mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 12:40:02 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
29,233 Commits 170 Branches 263 Tags
Commit Graph

12744 Commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
5c9cc0b30f
Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected 
TLS 1.3: SRV: Ignore early data when rejected
 2024-02-06 13:16:03 +00:00
Ronald Cron
71c6e65d83 tls13: ssl_msg.c: Improve/add comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-05 16:54:37 +01:00
Ronald Cron
31e2d83eee tls13: srv: Improve coding 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-05 16:45:57 +01:00
Manuel Pégourié-Gonnard
32c28cebb4
Merge pull request #8715 from valeriosetti/issue7964 
Remove all internal functions from public headers
 2024-02-05 15:09:15 +00:00
Janos Follath
747bedb0b0
Merge pull request #8733 from ivq/gcm_ad_len_check 
Add back restriction on AD length of GCM
 2024-02-05 13:33:58 +00:00
Jerry Yu
f57d14bed4 Ignore early data app msg before 2nd client hello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-02 17:31:20 +01:00
Jerry Yu
263dbf7167 tls13: srv: Do not allow early data indication in 2nd ClientHello 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-02 17:31:20 +01:00
Ronald Cron
1483dc3bde tls13: cli: Indicate early data only in first ClientHello 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-02 17:31:20 +01:00
Ronald Cron
2995d35ac3 tls13: srv: Deprotect and discard early data records 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-02 17:31:20 +01:00
Jerry Yu
4caf3ca08c tls13: srv: Add discard_early_data_record SSL field 
Add discard_early_data_record in SSL context for
the record layer to know if it has to discard
some potential early data record and how.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-02 17:31:20 +01:00
Ronald Cron
78a38f607c tls13: srv: Do not use early_data_status 
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 20:10:35 +01:00
Ronald Cron
3b9034544e Revert "tls13: Introduce early_data_state SSL context field" 
This reverts commit 0883b8b625a5531f2fc8a61b6b0417f00f76f91e.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 20:03:57 +01:00
Ronald Cron
164537c4a6 tls13: early data: Improve, add comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 19:52:30 +01:00
Ronald Cron
ed7d4bfda5 tls13: srv: Simplify mbedtls_ssl_read_early_data() API 
Do not progress the handshake in the API, just
read early data if some has been detected by
a previous call to mbedtls_ssl_handshake(),
mbedtls_ssl_handshake_step(),
mbedtls_ssl_read() or mbedtls_ssl_write().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 16:45:07 +01:00
Ronald Cron
0883b8b625 tls13: Introduce early_data_state SSL context field 
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 16:45:04 +01:00
Ronald Cron
7b6ee9482e tls13: srv: Reject early data in case of HRR 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 16:40:47 +01:00
Jerry Yu
d9ca354dbd tls13: srv: Add mbedtls_ssl_read_early_data() API 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 16:40:47 +01:00
Jerry Yu
6a5904db45 tls13: srv: Move early data size check placeholder 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 16:40:47 +01:00
Jerry Yu
739a1d4246 tls: Add internal function ssl_read_application_data() 
The function will be used by
mbedtls_ssl_read_early_data() as well.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 16:40:47 +01:00
Ronald Cron
5d0ae9021f tls13: srv: Refine early data status 
The main purpose is to know from the status
if early data can be received of not and
why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 16:40:47 +01:00
Ronald Cron
11cc41265b
Merge pull request #8711 from ronald-cron-arm/tls13-ticket-and-early-data-unit-test 
Add TLS 1.3 ticket and early data unit tests
 2024-02-01 13:15:55 +00:00
Paul Elliott
cb88c4945a
Merge pull request #8754 from Redfoxymoon/development 
fix build for midipix
 2024-02-01 10:01:49 +00:00
Dave Rodgman
dae21d3808 Support SHA-512 hwcap detection on old libc 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-30 15:31:42 +00:00
Ørjan Malde
2a6cb5c881 fix build for midipix 
Signed-off-by: Ørjan Malde <red@foxi.me>
 2024-01-30 14:50:23 +01:00
Paul Elliott
47c74a4773
Merge pull request #8741 from Ryan-Everett-arm/add-locking-macros 
Add macros for locking/unlocking the key slot mutex
 2024-01-26 13:53:38 +00:00
Dave Rodgman
935182fe2b
Merge pull request #1158 from daverodgman/mbedtls-3.5.2rc 
Mbedtls 3.5.2rc
 2024-01-25 12:22:54 +00:00
Dave Rodgman
f5e231ca84
Merge pull request #8719 from daverodgman/iar-codegen 
Improve codegen of unaligned access for IAR and gcc
 2024-01-25 08:31:45 +00:00
Ryan Everett
3877d4858b Refactor macros 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-24 13:26:26 +00:00
Dave Rodgman
13f2f4e7f1 Merge remote-tracking branch 'restricted/development' into mbedtls-3.5.2rc 2024-01-24 09:49:15 +00:00
Ryan Everett
cb05ce30e9 Minor fixes to locking macros 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-23 19:25:10 +00:00
Ryan Everett
90afb132e0 Add ..._GOTO_EXIT macro 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-23 18:34:55 +00:00
Ryan Everett
d6d6a76e46 Add ..._GOTO_RETURN macro 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-01-23 18:32:42 +00:00
Chien Wong
019c2a7817
Handle sizeof(size_t) > sizeof(uint64_t) 
Signed-off-by: Chien Wong <m@xv97.com>
 2024-01-23 21:38:06 +08:00
Janos Follath
aa3fa98bc4
Merge pull request #8726 from v1gnesh/patch-1 
Update entropy_poll.c to allow build in z/OS
 2024-01-23 12:43:18 +00:00
Dave Rodgman
c64280a2d7 Fix comment typo 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-23 10:05:08 +00:00
Dave Rodgman
00b530e395 Limit compiler hint to compilers that are known to benefit from it 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-23 09:41:34 +00:00
Dave Rodgman
e23d6479cc Bump version 
./scripts/bump_version.sh --version 3.5.1

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-01-22 15:45:49 +00:00
Janos Follath
b4b8f3df3b RSA: improve readability 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Janos Follath
47ee770812 RSA: remove unneeded temporaries 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Janos Follath
e6750b2a0b RSA: document Montgomery trick in unblind 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Janos Follath
a62a554071 Fix style 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Janos Follath
100dcddfca Make local function static 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Janos Follath
6bcbc925bf Extend blinding to RSA result check 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Janos Follath
d6b096532c Make RSA unblinding constant flow 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-01-22 15:33:19 +00:00
Jonathan Winzig
a0c9448bea Update fix to be more platform-independent 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 15:31:05 +00:00
Jonathan Winzig
63b5e216f8 Fix Issue #8687 
Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>
 2024-01-22 15:31:05 +00:00
Chien Wong
858bc65d74
Add comment on impossible overflows 
Signed-off-by: Chien Wong <m@xv97.com>
 2024-01-22 20:47:26 +08:00
Chien Wong
bf4b5ed7a4
Add back restriction on AD length of GCM 
Fixes: bd513bb53d80276431161e5a64a2ae61740c4e68
Signed-off-by: Chien Wong <m@xv97.com>
 2024-01-22 20:43:54 +08:00
v1gnesh
3c129dd6aa
Update entropy_poll.c 
Signed-off-by: v1gnesh <v1gnesh@users.noreply.github.com>
 2024-01-22 15:59:49 +05:30
Manuel Pégourié-Gonnard
34c6e8a770
Merge pull request #8700 from valeriosetti/issue8461 
psa_asymmetric_encrypt() doesn't work with opaque driver
 2024-01-22 08:43:08 +00:00