yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
21413 commits 1 branch 0 tags 94 MiB
Commit graph

1718 commits

Author SHA1 Message Date
Xiaokang Qian
bc663a0461 Refine code based on commnets 
Change code layout
Change hostname_len type to size_t
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:01 +00:00
Xiaokang Qian
adf84a4a8c Remove public api mbedtls_ssl_reset_hostname() 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:05:11 +00:00
Xiaokang Qian
6af2a6da74 Fix session save-load overflow issue 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:44 +00:00
Xiaokang Qian
ecd7528c7f Address some comments 
Hostname_len has at least one byte
Change structure serialized_session_tls13
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:44 +00:00
Xiaokang Qian
281fd1bdd8 Add server name check when proposeing pre-share key 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:41 +00:00
Jerry Yu
21092062f3 Restrict cipher suite validation to TLS1.3 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-10 21:21:31 +08:00
Jerry Yu
40afab61a8 Add ciphersuite check in set_session 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-08 14:35:43 +08:00
Jerry Yu
21f9095fa8 Revert "move ciphersuite validation to set_session" 
This reverts commit 19ae6f62c7.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-08 14:35:34 +08:00
Jerry Yu
19ae6f62c7 move ciphersuite validation to set_session 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu
8897c07075 Add server only guards for psk callback 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Paul Elliott
2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets 
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
 2022-09-23 15:48:33 +01:00
Jerry Yu
f3bdf9dd51 fix various issues 
- improve document about configuration item.
- format issue
- variable type issue.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-22 23:47:14 +08:00
Jerry Yu
d0766eca58 fix various issues 
- Improve comments
- Align count variable name to `new_session_tickets_count`
- move tickets_count init to handshake init

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-22 13:21:29 +08:00
Jerry Yu
1ad7ace6b7 Add conf new session tickets 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-19 14:22:21 +08:00
Manuel Pégourié-Gonnard
07018f97d2 Make legacy_or_psa.h public. 
As a public header, it should no longer include common.h, just use
build_info.h which is what we actually need anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:02:48 +02:00
Ronald Cron
e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation 
TLS 1.3: SRV: Finalize external PSK negotiation
 2022-08-31 17:21:57 +02:00
Manuel Pégourié-Gonnard
bf22a2500b
Merge pull request #6208 from AndrzejKurek/tls-tests-no-md-structured 
Remove the dependency on MD from TLS 1.2 tests
 2022-08-30 12:34:37 +02:00
Dave Rodgman
fac3ea5656
Merge pull request #6184 from leorosen/ssl_tls_curve_group_id_null_protect 
mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing
 2022-08-24 15:16:45 +01:00
Tom Cosgrove
bcc13c943f
Add further missing whitespaces inside parentheses 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>

Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-24 15:08:16 +01:00
Tom Cosgrove
20c1137350
Fix coding style 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>

Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-24 15:06:13 +01:00
Andrzej Kurek
cccb044804 Style & formatting fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-23 05:26:02 -04:00
Andrzej Kurek
8c95ac4500 Add missing dependencies / alternatives 
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate, 
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-22 17:46:50 -04:00
Andrzej Kurek
25f271557b Update SHA and MD5 dependencies in the SSL module 
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO
is defined and respective SHA / MD5 defines are missing.
A new set of macros added in #6065 is used to reflect these dependencies.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-22 17:46:50 -04:00
Andrzej Kurek
a242e83b21 Rename the sha384 checksum context to reflect its purpose 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-22 17:02:04 -04:00
Jerry Yu
9f7f646b11 Revert "remove psk key when ephemeral selected" 
This reverts commit 5c28e7aa0e.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:59:17 +08:00
Jerry Yu
24b8c813c4 fix comments and wrong initial value issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:55:45 +08:00
Jerry Yu
5d01c05d93 fix various issues 
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:55:01 +08:00
Jerry Yu
6cf6b47b5c fix format and comment issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:54:53 +08:00
Leonid Rozenboim
19e5973566 mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing 
Avoid the shorthand practice of the form 'x = func(foo)->bar' which
exposes the code to NULL pointer de-referencing when the 'func()'
returns a NULL pointer.

