mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-10 06:40:16 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
20,897 Commits 170 Branches 263 Tags
Commit Graph

9262 Commits

Author SHA1 Message Date
Ronald Cron
340c559cb3
Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks 
TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.
 2022-07-23 08:50:45 +02:00
Jerry Yu
13ab81d5ac Add handshake failure in pre_shared_key withou psk_kex_modes 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:17:11 +08:00
Jerry Yu
bc7c1a4260 fix typo/format/name issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:09:40 +08:00
Jerry Yu
438ddd835b Add tls13 session save/load 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:08:43 +08:00
Jerry Yu
a66fecebe7 Add endpoint/ticket_flag field for session 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:08:43 +08:00
Jerry Yu
6f1db3fc92 fix format and potential non-PSK fail issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:05:59 +08:00
Jerry Yu
ce6ed7076a Change the order of key_exchange determine 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 21:49:53 +08:00
Jerry Yu
ba9b6e9e53 fix unkown identity case 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 21:45:05 +08:00
Jerry Yu
568ec2502a fix format/name issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 21:27:34 +08:00
Jerry Yu
2f0abc94d8 fix typo/type/format issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 19:34:48 +08:00
Ronald Cron
4beb870fa8
Merge pull request #6064 from xkqian/tls13_add_psk 
Add psk code to tls13 client side
 2022-07-22 11:35:05 +02:00
Dave Rodgman
a948f0588c
Merge pull request #1986 from jacmet/bn_mul-fix-x86-pic-compilation-for-gcc-4 
bn_mul.h: fix x86 PIC inline ASM compilation with GCC < 5
 2022-07-21 17:34:48 +01:00
Jerry Yu
77f0148e11 Add psk/psk_ephemeral key exchange check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 23:27:22 +08:00
Ronald Cron
32578b3bd0
Merge pull request #6069 from yuhaoth/pr/add-tls13-write-new-session-ticket 
TLS 1.3:add tls13 write new session ticket
Validated by the internal CI and Travis.
 2022-07-21 16:17:35 +02:00
XiaokangQian
bee71453b2 Improve the buffer pointer check in write pre_shared key 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
XiaokangQian
3ad67bf4e3 Rename functions and add test messages 
Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
XiaokangQian
7c12d31813 Refine comments for psk related code 
Change-Id: Iff5c176bb902919abc8d4fb78a185aa68704a791
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
XiaokangQian
8698195566 Address comments of various issues 
Improve comments
Change coding style
Rename functions

Change-Id: Ia111aef303932cfeee693431c3d48f90342b32e5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
XiaokangQian
adab9a6440 Fix transcript issues and add cases against openssl 
Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
XiaokangQian
008d2bf80b Address comments in psk client review 
Improve comments
Refine cipher suite related code in psk
Refine get_psk_offered()

Change-Id: Ic3b0b5f86eb1e71f11bb499961aa8494284f1840
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
XiaokangQian
eb69aee6af Add psk code to tls13 client side 
Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-07-21 15:30:04 +02:00
Manuel Pégourié-Gonnard
73692b7537 Rework macros expressing dependencies 
Fix usage with sed:

s/MBEDTLS_OR_PSA_WANT_\([A-Z_0-9]*\)/MBEDTLS_HAS_\1_VIA_LOWLEVEL_OR_PSA/
s/MBEDTLS_USE_PSA_WANT_\([A-Z_0-9]*\)/MBEDTLS_HAS_\1_VIA_MD_OR_PSA_BASED_ON_USE_PSA/

