mbedtls-psa-crypto-config 
MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C are needed when PSA_WANT_ALG_CHACHA20_POLY1305 is defined
 2022-08-05 11:03:45 +02:00
Gilles Peskine
b4983d4556
Merge pull request #6164 from mprse/md_ssl_test 
Avoid use of MD in SSL test suite
 2022-08-05 11:02:44 +02:00
Gilles Peskine
f860f3742b
Merge pull request #6070 from wernerlewis/bignum_test_radix 
Remove radix argument from bignum test functions
 2022-08-05 11:01:07 +02:00
Gilles Peskine
57d4c11c44
Merge pull request #6165 from mprse/md_x509_test 
Avoid use of MD in X.509 write test suite
 2022-08-04 10:11:03 +02:00