The first chunk is for when the curve group code is not recognized by
the library, and is cleanly rejected if offered.

The second chunk addresses the unlikely case of an internal error:
if 'mbedtls_pk_can_do()' returns TRUE, it should rule out
'mbedtls_pk_ec()' returning a NULL, unless there is a regression.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-08-19 11:49:22 -07:00
Jerry Yu
e28d9745a1 fix coding style issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-18 15:44:03 +08:00
Jerry Yu
3419107e8d Add checks for ticket and resumption_key fields 
From RFC 8446 and the definition of session, we
should check the length.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-18 11:28:41 +08:00
Jerry Yu
e36fdd676c Change signature of tls13_session_save 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-17 21:50:25 +08:00
Jerry Yu
5c28e7aa0e remove psk key when ephemeral selected 
ephemeral is selected, `handshake->psk` must be removed.
Otherwise the encrypt key will be caculate fail.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu
ccc68a466e change handshake psk key type for tls13 
PSK key type of TLS1.3 must be HKDF_EXTRACT and the algo is
decided when create binder

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Dave Rodgman
8a9f88899d
Merge pull request #6186 from leorosen/ssl_tls_null_on_invalid_code 
ssl_tls: avoid the appearance of a potential NULL dereferencing
 2022-08-11 10:12:34 +01:00
Leonid Rozenboim
e9d8dcdbf5 ssl_tls: avoid the appearance of a potential NULL dereferencing 
Looking at the bigger picture it is clear that if `ssl->session` is NULL,
there will be a failure much earlier, and that is well protected from,
however, the practice of dereferencing a pointer which has not been
verified in prior for validity goes against secure coding practices.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-08-09 12:34:30 -07:00
Dave Rodgman
f421d45869
Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype 
Fix build error due to  missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled
 2022-08-09 11:27:42 +01:00
Aditya Patwardhan
3096f331ee Fix missing prototype warning when MBEDTLS_DEPRECATED_REMOVED is 
enabled

Added the changelog.d entry

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
 2022-08-02 11:15:18 +05:30
Jerry Yu
09a99fcf8a Add rsa_pss_rsae_* sig algos for tls12 default 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Jerry Yu
379b1ff3a5 remove useless comment 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Jerry Yu
693a47ab1d add rsa_pss_rsae_* support in tls12 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Dave Rodgman
aba26d0099
Merge pull request #5963 from tom-daubney-arm/remove_ssl_compression_new 
Remove use of SSL session compression
 2022-07-28 10:28:23 +01:00
Manuel Pégourié-Gonnard
f6b8c3297a
Merge pull request #6065 from mpg/explore2 
Driver-only hashes: RSA 1.5 and PK + strategy doc
 2022-07-28 10:43:38 +02:00
Thomas Daubney
54e38ea9cd Remove remaining references to compression in docs 
Some references to compression exist in the docs.
This commit removes those instances.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-07-26 16:13:23 +01:00
Thomas Daubney
20f89a9605 Remove uses of SSL compression 
Remove or modify current uses of session compression.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-07-26 16:13:03 +01:00
Ronald Cron
e579ece305
Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load 
TLS 1.3: Add serialize session save load
I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in  #6123. Thus I am ok to merge it as it is.
 2022-07-23 08:57:11 +02:00
Ronald Cron
340c559cb3
Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks 
TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.
 2022-07-23 08:50:45 +02:00
Jerry Yu
bc7c1a4260 fix typo/format/name issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:09:40 +08:00
Jerry Yu
438ddd835b Add tls13 session save/load 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:08:43 +08:00
Jerry Yu
568ec2502a fix format/name issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 21:27:34 +08:00