mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-31 09:32:55 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
29,902 Commits 170 Branches 263 Tags
Commit Graph

29902 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Valerio Setti
3bfad3a8dc pkparse: make EC/RSA setup functions internally available 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-11 09:37:33 +01:00
Manuel Pégourié-Gonnard
af3e574f5f
Merge pull request #8862 from valeriosetti/issue8825 
Improve support of mbedtls_psa_get_random in client-only builds
 2024-03-10 20:06:27 +00:00
Ronald Cron
7e1f9f290f
Merge pull request #8854 from ronald-cron-arm/tls13-srv-max-early-data-size 
TLS 1.3: Enforce max_early_data_size on server
 2024-03-09 00:16:07 +00:00
Ronald Cron
e1295fabaf tests: ssl: early data: Fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 17:05:27 +01:00
Janos Follath
080a5171e2
Merge pull request #8861 from ronald-cron-arm/tls13-srv-select-kex 
TLS 1.3: SRV: Improve key exchange mode selection
 2024-03-08 14:58:36 +00:00
Janos Follath
a812e0fe14
Merge pull request #8883 from mfischer/fix_shared_secret 
library: psa_crypto: Explicitly initialize shared_secret
 2024-03-08 14:35:20 +00:00
Ronald Cron
52472104a2 tests: suite: early data: Add comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
4facb0a9cd tests: ssl: Improve early data test code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
1a13e2f43e tests: ssl: Improve test code for very small max_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:51:20 +01:00
Ronald Cron
db944a7863 ssl_msg.c: Fix log position 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 14:50:58 +01:00
Ronald Cron
e14770fc42 ssl-opt.sh: Fix early data test option 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:57:36 +01:00
Ronald Cron
19521ddc36 tls13: srv: Fix/Improve debug logs 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
7cab4f885b tls13: srv: Fix/Improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
16cc370423 tls13: srv: Fix initialization value 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
f602f7ba50 tls13: srv: Code improvements 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
3811765c0c tls13: srv: Add/Improve comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
74a1629231 tls13: srv: Move PSK ciphersuite selection up 
Move PSK ciphersuite selection up to the main
ClientHello parsing function. That way the
ciphersuite selection only happens in this
function.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
3e47eec431 tls13: srv: Simplify resumption detection 
Avoid marking we resume and then
cancelling it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
e8c162d7ba tls13: srv: Simplify kex availability checks 
Regarding the possibility of selecting a
key exchange mode, the check of the ticket
flags is now separated from the check of
the ClientHello content and server
configuration.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
79cdd4156f tls13: srv: Improve key exchange mode determination 
For PSK based key exchange modes do not check twice
anymore if they can be selected or not. Check it
only when looping over the offered PSKs to select
one.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
1f63fe4d74 tls13: srv: Fix resume flag in case of cancelled PSK 
If we prefer ephemeral key exchange mode over
the pure PSK one, make sure the resume flag is
disabled as eventually we are not going to
resume a session even if we aimed to at some
point.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
cf284565c5 tls13: srv: Determine best key exchange mode for a PSK 
Determine best key exchange for for ticket based and
external PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
89089cc69b tls13: srv: Factorize ciphersuite selection code 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
f7e9916b3d tls13: srv: Fix MBEDTLS_SSL_SESSION_TICKETS guard position 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
12e72f1664 tls13: srv: Always parse the pre-shared key extension 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
7a30cf5954 tls13: srv: Stop earlier identity check 
If an identity has been determined as a
ticket identity but the ticket is not
usable, do not try to check if the
identity is that of an external
provided PSK.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
fbae94a52f tls13: srv: Improve ticket identity check return values 
Improve the values returned by
ssl_tls13_offered_psks_check_identity_match_ticket().
Distinguish between the two following cases:
1) the PSK identity is not a valid ticket identity
2) the PSK identity is a valid ticket identity but
   the ticket cannot be used for session resumption.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
3cdcac5647 tls13: srv: Fix return value 
Fix the value returned by
ssl_tls13_offered_psks_check_identity_match_ticket()
when there is no ticket parser function defined
or no time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
6e31127f08 tls13: srv: Define specific return macros for binder check 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-08 08:43:41 +01:00
Ronald Cron
139a4185b1
Merge pull request #8587 from yanrayw/issue/4911/ssl_setup-check-RNG-configuration 
TLS: check RNG when calling mbedtls_ssl_setup()
 2024-03-08 07:38:39 +00:00
Ronald Cron
93795f2639 tls13: Improve comment about cast to uint32_t 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-07 09:57:07 +01:00
Paul Elliott
8a2062c538
Merge pull request #8892 from paul-elliott-arm/add_threading_to_drivers 
Ensure drivers have threading enabled if required
 2024-03-06 14:35:49 +00:00
Moritz Fischer
967f8cde84 library: psa_crypto: Explicitly initialize shared_secret 
When building with -Og (specifically Zephyr with
CONFIG_DEBUG_OPTIMIZATIONS=y) one observes the following warning:

