mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-04-25 18:02:33 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
24,641 Commits 172 Branches 267 Tags
Commit Graph

24641 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Pengyu Lv
723ac268e7 ssh_cache: Add back description of other errors for cache getter 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-11 09:19:08 +08:00
Xiaokang Qian
49f39c1e91 Fix the wrong debug _message function to _ret 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:29:17 +00:00
Xiaokang Qian
09c3cccf97 Update the todo comment of record size limits 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:29:17 +00:00
Xiaokang Qian
8bce0e6f5e Update group ext debug message in ssl_tls13_server.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:29:17 +00:00
Xiaokang Qian
91bb3f0665 Wrap lines in library/ssl_tls13_client.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:29:17 +00:00
Xiaokang Qian
9f1747bb1f Wrap lines which exceed 80 chars in ssl_tls13_server.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:29:14 +00:00
Xiaokang Qian
958b6ffe98 Wrap lines which exceed 80 chars in ssl_tls13_client.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:27:52 +00:00
Xiaokang Qian
7343738695 Wrap lines which exceed 80 chars in ssl_tls13_generic.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:27:51 +00:00
Xiaokang Qian
123cde824c Improve code styles(line numbers) for tls13_key.c 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 08:27:51 +00:00
Xiaokang Qian
669c7c35f0 Update SEC1 link in ecp.c 
Old link doesn't work any more, update it to one
new link to refer version 2

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-04-10 07:36:35 +00:00
Pengyu Lv
e3746d7ce6 ssl_cache: Error renaming and document improvement 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-04-10 14:40:03 +08:00
Valerio Setti
520c0384e7 pkparse: fix return value 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 11:38:09 +02:00
Valerio Setti
1df94f841b pk: fix return codes' precedence and code style 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 11:04:32 +02:00
Manuel Pégourié-Gonnard
f740767c00
Merge pull request #7391 from valeriosetti/issue7387 
PK: don't use mbedtls_ecp_check_pub_priv() when USE_PSA is enabled
 2023-04-07 10:17:18 +02:00
Andrzej Kurek
0af32483f3 Change the format of md.h include comments 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-07 03:10:28 -04:00
Valerio Setti
9d65f0ef12 pk_wrap: simplify prototype of eckey_check_pair_psa() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:53:17 +02:00
Valerio Setti
aad6306212 pkparse: fix guards position 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:45:34 +02:00
Valerio Setti
3fddf250dc test: use proper macros for PSA init/done 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:45:34 +02:00
Valerio Setti
4bf73ad83f pkparse: use proper sizing for buffer 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:45:34 +02:00
Valerio Setti
34f6755b34 pkparse: add new function for deriving public key from private using PSA 
Instead of using the legacy mbedtls_ecp_mul() function which makes use of
ECP's math, this commit adds a new function named pk_derive_public_key()
which implements the same behavior using PSA functions.
The flow is simple:
- import the private key into PSA
- export its public part

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:45:34 +02:00
Valerio Setti
f286664069 pk_wrap: minor code optimizations 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-07 08:37:46 +02:00
Minos Galanakis
0a325b6767 ecp.py: Set test-dependencies as attributes. 
This patch enables declaring dependencie as test-class
members. ECP curve functions have been updated
to use the new capability.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-06 16:33:10 +01:00
Minos Galanakis
92278dc407 test_suite_ecp: Updated dependency macros for ecp_raw_generic. 
This patch introduces a new local hash define of
`MBEDTLS_ECP_DP_SECP_GENERIC_ENABLED` to replace the
removed curve specific macros, introduced in upstream.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-06 16:27:44 +01:00
Minos Galanakis
1358648f77 test_suite_ecp: Introduced ecp_mod_p_generic_raw 
This patch replaces similiarly structured test functions
for:

* MBEDTLS_ECP_DP_SECP192R1
* MBEDTLS_ECP_DP_SECP224R1
* MBEDTLS_ECP_DP_SECP256R1
* MBEDTLS_ECP_DP_SECP384R1
* MBEDTLS_ECP_DP_BP512R1R1

with a more generic version, which adjusts the parameters, based on the `curve_id` field,
provided by the testing data.

The python test framework has been updated to provide that extra field.

Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2023-04-06 16:27:12 +01:00
Dave Rodgman
0b3de6fcec
Merge pull request #7288 from ronald-cron-arm/tls13-server-version-negotiation 
TLS: TLS 1.2 / 1.3 version negotiation on server side
 2023-04-06 16:26:19 +01:00
Janos Follath
3615be65f8
Merge pull request #7342 from gabor-mezei-arm/6679_prevent_mpi_mod_write_from_corrupting_the_input 
Prevent mpi_mod_write from corrupting the input
 2023-04-06 15:56:28 +01:00
Janos Follath
44c6694be7
Merge pull request #7351 from gabor-mezei-arm/7109_ecp_fast_reduction_testing 
Test unlikely cases of ECC modular reduction
 2023-04-06 15:55:19 +01:00
Andrzej Kurek
0e03f4c119 Remove unnecessary include 
This is a PSA-based program and psa/crypto.h
is already included.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2023-04-06 07:55:25 -04:00
Ronald Cron
8c1ce223eb tests: ssl: Restore !MBEDTLS_SSL_PROTO_TLS1_3 dependency 
Restore the dependency on !MBEDTLS_SSL_PROTO_TLS1_3
of the DTLS fragmentation tests. That way the test
is not run on Windows 2013 (as in development) where
there is an issue with MBEDTLS_PRINTF_SIZET when
running those tests. I will address this issue in a
separate PR.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 13:20:40 +02:00
Ronald Cron
dad02b2bec tls13: srv: Fix comment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:05 +02:00
Ronald Cron
fe01ec2d57 tls12: srv: Use sizeof() instead of constant 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:05 +02:00
Ronald Cron
c564938180 Add downgrade protection mechanism 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:05 +02:00
Ronald Cron
e45afd760d Use specific pointer to loop over proposed cipher suites 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:01 +02:00
Ronald Cron
1a353ea4b8 ssl-opt.sh: Improve description of server negotiation tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
eff5673e09 Improve and align variable names for supported versions data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
3bd2b02486 Check for TLS 1.3 version first 
Check for TLS 1.3 version first when parsing
the supported versions extension as it is
the most likely version.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
b828c7d3de Fix, improve and add comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
4d31496294 Update TLS 1.3 documentation and add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
d120bd646c ssl-opt.sh: Add version selection by the server tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
50ae84ed97 ssl-opt.sh: Remove some unnecessary forcing of TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
097ba146e7 tls: srv: Set hybrid TLS 1.2/1.3 as default configuration 
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
43263c045a tests: ssl: Extend move to handshake state tests 
Extend move to handshake state tests to reach
most of TLS 1.2 and 1.3 handshake states.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
3b35455a69 tls: srv: Allow server hybrid TLS 1.2 and 1.3 configuration 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
6291b23080 tls: Add logic in handshake step to enable server version negotiation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
8a12aeec93 tls: Initialize SSL context tls_version in mbedtls_ssl_setup() 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
5af4c7f0e2 tls13: srv: Add detection to negotiate TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
8c527d0be8 tls13: srv: Parse supported versions extension early 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
2f16b4ec66 tls13: srv: Postpone cipher suite selection 
Postpone TLS 1.3 cipher suite selection
when we are sure we negotiate the version
1.3 of the protocol.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
cada410365 tls13: srv: Postpone legacy session id copy 
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the legacy session id.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
d540d995b2 tls13: srv: Postpone client random copy 
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the client random
bytes.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00