mbedtls

Author	SHA1	Message	Date
XiaokangQian	8499b6ce25	Only free verify_cookie in tls 1.3 case. Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-27 09:00:11 +00:00
XiaokangQian	34909746df	Change cookie free code and some comments Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-27 02:25:04 +00:00
XiaokangQian	f1e7d12cb6	Fix compile issues in mbedtls_ssl_session_reset_msg_layer Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	2b01dc30cb	Add hrr no change check and allign mbedtls_ssl_session_reset_msg_layer Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	78b1fa7e81	Update code base on comments Move reset transcript for hrr to generic Reset SHA256 or SHA384 other than both Rename message layer reset Add check log for hrr parse successfully Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	d9e068e10b	Change code based on comments Align coding styles Add hrr parameter for ssl_tls13_parse_server_hello Add reset steps for SHA384 in HRR Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	51eff22c9b	Align oode style with server hello parse Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
XiaokangQian	647719a172	Add hello retry request in client side Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:50:06 +00:00
Jerry Yu	ed5e9f431d	Change ecdsa sig_algs order for tls1.3 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-26 12:41:12 +08:00
Jerry Yu	0b994b8061	fix typo error Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 17:22:12 +08:00
Jerry Yu	53037894ab	change the defaut sig_algs order Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 14:38:01 +08:00
Jerry Yu	18c833e2eb	fix tls1_2 only sig_algs order issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 14:38:01 +08:00
Jerry Yu	f377d644f5	Refactor duplicate check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 14:38:01 +08:00
Jerry Yu	6ade743a43	Add mbedtls_printf alias for !PLATFORM_C Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 14:38:01 +08:00
Jerry Yu	370e146acb	fix comments issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	909df7b17b	Refactor *_sig_algs tables Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	b476a44fc6	Add static assert check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	941e07ff02	fix test_no_platform fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	1a8b481ce6	Remove duplicated signature algorithm in default settings Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	600ded7ea5	Reserve end tag space at sig_algs_len init. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	a68dca24ee	move overflow inside loop Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	8afd6e4308	fix typo issues in comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	eb821c6916	remove check_sig_hash Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	1bab301c0d	Add signature algorithm supported check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	7ddc38cedb	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	4131ec1260	Add signature algorithm length check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	a69269a711	change sig_algs_len unit to byte Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	713013fa80	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	e12f1ddcfa	fix check names fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	11f0a9c2c4	fix deprecated-declarations error replace sig_hashes with sig_alg Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	6106fdc085	fix build fail without TLS13 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	f017ee4203	merge write sig_alg of tls12 and tls13 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> # Conflicts: # library/ssl_misc.h	2022-01-25 12:46:17 +08:00
Jerry Yu	1abd1bc22f	Change write_sig_alg_ext of tls12 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	0e5bcb6bf5	Replace directly access for sig_hashes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:16 +08:00
Manuel Pégourié-Gonnard	fcca7cfa97	Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite Add accessors for ciphersuite info	2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard	d2da19b8eb	Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO	2022-01-18 09:16:25 +01:00
Ronald Cron	188ed19456	Merge pull request #5351 from yuhaoth/pr/remove-duplicate-supported_group_ext Remove duplicate function for writing supported_groups extension	2022-01-17 09:13:14 +01:00
Glenn Strauss	8f52690956	Add accessors for ciphersuite info Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-01-13 00:05:48 -05:00
Jerry Yu	b925f21806	fix comment issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-12 11:17:02 +08:00
Jerry Yu	1510cea0f3	fix coding style issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-12 10:56:49 +08:00
Jerry Yu	3ad14ac9e9	Add named group IANA value check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-11 17:13:16 +08:00
Jerry Yu	f46b016058	skip some extensions if ephemeral not enabled Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-11 16:28:00 +08:00