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-21 12:11:53 +02:00
Jerry Yu
96a2e368dc TLS 1.3: Add pre-shared-key multiple psk parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 18:00:13 +08:00
Jerry Yu
6119715e05 Change type cast to size_t 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:28:02 +08:00
Jerry Yu
1c9247cff4 TLS 1.3: Add pre_share_key last ext check 
From RFC, pre_share_key must be the last one.
Add check for it. And with/without psk, it should
be check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu
352cd7db59 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu
daf375aa8b fix issues of check_binder_match 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu
bb852029f4 fix naming issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu
6e74a7e3c7 Add check return flags 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu
997549353e fix various code format issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu
032b15ce5e Add write selected_identity 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu
1c105560b4 add offered psks parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Jerry Yu
6dcd18d55b export hdr checksum function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 16:19:50 +08:00
Ronald Cron
bc817bac76 TLS 1.3: Limit scope of tls13_kex_modes handshake field 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-21 09:43:53 +02:00
Jerry Yu
fca4d579a4 fix various issues 
- unnecessary comments
- format issue
- improve readability

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-21 10:37:48 +08:00
Ronald Cron
799077177b TLS 1.3: Use selected key exchange mode field 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-20 17:49:58 +02:00
Ronald Cron
853854958f TLS 1.3: Add selected key exchange mode field 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-20 17:49:22 +02:00
Ronald Cron
7f9ccfeccc TLS 1.3: Remove unnecessary key exchange mode check 
If there is a PSK involved in the key exchange
and thus no certificate we do not go through the
MBEDTLS_SSL_CERTIFICATE_REQUEST state thus there
is no reason to check that in the coordination
function of that state.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-20 17:47:23 +02:00
Ronald Cron
2d8b7ac898 TLS 1.3: Fix selected key exchange mode check 
ECDHE operations have to be done in
ephemeral and PSK-ephemeral key exchange
mode, not just ephemeral key exhange mode.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-07-20 17:46:58 +02:00
Dave Rodgman
fa40b02da3 Remove use of lstat 
lstat is not available on some platforms (e.g. Ubuntu 16.04). In this
particular case stat is sufficient.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-20 16:10:33 +01:00
Jerry Yu
6cb4fcd1a5 Remove key exchange mode check. 
This change does not meet RFC requirements.
It should be revert after key exchange mode issue
fixed

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 22:41:00 +08:00
Jerry Yu
e67bef4aba Add tls13 write new session ticket 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 22:41:00 +08:00
Jerry Yu
251a12e942 Add dummy session save 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 22:40:59 +08:00
Dave Rodgman
7085aa42ee
Merge pull request #5896 from wernerlewis/aes_shallow_copy 
Refactor AES context to be shallow-copyable
 2022-07-20 15:16:37 +01:00
Dave Rodgman
103f8b6506 Spelling and grammar improvements 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-20 14:37:08 +01:00
Dave Rodgman
935154ef04 Don't increase failure count for dangling symlinks 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-07-20 14:37:07 +01:00
Eduardo Silva
e1bfffc4f6 x509_crt: handle properly broken links when looking for certificates 
On non-windows environments, when loading certificates from a given
path through mbedtls_x509_crt_parse_path() function, if a symbolic
link is found and is broken (meaning the target file don't exists),
the function is returning MBEDTLS_ERR_X509_FILE_IO_ERROR which is
not honoring the default behavior of just skip the bad certificate file
and increase the counter of wrong files.

The problem have been raised many times in our open source project
called Fluent Bit which depends on MbedTLS:

https://github.com/fluent/fluent-bit/issues/843#issuecomment-486388209

The expected behavior is that if a simple certificate cannot be processed,
it should just be skipped.

This patch implements a workaround with lstat(2) and stat(2) to determinate
first if the entry found in the directory is a symbolic link or not, if is
a simbolic link, do a proper stat(2) for the target file, otherwise process
normally. Upon find a broken symbolic link it will increase the counter of
not processed certificates.

Signed-off-by: Eduardo Silva <eduardo@treaure-data.com>
 2022-07-20 14:36:12 +01:00
Jerry Yu
3afdf36de7 Add hash length check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 18:12:08 +08:00
Jerry Yu
0a430c8aaf Rename resumption_key and the hardcode len 
`resumption_key` is better name.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu
b14413804a Remove ticket_flags 
It should be added later.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00