yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
21417 commits 89 branches 205 tags 114 MiB
Commit graph

9491 commits

Author SHA1 Message Date
Xiaokang Qian 03409290d2 Add MBEDTLS_SSL_SESSION_TICKETS guard to server name check 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:51 +00:00
Xiaokang Qian d7adc374d3 Refine the server name compare logic 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:51 +00:00
Xiaokang Qian a3b451f950 Adress kinds of comments base on review 
Rename function name to mbedtls_ssl_session_set_hostname
Add two extra check cases for server name
Fix some coding styles

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:51 +00:00
Xiaokang Qian 2f9efd3038 Address comments base on review 
Change function name to ssl_session_set_hostname()
Remove hostname_len
Change hostname to c_string
Update test cases to multi session tickets

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:49 +00:00
Xiaokang Qian bc663a0461 Refine code based on commnets 
Change code layout
Change hostname_len type to size_t
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:01 +00:00
Xiaokang Qian adf84a4a8c Remove public api mbedtls_ssl_reset_hostname() 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:05:11 +00:00
Xiaokang Qian be98f96de2 Remove useless hostname check in server side 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:44 +00:00
Xiaokang Qian 6af2a6da74 Fix session save-load overflow issue 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:44 +00:00
Xiaokang Qian ecd7528c7f Address some comments 
Hostname_len has at least one byte
Change structure serialized_session_tls13
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:44 +00:00
Xiaokang Qian 281fd1bdd8 Add server name check when proposeing pre-share key 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:41 +00:00
Gilles Peskine 8fd3254cfc
Merge pull request #6374 from mprse/enc_types 
Test TLS 1.2 builds with each encryption type
 2022-10-12 12:45:50 +02:00
Jerry Yu c79742303d Remove unnecessary empty line and fix format issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-11 21:22:33 +08:00
Jerry Yu 22c18c1432 Add NULL check in prepare hello 
`session_negotiate` is used directly in `ssl_prepare_client_hello`
without NULL check. Add the check in the beggining to avoid segment
fault.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-11 18:07:19 +08:00
Jerry Yu c2bfaf00d9 fix wrong typo 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-11 18:07:19 +08:00
Jerry Yu 4f77ecf409 disable session resumption when ticket expired 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-10 22:10:08 +08:00
Jerry Yu 03aa174d7c Improve test message and title 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-10 21:48:37 +08:00
Jerry Yu 6916e70521 fix various issues 
- adjust guards. Remove duplicate guards and adjust format.
- Return success at function end. Not `ret`
- change input len

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-10 21:33:51 +08:00
Jerry Yu 21092062f3 Restrict cipher suite validation to TLS1.3 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-10 21:21:31 +08:00
Jerry Yu a99cbfa2d3 fix various issues 
- rename function and variable
- change signature of `ssl_tls13_has_configured_psk`
- remove unnecessary statements
- remove unnecessary local variables
- wrong variable initial value
- improve output message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-08 14:35:47 +08:00
Jerry Yu 40afab61a8 Add ciphersuite check in set_session 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-08 14:35:43 +08:00
Jerry Yu 21f9095fa8 Revert "move ciphersuite validation to set_session" 
This reverts commit 19ae6f62c7.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-08 14:35:34 +08:00
Jerry Yu 379b91a393 add ticket age check 
Remove ticket if it is expired.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-08 10:21:15 +08:00
Jerry Yu 4a698341c9 Re-org selected_identity parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu 6183cc7470 Re-org binders writer 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu f75364bee1 Re-organize identities writer 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu 8b41e893a2 fix various issues 
- Re-order code and comments
  - move comment above `write_identities`
  - move `write_binder` above `write_identities`.
- Add has_{psk,identity} into {ticket,psk}_get_{psk,identity}
- rename `*_session_tickets_*` to `_ticket_`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu 19ae6f62c7 move ciphersuite validation to set_session 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu 25ab654781 Add dummy ticket support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu b300e3c5be add selected_identity parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu 1a0a0f4416 Add binders writer 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu f7c125917c Add identites writer 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu 0c6105bc9e empty pre_shared_key functions 
To easy review

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Jerry Yu 8897c07075 Add server only guards for psk callback 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Gilles Peskine 845de0898e
Merge pull request #6083 from tom-cosgrove-arm/issue-6015-montgomery-multiplication 
Montgomery multiplication from bignum prototype
 2022-09-30 10:35:21 +02:00
Tom Cosgrove 6da3a3b15f Fix doc regarding aliasing of modulus input to mbedtls_mpi_core_montmul() 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-29 17:20:18 +01:00
Tom Cosgrove 4386ead662 Correct the aliasing requirements in doc for mbedtls_mpi_core_montmul(), and test them 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-09-29 14:40:21 +01:00
Przemek Stekiel ce5b68c7a3 Revert "Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions" 
This reverts commit a82290b727.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-29 15:29:18 +02:00
Ronald Cron 77c691f099
Merge pull request #6194 from xkqian/tls13_add_psk_client_cases 
TLS 1.3: Add PSK client cases
 2022-09-28 17:08:06 +02:00
Manuel Pégourié-Gonnard e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2 
Permissions 2b: TLS 1.3 sigalg selection
 2022-09-28 09:50:04 +02:00
Manuel Pégourié-Gonnard f3f9e450b6
Merge pull request #6115 from AndrzejKurek/ecjpake-kdf-tls-1-2 
Ad-hoc KDF for EC J-PAKE in TLS 1.2
 2022-09-28 09:47:32 +02:00
Xiaokang Qian ca343ae280 Improve message logs and test cases description in psk 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-09-28 02:07:54 +00:00
Przemek Stekiel 4c49927bad Fix unused variables warnings in default + stream cipher only build 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-27 15:04:14 +02:00
Przemek Stekiel a82290b727 Fix guards for mbedtls_ssl_ticket_write() and mbedtls_ssl_ticket_parse() functions 
Both functions are calling mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions. These functions are guarded with MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C flags - make it consistent.
As a result ssl_server2 won't build now with MBEDTLS_SSL_SESSION_TICKETS enabled (mbedtls_cipher_auth_[encrypt/decrypt]_ext() functions not available).
Mark MBEDTLS_SSL_SESSION_TICKETS as dependent on MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C and disable MBEDTLS_SSL_SESSION_TICKETS in stream cipher only build.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-27 15:04:14 +02:00
Przemek Stekiel 89ad62352d Fix guards for mbedtls_ct_size_mask() and mbedtls_ct_memcpy_if_eq() 
Both functions are used when MBEDTLS_SSL_SOME_SUITES_USE_MAC is defined not MBEDTLS_SSL_SOME_SUITES_USE_TLS_CBC.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-27 15:04:14 +02:00
Ronald Cron c27a9074c4 tls13: server: Add comment when trying another sig alg 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-27 10:07:55 +02:00
Xiaokang Qian cb6e96305f Change kex mode string name 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-09-27 08:02:41 +00:00
Ronald Cron b72dac4ed7 Fix PSA identifier of RSA_PKCS1V15 signing algorithms 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-27 09:25:47 +02:00
Andrzej Kurek b510cd2c50 Fix a copy-paste error - wrong macro used 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-26 10:50:22 -04:00
Andrzej Kurek 5603efd525 Improve readability and formatting 
Also use a sizeof instead of a constant for zeroization, as
requested in review.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-26 10:49:16 -04:00
Xiaokang Qian 5beec4b339 Refine ssl_get_kex_mode_str() for easy automatic generation 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-09-26 08:23:45 +00:00