yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
20260 commits 1 branch 0 tags 94 MiB
Commit graph

20260 commits

This branch
This branch
All branches
Author SHA1 Message Date
Ronald Cron
7898fd456a
Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server 
TLS 1.3 server: Send dummy change_cipher_spec records

The internal CI PR-merge job ran successfully thus good to go.
 2022-06-29 09:47:49 +02:00
Gilles Peskine
d86abf2392
Merge pull request #5861 from wernerlewis/csr_subject_comma 
Fix output of commas and other special characters in X509 DN values
 2022-06-28 21:00:49 +02:00
Gilles Peskine
7d14c19730
Merge pull request #5905 from gilles-peskine-arm/changelog-improvements-20220609-development 
Changelog improvements before the 3.2 release
 2022-06-28 21:00:10 +02:00
Gabor Mezei
9e4b7bd199
Do not force TLS 1.3 on client side for TLS 1.3 middlebox compatibility tests 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-28 16:22:14 +02:00
Gabor Mezei
f7044eaec8
Fix name 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-28 16:01:49 +02:00
Ronald Cron
e99ec7cb6a
Merge pull request #5908 from ronald-cron-arm/tls13-fixes-doc 
TLS 1.3: Fixes and add documentation
Validated by the internal CI, no need to wait for the Open CI.
 2022-06-28 12:16:17 +02:00
Gabor Mezei
96ae926572
Typo 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-28 11:56:26 +02:00
Gabor Mezei
5471912269
Move switching to handshake transform after sending CCS record 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-28 11:56:26 +02:00
Gabor Mezei
05ebf3be74
Revert "Do not encrypt CCS records" 
This reverts commit 96ec831385.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-06-28 11:55:35 +02:00
Manuel Pégourié-Gonnard
273453f126
Merge pull request #5983 from gstrauss/inline-mbedtls_x509_dn_get_next 
Inline mbedtls_x509_dn_get_next() in x509.h
 2022-06-28 10:13:58 +02:00
Ronald Cron
6b14c69277 Improve documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:21:13 +02:00
Ronald Cron
11b5332ffc tls13: Fix certificate extension size write 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:21:13 +02:00
Ronald Cron
139d0aa9d3 Fix typo in documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:21:13 +02:00
Ronald Cron
81a334fc02 tls13: Fix buffer overread checks in ssl_tls13_parse_alpn_ext() 
Some coding style alignement as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:21:13 +02:00
Ronald Cron
585cd70d04 tests: ssl: Fix coverity deadcode issue 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:21:13 +02:00
Ronald Cron
7b8404608a tls13: Rename ssl_tls13_write_hello_retry_request_coordinate 
Rename ssl_tls13_write_hello_retry_request_coordinate to
ssl_tls13_prepare_hello_retry_request as it is more
aligned with what the function does.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:21:13 +02:00
Ronald Cron
fb508b8f21 tls13: Move state changes up to state main handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:21:13 +02:00
Ronald Cron
63dc463ed6 tls13: Simplify switch to the inbound handshake keys on server side 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:21:13 +02:00
Ronald Cron
5afb904022 tls13: Move out of place handshake field reset 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:18:42 +02:00
Ronald Cron
828aff6ead tls13: Rename server_hello_coordinate to preprocess_server_hello 
Rename server_hello_coordinate to preprocess_server_hello
as it is more aligned with what the function does.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:18:42 +02:00
Ronald Cron
db5dfa1f1c tls13: Move ServerHello fetch to the ServerHello top handler 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:18:42 +02:00
Ronald Cron
44b23b10e1 tls13: Document TLS 1.3 handshake implementation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:18:42 +02:00
Ronald Cron
9d6a545714 tls13: Re-organize EncryptedExtensions message parsing code 
Align the organization of the EncryptedExtensions
message parsing code with the organization of the
other message parsing codes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:18:42 +02:00
Ronald Cron
154d1b68d6 tls13: Fix wrong usage of MBEDTLS_SSL_CHK_BUF(_READ)_PTR macros 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:18:42 +02:00
Ronald Cron
c80835943c tls13: Fix pointer calculation before space check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:18:42 +02:00
Ronald Cron
2827106199 tls13: Add missing buffer overread check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-28 09:18:42 +02:00
Ronald Cron
b94854f8e3
Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests 
TLS 1.3: Enable and add tests
 2022-06-28 09:15:17 +02:00
Gilles Peskine
bf918b9cfe Use headlinese for added functions, per request 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-27 23:34:32 +02:00
Glenn Strauss
01d2f52a32 Inline mbedtls_x509_dn_get_next() in x509.h 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-06-27 14:20:07 -04:00
Dave Rodgman
f5b7082f6e
Merge pull request #5811 from polhenarejos/bug_x448 
Fix order value for curve x448
 2022-06-27 13:47:24 +01:00
Werner Lewis
9b0e940135 Fix case where final special char exceeds buffer 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 12:01:22 +01:00
Werner Lewis
fd8cfe4f8e Replace parsing with outputting 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 11:23:43 +01:00
Werner Lewis
31ecb9600a Add tests for exceeded buffer size 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 11:23:43 +01:00
Werner Lewis
b33dacdb50 Fix parsing of special chars in X509 DN values 
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769.

Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-27 11:19:50 +01:00
Ronald Cron
a8d79b9eb6 ssl-opt.sh: Remove one pattern check 
In "Authentication: client cert not trusted,
server required" ssl-opt.sh test, depending
on client and server execution speed, the
handshake on the client side may complete
successfully: the TLS connection is aborted
by the server because it is not able to
authenticate the client but at that time
the client may have completed the handshake
on its side. Thus, do not check that the
client handshake failed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-27 09:05:35 +02:00
Ronald Cron
07040bb179
Merge pull request #5951 from xkqian/tls13_add_alpn 
Add ALPN extension to the server side
 2022-06-27 08:33:03 +02:00
Ronald Cron
21a1b2d374 Enable "Sending app data" SSL unit tests for TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
Ronald Cron
c78511b59a ssl-opt.sh: Enable some authentication tests for TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
Ronald Cron
1938588e80 tls13: Align some debug messages with TLS 1.2 ones 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
Ronald Cron
a4417c13a1 ssl-opt.sh: Add Small/Large packets TLS 1.3 tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
Ronald Cron
ba80d4d60b ssl-opt.sh: Enable Event-driven I/O tests for TLS 1.3 
The other "Event-driven I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
Ronald Cron
2cffd284bc ssl-opt.sh: Enable Non-blocking I/O tests for TLS 1.3 
The other "Non-blocking I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-24 12:06:46 +02:00
XiaokangQian
0b776e282a Change some comments for alpn 
Change-Id: Idf066e94cede9d26aa41d632c3a81dafcee38587
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-24 09:04:59 +00:00
Manuel Pégourié-Gonnard
93a7f7d7f8
Merge pull request #5954 from wernerlewis/x509_next_merged 
Add mbedtls_x509_dn_get_next function
 2022-06-24 09:59:22 +02:00
Manuel Pégourié-Gonnard
fc425ee9a4
Merge pull request #5838 from mprse/HKDF_2 
HKDF 2: Use HKDF-Expand/Extract from PSA in TLS 1.3
 2022-06-24 09:28:17 +02:00
XiaokangQian
95d5f549f1 Fix coding styles 
Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-24 05:42:15 +00:00
Werner Lewis
3e5585b45d Replace TEST_ASSERT macro uses 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-23 15:12:10 +01:00
Werner Lewis
ac80a66395 Reduce buffer sizes to expected size 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-23 15:11:50 +01:00
Przemek Stekiel
1b0ebdf363 Zeroize hkdf_label buffer 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-23 09:22:49 +02:00
Przemek Stekiel
38ab400dc4 Adapt code to be consistent with the existing code 
- init status to error
- use simple assignment to status
- fix code style (spaces)

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-23 09:05:40 +02:00