yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
28997 commits 1 branch 0 tags 94 MiB
Commit graph

12627 commits

Author SHA1 Message Date
Ronald Cron
40a4ab0e0c ssl_tls.c: Factorize save/load of endpoint and ciphersuite 
Move the save/load of session endpoint and
ciphersuite that are common to TLS 1.2 and
TLS 1.3 serialized data from the
specialized ssl_{tls12,tls13}_session_{save,load}
functions to ssl__session_{save,load}.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 10:29:58 +01:00
Ronald Cron
3c0072b58e ssl_ticket.c: Base ticket age check on the ticket creation time 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 10:29:51 +01:00
Ronald Cron
c57f86e132 Add ticket creation time to TLS 1.2 session serialization 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Ronald Cron
feb577a949 Fix TLS 1.2 session serialization on server side 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Ronald Cron
7b1921ac57 Add endpoint in TLS 1.2 session serialization data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Ronald Cron
17ef8dfddb ssl_session: Define unconditionally the endpoint field 
The endpoint field is needed to serialize/deserialize
a session in TLS 1.2 the same way it is needed in the
TLS 1.3 case: client specific fields that should not
be in the serialized version on server side if both
TLS client and server are enabled in the TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:19 +01:00
Ronald Cron
ba5165e09a ssl_ticket.c: Fix ticket lifetime enforcement 
Take into account that the lifetime of
tickets can be changed through the
mbedtls_ssl_ticket_rotate() API.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:58:15 +01:00
Ronald Cron
e34f124ff1 ssl_ticket.c: Remove pedantic server endpoint check 
When calculating the ticket age, remove the check
that the endpoint is a server. The module is
supposed to be used only server side. Furthermore,
if such check was necessary, it should be at the
beginning of all ssl_ticket.c APIs. As there is no
such protection in any API, just remove the check.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:56:40 +01:00
Ronald Cron
3c3e2e62f6 ssl_ticket.c: Remove TLS server guard 
The ticket module is removed from the build
if the TLS server is not in the build now
thus no need for the guard.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:54:29 +01:00
Ronald Cron
ce72763f78 ssl_ticket.c: Remove client code 
ssl_ticket.c is a server module.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-01-15 08:52:55 +01:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile 
TLS: remove RSA signature algorithms in `suite B` profile
 2024-01-12 14:34:28 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext 
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
 2024-01-12 13:39:15 +00:00
Waleed Elmelegy
f0ccf46713 Add minor cosmetic changes to record size limit changelog and comments 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-12 10:52:45 +00:00
Ronald Cron
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function 
Harmonise the names and return values of check functions in TLS code
 2024-01-11 13:51:39 +00:00
Ronald Cron
7c14afcaaa
Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check 
TLS1.3: SRV: check `min_tls_version` when parsing ClientHello
 2024-01-11 13:34:09 +00:00
Paul Elliott
f149cd1a3a
Merge pull request #8688 from jwinzig-at-hilscher/development 
Fix bug in mbedtls_x509_set_extension
 2024-01-10 16:57:16 +00:00
Waleed Elmelegy
3ff472441a Fix warning in ssl_tls13_generic.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
f501790ff2 Improve comments across record size limit changes 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:28 +00:00
Waleed Elmelegy
fbe42743eb Fix issue in checking in writing extensions 
Fix issue in checking if server received
record size limit extension.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Waleed Elmelegy
e1ac98d888 remove mbedtls_ssl_is_record_size_limit_valid function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Waleed Elmelegy
d2fc90e024 Stop sending record size limit extension if it's not sent from client 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Waleed Elmelegy
148dfb6457 Change record size limit writing function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Waleed Elmelegy
47d2946943 tls13: server: write Record Size Limit ext in EncryptedExtensions 
- add the support in library
- update corresponding test cases.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-01-10 16:17:27 +00:00
Yanray Wang
42017cd4c9 tls13: cli: write Record Size Limit ext in ClientHello 
- add the support in library
- update corresponding test case

