yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
24511 commits 1 branch 0 tags 94 MiB
Commit graph

10811 commits

Author SHA1 Message Date
Andrzej Kurek
8bc2cc92b5 Refactor IPv6 parsing 
Make it more readable
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-18 07:26:27 -04:00
Andrzej Kurek
ea3e71fa37 Further refactor IPv4 parsing 
Make it more readable
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-18 05:54:50 -04:00
Andrzej Kurek
6cbca6dd42 Rename a variable in ipv4 and ipv6 parsing 
Character was too elaborate.
p is used in other x509 code to step through data.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:25:00 -04:00
Andrzej Kurek
0d57896f7e Refactor ipv6 parsing 
Introduce new variables to make it more readable. Clarify the calculations a bit.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:20:31 -04:00
Andrzej Kurek
7f5a1a4525 Rename ipv6 parsing variables, introduce one new one 
This way the names are more descriptive.
j was reused later on for calculation, 
num_zero_groups is used instead.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:20:23 -04:00
Andrzej Kurek
06969fc3a0 Introduce a test for a sw implementation of inet_pton 
Create a bypass define to simulate platforms
without AF_INET6.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:20:15 -04:00
Andrzej Kurek
13b8b780fe Improve x509_inet_pton_ipv4 readability 
Introduce descriptive variable names.
Drop the table of tens.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-13 09:19:50 -04:00
Glenn Strauss
b255e21e48 Handle endianness in x509_inet_pton_ipv6() 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-04-11 08:29:43 -04:00
Glenn Strauss
6f545acfaf Add mbedtls_x509_crt_parse_cn_inet_pton() tests 
Extended from https://github.com/Mbed-TLS/mbedtls/pull/2906
contributed by Eugene K <eugene.kobyakov@netfoundry.io>

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-04-11 08:29:42 -04:00
Glenn Strauss
416c295078 x509 crt verify local implementation to parse IP 
x509 crt verify local implementation to parse IP
if inet_pton() is not portably available

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-04-11 08:29:42 -04:00
Glenn Strauss
c26bd76020 x509 crt verify SAN iPAddress 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2023-04-11 08:29:42 -04:00
Dave Rodgman
22d9ff6d3c
Merge pull request #7353 from xkqian/tls13_fix_code_style 
Improve code styles for tls13 related files
 2023-04-11 09:18:22 +01:00
Gilles Peskine
5634f87d68
Merge pull request #7418 from xkqian/big_number_ecc_update_comment 
Update SEC1 link in ecp.c
 2023-04-11 09:34:07 +02:00
Gilles Peskine
c9e8a65d06
Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api 
ssl_cache: misc improvements
 2023-04-11 09:30:40 +02:00
Manuel Pégourié-Gonnard
b16a50eeab
Merge pull request #7392 from valeriosetti/issue7388 
PK: use PSA to complete public key when USE_PSA is enabled
 2023-04-11 09:09:06 +02:00
Xiaokang Qian
49f39c1e91 Fix the wrong debug _message function to _ret 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:29:17 +00:00
Xiaokang Qian
09c3cccf97 Update the todo comment of record size limits 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:29:17 +00:00
Xiaokang Qian
8bce0e6f5e Update group ext debug message in ssl_tls13_server.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:29:17 +00:00
Xiaokang Qian
91bb3f0665 Wrap lines in library/ssl_tls13_client.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:29:17 +00:00
Xiaokang Qian
9f1747bb1f Wrap lines which exceed 80 chars in ssl_tls13_server.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:29:14 +00:00
Xiaokang Qian
958b6ffe98 Wrap lines which exceed 80 chars in ssl_tls13_client.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:27:52 +00:00
Xiaokang Qian
7343738695 Wrap lines which exceed 80 chars in ssl_tls13_generic.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:27:51 +00:00
Xiaokang Qian
123cde824c Improve code styles(line numbers) for tls13_key.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:27:51 +00:00
Xiaokang Qian
669c7c35f0 Update SEC1 link in ecp.c 
Old link doesn't work any more, update it to one
new link to refer version 2

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 07:36:35 +00:00
Pengyu Lv
e3746d7ce6 ssl_cache: Error renaming and document improvement 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-10 14:40:03 +08:00
Valerio Setti
520c0384e7 pkparse: fix return value 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 11:38:09 +02:00
Valerio Setti
1df94f841b pk: fix return codes' precedence and code style 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 11:04:32 +02:00
Manuel Pégourié-Gonnard
f740767c00
Merge pull request #7391 from valeriosetti/issue7387 
PK: don't use mbedtls_ecp_check_pub_priv() when USE_PSA is enabled
 2023-04-07 10:17:18 +02:00
Valerio Setti
9d65f0ef12 pk_wrap: simplify prototype of eckey_check_pair_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:53:17 +02:00
Valerio Setti
aad6306212 pkparse: fix guards position 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:45:34 +02:00
Valerio Setti
4bf73ad83f pkparse: use proper sizing for buffer 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:45:34 +02:00
Valerio Setti
34f6755b34 pkparse: add new function for deriving public key from private using PSA 
Instead of using the legacy mbedtls_ecp_mul() function which makes use of
ECP's math, this commit adds a new function named pk_derive_public_key()
which implements the same behavior using PSA functions.
The flow is simple:
- import the private key into PSA
- export its public part

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:45:34 +02:00
Valerio Setti
f286664069 pk_wrap: minor code optimizations 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:37:46 +02:00
Dave Rodgman
0b3de6fcec
Merge pull request #7288 from ronald-cron-arm/tls13-server-version-negotiation 
TLS: TLS 1.2 / 1.3 version negotiation on server side
 2023-04-06 16:26:19 +01:00
Janos Follath
3615be65f8
Merge pull request #7342 from gabor-mezei-arm/6679_prevent_mpi_mod_write_from_corrupting_the_input 
Prevent mpi_mod_write from corrupting the input
 2023-04-06 15:56:28 +01:00
Janos Follath
44c6694be7
Merge pull request #7351 from gabor-mezei-arm/7109_ecp_fast_reduction_testing 
Test unlikely cases of ECC modular reduction
 2023-04-06 15:55:19 +01:00
Ronald Cron
dad02b2bec tls13: srv: Fix comment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:05 +02:00
Ronald Cron
fe01ec2d57 tls12: srv: Use sizeof() instead of constant 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:05 +02:00
Ronald Cron
c564938180 Add downgrade protection mechanism 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:05 +02:00
Ronald Cron
e45afd760d Use specific pointer to loop over proposed cipher suites 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:01 +02:00
Ronald Cron
eff5673e09 Improve and align variable names for supported versions data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
3bd2b02486 Check for TLS 1.3 version first 
Check for TLS 1.3 version first when parsing
the supported versions extension as it is
the most likely version.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
b828c7d3de Fix, improve and add comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
097ba146e7 tls: srv: Set hybrid TLS 1.2/1.3 as default configuration 
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
3b35455a69 tls: srv: Allow server hybrid TLS 1.2 and 1.3 configuration 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
6291b23080 tls: Add logic in handshake step to enable server version negotiation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
8a12aeec93 tls: Initialize SSL context tls_version in mbedtls_ssl_setup() 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
5af4c7f0e2 tls13: srv: Add detection to negotiate TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
8c527d0be8 tls13: srv: Parse supported versions extension early 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
2f16b4ec66 tls13: srv: Postpone cipher suite selection 
Postpone TLS 1.3 cipher suite selection
when we are sure we negotiate the version
1.3 of the protocol.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00