Jerry Yu	63282b4321	Refactor write supported group Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-11 15:43:53 +08:00
Jerry Yu	7f029d8a94	fix coding style issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-11 11:08:53 +08:00
Andrzej Kurek	03e01461ad	Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO Fix library references, tests and programs. Testing is performed in the already present all.sh test. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-03 12:53:24 +01:00
Jerry Yu	1ea9d10687	fix test_ref_configs build fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-21 14:52:38 +08:00
Glenn Strauss	cee11296aa	Reset dhm_P and dhm_G if config call repeated Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated to avoid leaking memory. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2021-12-20 20:24:56 -05:00
Jerry Yu	1753261083	change write_supported_groups_ext prototype Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-20 22:32:09 +08:00
Jerry Yu	ba07342cd6	Add generic write_supported-groups_ext Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-20 22:22:15 +08:00
Gilles Peskine	a4174312da	Initialize hash_len before using it Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 14:38:40 +01:00
Gilles Peskine	f0fd4c3aee	mbedtls_ssl_parse_finished: zeroize expected finished value on error Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-13 12:36:15 +01:00
Dave Rodgman	050ad4bb50	Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac Check HMAC return values	2021-12-13 10:51:27 +00:00
Gilles Peskine	ecf6bebb9c	Catch failures of md_hmac operations Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that their return values should be checked. Do check the return values in our code. We were already doing that everywhere for hash calculations, but not for HMAC calculations. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-12-11 15:00:57 +01:00
Ronald Cron	db6adc5aad	ssl: Fix some compilation guards for TLS 1.3 signature algorithms Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 14:25:35 +01:00
Ronald Cron	6f135e1148	Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:47:55 +01:00
Manuel Pégourié-Gonnard	b873577fc3	Merge pull request #5240 from duckpowermb/development [session] fix a session copy bug	2021-12-09 09:23:23 +01:00
Gilles Peskine	392113434a	Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x Forward port to 3.x: Introduce PSA test driver library to test PSA configuration	2021-12-07 12:52:20 +01:00
Ronald Cron	69a63426af	psa: Fix the size of hash buffers Fix the size of hash buffers for PSA hash operations. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-03 18:55:33 +01:00
吴敬辉	0b71611c80	[session] fix a session copy bug fix a possible double reference on 'ticket' when peer_cert/peer_cert_digest calloc failed. Signed-off-by: 吴敬辉 <11137405@vivo.com>	2021-11-29 10:50:04 +08:00
Xiaofei Bai	6dc90da740	Rebased on `74217ee` and add fixes Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:12:43 +00:00
Xiaofei Bai	9539501120	Rebase and add fixes Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:09:26 +00:00
Xiaofei Bai	746f9481ea	Fix 1_3/13 usages in macros and function names Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00
XiaokangQian	a83014db4a	TLS1.3: Add signature scheme pkcs1 v1.5 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-25 02:21:16 +00:00
Gilles Peskine	e2d707fea5	Merge pull request #4866 from gabor-mezei-arm/3649_move_constant_time_functions_into_separate_module Move constant-time functions into a separate module	2021-11-24 19:33:00 +01:00
Gabor Mezei	be7b21da22	Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module	2021-11-24 10:44:13 +01:00
XiaokangQian	4b82ca1b70	Refine test code and test scripts Change client test code to support rsa pss signatures Add test cases for rsa pss signature in ssl-opt.sh Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 05:50:12 +00:00
XiaokangQian	82d34ccf47	Add signature scheme rsa pss Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 05:50:12 +00:00
Ronald Cron	bb41a88f2e	Merge pull request #5120 from yuhaoth/pr/fix-memory-leak-and-version-header TLS1.3 :fix memory leak and version header	2021-11-12 13:49:26 +01:00
Jerry Yu	a1a568c2f6	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-11-09 10:17:21 +08:00
Jerry Yu	ba9c727e94	fix memory leak issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-30 20:23:45 +08:00
Brett Warren	e0edc8407b	Add mbedtls_ssl_conf_groups to API mbedtls_ssl_conf_groups allows supported groups for key sharing to be configured via their IANA NamedGroup ID. This is added in anticipation of PQC and Hybrid key sharing algorithms being integrated into Mbed TLS. mbedtls_ssl_conf_curves is deprecated in favor of mbedtls_ssl_conf_groups. handshake_init has been modified to translate and copy curves configured via conf_curves into a heap allocatied array of NamedGroup IDs. This allows the refactoring of code interacting with conf_curve related variables (such as curve_list) to use NamedGroup IDs while retaining the deprecated API. Signed-off-by: Brett Warren <brett.warren@arm.com>	2021-10-29 11:27:00 +01:00