'shared_secret' may be used uninitialized [-Werror=maybe-uninitialized]

Fix this by zero initializing 'shared_secret' similar to the issue
addressed in commit 2fab5c960 ("Work around for GCC bug").

Signed-off-by: Moritz Fischer <moritzf@google.com>
 2024-03-05 22:32:32 +00:00
Gilles Peskine
31403a4ca8
Merge pull request #8678 from daverodgman/quietbuild 
Make builds less verbose
 2024-03-05 18:04:16 +00:00
Gilles Peskine
71cc260563
Merge pull request #8728 from minosgalanakis/features/add_mbedtls_x509_crt_get_ca_istrue_accesor_6151 
[MBEDTLS_PRIVATE] Add mbedtls_x509_crt_get_ca_istrue() accesor
 2024-03-05 18:04:06 +00:00
Dave Rodgman
3c4166aef3
Merge pull request #8863 from minosgalanakis/feature/add_ecdh_context_5016 
[MBEDTLS_PRIVATE] Add a getter for the ECDH context->grp.id member.
 2024-03-05 16:58:13 +00:00
Minos Galanakis
581e63637a test_suite_x509parse: Added test-case for legacy certificate 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-05 14:39:23 +00:00
Paul Elliott
053b7886e5 Ensure drivers have threading enabled if required 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-05 14:27:23 +00:00
Ronald Cron
2e7dfd5181 tls13: Remove unnecessary cast from size_t to uint32_t 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-05 13:48:11 +01:00
Minos Galanakis
87b4f6d86c x509: Reworded documentation bits. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-05 11:05:51 +00:00
Gilles Peskine
d06244b813
Merge pull request #8821 from davidhorstmann-arm/fix-config-bitflag 
Update `SSL_SERIALIZED_SESSION_CONFIG_BITFLAG` with new flags
 2024-03-05 09:59:42 +00:00
Gilles Peskine
8462146d01
Merge pull request #8867 from gilles-peskine-arm/psa_key_attributes-remove_core 
Merge psa_core_key_attributes_t back into psa_key_attributes_t
 2024-03-05 09:59:24 +00:00
Paul Elliott
634f4d6d7d
Merge pull request #8846 from gilles-peskine-arm/ecp-write-ext-3.6 
Introduce mbedtls_ecp_write_key_ext
 2024-03-04 14:56:55 +00:00
Ronald Cron
987cf898db ssl_helpers: Restore rng_seed incrementation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-04 10:24:27 +01:00
Gilles Peskine
fad79fcdd9 Merge remote-tracking branch 'development' into ecp-write-ext-3.6 
Conflicts:
* library/pk.c: mbedtls_pk_wrap_as_opaque() changed in the feature branch
  and was removed in the target branch.
 2024-03-04 08:52:08 +01:00
Minos Galanakis
79ee110446 Added changelog 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 02:22:01 +00:00
Minos Galanakis
a83ada4eba tests: Added test for mbedtls_x509_crt_get_ca_istrue() 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 02:22:01 +00:00
Minos Galanakis
2abbac74dc x509: Added mbedtls_x509_crt_get_ca_istrue() API accessor. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-04 02:22:01 +00:00
Minos Galanakis
3cfdd73dfa Changelog: Added changelog for mbedtls_ecdh_get_grp_id. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-02 09:14:13 +00:00
Ronald Cron
e93cd1b580 tests: ssl: Free write/read test buffers 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 19:30:00 +01:00