yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
15271 commits 1 branch 0 tags 94 MiB
Commit graph

15271 commits

This branch
This branch
All branches
Author SHA1 Message Date
Hanno Becker
78196e366f Fix search for outdated entries in SSL session cache 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 14:55:15 +01:00
Hanno Becker
c3f4a97b8f Don't infer last element of SSL session cache twice 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 14:54:24 +01:00
Hanno Becker
466ed6fd08 Improve local variable naming in SSL session cache implementation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 14:54:00 +01:00
Hanno Becker
5cf6f7eafe Fix swapping of first and last entry in SSL session cache 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 14:45:04 +01:00
Hanno Becker
006f2cce2e Fix compile-time guard in session cache implementation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 04:57:44 +01:00
Hanno Becker
0d05f40222 Clarify that session cache query must return free-able session 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 04:57:43 +01:00
Hanno Becker
b94fdae3c3 Improve code structure for session cache query 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 04:57:40 +01:00
Hanno Becker
845ceb7cc8 Improve readability and efficiency of SSL cache reference impl 
The reference session cache implementation may end up storing multiple
sessions associated to the same session ID if the set()-call for the
second session finds an outdated cache entry prior to noticing the entry
with the matching session ID. While this logically overwrites the existing
entry since we always search the cache in order, this is at least a waste
of resources.

This commit fixes this by always checking first whether the given ID is
already present in the cache.

It also restructures the code for easier readability.

Fixes #4509.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-13 07:11:30 +01:00
Hanno Becker
f47199da26 Improve naming of helper function for reference session cache 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-13 07:09:09 +01:00
Hanno Becker
0248785081 Document session cache callbacks 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-13 07:09:09 +01:00
Hanno Becker
df56402623 Fix memory leak upon ciphersuite mismatch during session resumption 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-13 07:09:06 +01:00
Hanno Becker
7ad77963d1 Use shorthand local variable for session under negotiation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-13 06:13:34 +01:00
Hanno Becker
f6e09c6f83 Don't use ssl_check_xxx() for functions with void return 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-13 06:12:38 +01:00
Hanno Becker
aee4cc4cbb Use sizeof() instead of magic constant 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 16:49:32 +01:00
Hanno Becker
a5b1a3945b Don't use 0-initializer for structs 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 16:48:01 +01:00
Hanno Becker
7e6eb9fa27 Simplify SSL session cache implementation via session serialization 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 10:47:40 +01:00
Hanno Becker
f938c436fb Add helper function to find entry in SSL session cache 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 10:47:40 +01:00
Hanno Becker
02a68ebc0e Add helper function to finding a fresh entry in the SSL cache 
This commit improves the readability of the SSL session cache
reference implementation of mbedtls_ssl_cache_set() by moving
the logic for finding a suitable free slot for the session to
store into a static helper function.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 10:47:40 +01:00
Hanno Becker
ccdaf6ed22 Add session ID as explicit parameter to SSL session cache API 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 10:47:40 +01:00
Hanno Becker
a637ff6ddd Introduce typedef for SSL session cache callbacks 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 10:47:40 +01:00
Hanno Becker
64ce974180 Don't check ciphersuite and compression in SSL session cache lookup 
Session-ID based session resumption requires that the resumed session
is consistent with the client's ClientHello in terms of choice of
ciphersuite and choice of compression.

This check was previously assumed to be performed in the session cache
implementation, which seems wrong: The session cache should be an id-based
lookup only, and protocol specific checks should be left to Mbed TLS.

This commit
- adds an explicit ciphersuite and compression consistency check after
  the SSL session cache has been queried
- removes the ciphersuite and compression consistency check from
  Mbed TLS' session cache reference implementation.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 10:47:40 +01:00
Gilles Peskine
fce7061a51
Merge pull request #4324 from chris-jones-arm/remove-default-ticket-lifetime 
Remove MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME
 2021-04-14 14:01:19 +02:00
Chris Jones
9c6356881f Remove MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME 
This config option has been unused for >5 years and so should be removed.