Gabor Mezei	90437e3762	Rename constant-time functions to have mbedtls_ct prefix Rename functions to better suite with the module name. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-20 11:59:27 +02:00
Gilles Peskine	9202ba37b1	Merge pull request #4960 from mpg/cleanup-tls-cipher-psa-3.x Clean up some remnants of TLS pre-1.2 support	2021-10-19 21:59:15 +02:00
Gabor Mezei	765862c4f3	Move mbedtls_cf_memcmp to a new public header Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2021-10-19 12:22:25 +02:00
Gilles Peskine	6210320215	Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on	2021-10-18 17:53:56 +02:00
Ronald Cron	e23bba04ee	Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils TLS 1.3: ServerHello: add utils functions used by ServerHello Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012) thus we can consider that this PR passed CI.	2021-10-11 11:01:11 +02:00
Jerry Yu	fd320e9a6e	Replace zeroize with memset Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 21:52:41 +08:00
Jerry Yu	ae0b2e2a2f	Rename counter_len Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 15:40:14 +08:00
Jerry Yu	c1ddeef53a	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-10-08 15:40:14 +08:00
Andrzej Kurek	a72fe641cc	Do not zeroize the ssl context if a key exporting function is set Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2021-09-29 17:08:31 -04:00
Andrzej Kurek	324f72ec9c	Fix a bug where the ssl context is used after it's nullified When not using DEBUG_C, but using the DTLS CID feature - a null pointer was accessed in ssl_tls.c. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2021-09-29 10:15:52 -04:00
Andrzej Kurek	5902cd64e2	Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on This option only gated an ability to set a callback, but was deemed unnecessary as it was yet another define to remember when writing tests, or test configurations. Fixes #4653. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2021-09-29 10:15:42 -04:00
Gilles Peskine	bfe3d87f24	Merge pull request #4842 from gilles-peskine-arm/public_fields-3.0-info Make some structure fields public: key info, ASN.1 and X.509 parsing, socket fd	2021-09-29 12:37:09 +02:00
Jerry Yu	d96a5c2d86	Fix wrong usage of counter len macro Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-29 17:46:51 +08:00
gabor-mezei-arm	4602564d7a	Unify memcmp functions Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:33:47 +02:00
gabor-mezei-arm	db9a38c672	Move contatnt-time memcmp functions to the contant-time module Signed-off-by: gabor-mezei-arm <gabor.mezei@arm.com>	2021-09-28 16:16:14 +02:00
Jerry Yu	d9a94fe3d0	Add counter length macro Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-28 20:10:26 +08:00
Jerry Yu	148165cc6f	Remove psa version of get_handshake_transcript Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	000f976070	Rename get_handshake_transcript - Remove tls13 prefix - Remove TLS1_3 macro wrap Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	24c0ec31f9	tls13: add get_handshake_transcript Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:34:58 +08:00
Jerry Yu	3bf1f97a0e	fix various issue on pending send alert Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:25:38 +08:00
Jerry Yu	bbd5a3fded	fix pending_alert issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:25:38 +08:00
Jerry Yu	e7047819ee	add pend fatal alert Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-27 16:25:38 +08:00
Manuel Pégourié-Gonnard	a0b4b0c3cd	Clean up some remnants of TLS pre-1.2 support Now that support for earlier version have been removed, we no longer need to care about them. Since TLS 1.3 is being gradually introduced, we might still need a version check in some places - but here the function is called ssl_tls12_populate_tranform() and TLS 1.3 has its own function mbedtls_ssl_tls13_populate_transform(), so when this function is called we just know we're using TLS 1.2. Reviewer hint: use the -b option of git diff / git show Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-09-21 14:12:59 +02:00
Jerry Yu	275619336a	fix name conversion issue for tls13 server entry Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	9e42f6efd3	Revert "Move random function check" This reverts commit cc88b34f7942f57ea0fd27ee4b3e29f49c91f10e. It causes many test fail. It should be re-considered. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	f443681f56	fix function name conversion issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:20 +08:00
Jerry Yu	708202b7d0	Move random function check move to `ssl_conf_check` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-09-03 16:29:19 +08:00
Gilles Peskine	88d681ca35	Make size_t -> int downcasts explicit mbedtls_cipher_setkey takes an int argument. Cast explicitly, otherwise MSVC complains. Where possible, just stick to size_t. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-09-01 16:57:23 +02:00
Gilles Peskine	e720dbe177	Use cipher_info accessor functions in TLS code Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-08-31 22:54:27 +02:00

1 2 3 4 5 ...

1502 commits