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2024-01-10 16:17:27 +00:00
Yanray Wang
faf70bdf9d ssl_tls13_generic: check value of RecordSizeLimit in helper function 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2024-01-10 16:17:27 +00:00
Yanray Wang
a8b4291836 tls13: add generic function to write Record Size Limit ext 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2024-01-10 16:17:27 +00:00
Jonathan Winzig
5caf20ea80
Update fix to be more platform-independent 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-09 16:41:10 +01:00
Tom Cosgrove
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit 
Comply with the received Record Size Limit extension
 2024-01-09 15:22:17 +00:00
Jonathan Winzig
05c722bfd0 Fix Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-09 15:20:03 +01:00
Manuel Pégourié-Gonnard
4aad0ff510
Merge pull request #8632 from valeriosetti/issue8598 
[G5] Make block_cipher work with PSA
 2024-01-08 08:07:53 +00:00
Waleed-Ziad Maamoun-Elmelegy
e2d3db5cfc
Update mbedtls_ssl_get_output_record_size_limit signature 
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Waleed-Ziad Maamoun-Elmelegy <122474370+waleed-elmelegy-arm@users.noreply.github.com>
 2024-01-05 14:19:16 +00:00
Dave Rodgman
a021d63bf7
Merge pull request #8642 from daverodgman/default-compiler-all 
CI perf: Use clang by default in all.sh
 2024-01-04 12:58:54 +00:00
Manuel Pégourié-Gonnard
5bad043c06
Merge pull request #8641 from valeriosetti/issue8358 
G3-G4 wrap-up
 2024-01-04 10:48:00 +00:00
Valerio Setti
c1c6858bfc cipher_wrap: fix guards for some CCM/GCM functions 
Legacy CCM and GCM can work even when AES_C is not defined thanks
to the block_cipher module, so we can relax guards in
cipher_wrap.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-01-02 17:20:58 +01:00
Dave Rodgman
84125a167e Merge remote-tracking branch 'origin/development' into default-compiler-all 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-02 11:42:38 +00:00
Valerio Setti
e581e140cc oid/pkparse: add missing guards for PKCS[5/12] functions when !CIPHER_C 
This commit also updates test_suite_pkparse.data file adding
MBEDTLS_CIPHER_C dependencies whenever PKCS[5/12] is used.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-29 16:35:58 +01:00
Waleed Elmelegy
6a971fd61a Refactor and improve Record size limit handling 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-28 17:48:16 +00:00
Valerio Setti
1fff4f2012 psa: add key_type as input parameter of psa_can_do_cipher() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-28 18:33:17 +01:00
Valerio Setti
1994e72e18 check_config/block_cipher: minor improvements 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-28 18:33:04 +01:00
Valerio Setti
a69e872001 pkcs[5/12]: add CIPHER_C for [en/de]crypting functions 
This commit also updates corresponding test suites.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-12-21 16:39:04 +01:00
Dave Rodgman
3bc249959c
Merge branch 'development' into default-compiler-all 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-12-21 14:35:14 +00:00
Tom Cosgrove
c6088eceb4
Merge pull request #8384 from paul-elliott-arm/remove_ssl_null_tls12 
Remove NULLing of ssl context in TLS1.2 transform population
 2023-12-21 13:28:09 +00:00
Gilles Peskine
4bf4473ef0
Merge pull request #8633 from Wenxing-hou/clear_clienthello_comment 
Make clienthello comment clear
 2023-12-21 12:09:23 +00:00
Gilles Peskine
0e6fdc4f1d
Merge pull request #8342 from yanesca/threading_test_pc 
Threading test proof of concept and plan
 2023-12-21 12:08:41 +00:00
Waleed Elmelegy
65e3046e18 Fix code style in ssl_tls.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-20 17:55:10 +00:00
Waleed Elmelegy
049cd302ed Refactor record size limit extension handling 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2023-12-20 17:28:31 +00:00
Tomi Fontanilles
851d8df58d fix/work around dependency issues when !MBEDTLS_ECP_C 
Signed-off-by: Tomi Fontanilles <tomi.fontanilles@nordicsemi.no>
 2023-12-20 13:09:27 +02:00
Tomi Fontanilles
9f41770313 pk_*: remove remaining references to MBEDTLS_PSA_CRYPTO_C 
For real this time.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 13:05:55 +02:00
Tomi Fontanilles
bad170e159 pk: remove last references to MBEDTLS_PSA_CRYPTO_C 
They are replaced by MBEDTLS_USE_PSA_CRYPTO.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00
Tomi Fontanilles
1941af087c pk_wrap: remove last references to MBEDTLS_PSA_CRYPTO_C 
Deprecated functions are removed and #ifdefs are updated accordingly.

Signed-off-by: Tomi Fontanilles <129057597+tomi-font@users.noreply.github.com>
 2023-12-20 12:59:57 +02:00