Signed-off-by: Chris Jones <christopher.jones@arm.com>
 2021-04-09 16:10:48 +01:00
Manuel Pégourié-Gonnard
e991aa48c5
Merge pull request #4311 from gilles-peskine-arm/move-internal-headers-doxygen 
[3.0] Remove obsolete reference to internal headers under include/
 2021-04-09 14:40:19 +02:00
Dave Rodgman
2fdd5afc29
Merge pull request #4305 from daverodgman/development_new 
Merge development onto development_3.0
 2021-04-08 15:45:35 +01:00
Dave Rodgman
bd069163be Fix line lengths in changelog 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-07 16:38:31 +01:00
Dave Rodgman
3b5e6f0b30 Fix some errors relating to header file renames 
Fix some errors due to renaming of header files in the 3.0 branch.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-07 16:36:53 +01:00
Dave Rodgman
73e3e2cb1a Merge remote-tracking branch 'origin/development' into development_new 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
 2021-04-07 16:31:09 +01:00
Dave Rodgman
6741fc9148
Merge pull request #4306 from daverodgman/fix_mps_trace_macros 
Capitalise MPS trace macros
 2021-04-07 16:07:50 +01:00
Dave Rodgman
38ff9adacb
Merge pull request #4308 from daverodgman/checknames-grep 
Forwardport 3.0: Make check-names.sh accept FreeBSD grep
 2021-04-07 15:28:08 +01:00
Dave Rodgman
0708974d85
Merge pull request #4309 from daverodgman/check-names-grep-backport 
Make check-names.sh accept any grep
 2021-04-07 15:27:44 +01:00
Gilles Peskine
0ff0ff776a Remove obsolete reference to internal headers under include/ 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-07 16:16:37 +02:00
Dave Rodgman
95caad3743 Make check-names.sh accept any grep 
check-names.sh works fine with GNU and with modern FreeBSD grep
so remove the check for GNU grep.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-07 15:01:28 +01:00
Dave Rodgman
6341c068bc Make check-names.sh accept any grep 
check-names.sh works fine with GNU and with modern FreeBSD grep
so remove the check for GNU grep.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-07 14:54:33 +01:00
Dave Rodgman
add60da95b Scan library for enums in list-enum-consts.sh 
Add library/*.h to the list of files scanned for enums in
list-enum-consts.sh, consistent with the changes made to
list-macros.sh.

This is needed to ensure that check-names.sh passes for the MPS
trace enums.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-07 14:48:14 +01:00
Dave Rodgman
b746825418 Capitalise MPS trace macros 
Capitalise the MPS trace macros, as per the coding style (and make a slight
change to naming convention to avoid a name collision).

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-07 12:45:35 +01:00
Gilles Peskine
b420259777
Merge pull request #4174 from gilles-peskine-arm/psa-eddsa-spec 
PSA Encodings for EdDSA
 2021-04-07 11:20:27 +02:00
Gilles Peskine
7bc6a3749c
Merge pull request #3183 from meuter/development 
RSA PSS signature generation with the option to specify the salt length
 2021-04-06 21:36:06 +02:00
Gilles Peskine
889828d0b4
Merge pull request #4279 from ronald-cron-arm/fix-invalid-id-error-code 
Fix error code when creating/registering a key with invalid id
 2021-04-06 18:46:30 +02:00
Gilles Peskine
5ef0b97f87 Don't comment out dependencies 
This was a mistake, there's no reason for the dependencies to be
commented out. The dependencies on PSA_WANT_ALG_EDDSA aren't actually
necessary at the moment, but they might be in certain configurations
if some macros are simplified to save code size.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-04-06 12:49:56 +02:00
Manuel Pégourié-Gonnard
e6a778286f
Merge pull request #4281 from chris-jones-arm/remove-missing-ref 
Remove missing reference
 2021-04-06 11:06:46 +02:00
Gilles Peskine
a8a7033cb1
Merge pull request #3615 from gilles-peskine-arm/ssl-opt-less-grep-development 
Speed up ssl-opt.sh when running a small number of test cases
 2021-04-06 11:05:34 +02:00
Ronald Cron
6cc6631015 psa: Return in error when requested to copy a key to an opaque driver 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-04-02 12:27:47 +02:00
Ronald Cron
a0bc2cd4f1 tests: psa: Fix copy fail test argument 
Fix copy fail test argument for only one of them
to be invalid.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-04-02 08:56:20 +02:00
Gilles Peskine
d5200371ec
Merge pull request #3512 from gilles-peskine-arm/ecp-alloc-202007 
Reduce the number of allocations in ECP operations
 2021-04-02 00:08:35 +02:00
Ronald Cron
602f986511 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-04-01 14:55:04 +02:00
Ronald Cron
d3b458c452 tests: psa: Fix expected error code 
Fix expected error code when importing a persistent key or
registering a key with an invalid key identifier:
PSA_ERROR_INVALID_ARGUMENT instead of PSA_ERROR_INVALID_HANDLE.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-04-01 14:54:50 +02:00
Ronald Cron
77e412cd71 psa: Fix error code when creating/registering a key with invalid id 
When creating a persistent key or registering a key
with an invalid key identifier return
PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_INVALID_HANDLE.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-04-01 14:05:41 +02:00
Ronald Cron
88a55464f5 tests: psa: Add negative tests for psa_copy_key() 
Add negative tests checking that psa_copy_key()
returns PSA_ERROR_INVALID_ARGUMENT when passed in
an invalid key identifier or key lifetime for the
target key.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-04-01 14:05:41 +02:00
Ronald Cron
de825e62a6 psa: Fix psa_validate_key_persistence documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-04-01 14:05:41 +02:00