yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
19267 commits 89 branches 205 tags 114 MiB
Commit graph

219 commits

Author SHA1 Message Date
Ronald Cron 82c785fac3 Make handshake::min_minor_ver client only 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-31 15:44:41 +02:00
Ronald Cron f660655b84 TLS: Allow hybrid TLS 1.2/1.3 in default configurations 
This implies that when both TLS 1.2 and TLS 1.3
are included in the build all the TLS 1.2 tests
using the default configuration now go through
a version negotiation on the client side.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron e71639d39b Simplify TLS major version default value setting 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron fbd9f99f10 ssl_tls.c: Move some client specific functions to ssl_client.c 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron 4079abc7d1 ssl_client.c: Adapt extensions writing to the TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron 11e1857f5e ssl_client.c: Fix key share code guards 
In TLS 1.3 key sharing is not restricted to key
exchange with certificate authentication. It
happens in the PSK and ephemeral key exchange
mode as well where there is no certificate
authentication.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 18:58:31 +02:00
Ronald Cron d491c2d779 ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:17:57 +02:00
Ronald Cron 86a477f5ee ssl_client.c: Adapt initial version selection to TLS 1.2 case 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Ronald Cron 3d580bf4bd Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 17:00:29 +02:00
Ronald Cron 8f6d39a81d Make some handshake TLS 1.3 utility routines available for TLS 1.2 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron 90f012037d ssl_tls12_server.c: Simplify TLS version check in ClientHello 
The TLS server code only support TLS 1.2 thus simplify
the check of the version proposed by the client.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron 4dcbca952e ssl_tls.c: Move mbedtls_ssl_set_calc_verify_md() to TLS 1.2 section 
In ssl_tls.c, move mbedtls_ssl_set_calc_verify_md() under the
"if defined(MBEDTLS_SSL_PROTO_TLS1_2)" pre-processor directive
as it is specific to TLS 1.2.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:42:17 +02:00
Ronald Cron de1adee51a Rename ssl_cli/srv.c 
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-29 14:39:49 +02:00
Ronald Cron 63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512 
Add rsae sha384 sha512
 2022-03-29 14:01:51 +02:00
XiaokangQian 20438976f9 Change comments and styles base on review 
Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 08:09:29 +00:00
XiaokangQian 9b93c0dd8d Change cookie parameters for dtls and tls 1.3 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
XiaokangQian 25c9c9023c Refine cookie len to fix compile issues 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-03-25 07:50:56 +00:00
Jerry Yu 6c6f10265d fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-25 11:09:50 +08:00
Jerry Yu e26acee896 Refactor guards for sig algs 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 21:01:33 +08:00
Jerry Yu f8aa9a44aa fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 20:54:38 +08:00
Jerry Yu 8c3388620d create sig_alg decode function 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 13:34:04 +08:00
Jerry Yu 0c23fc39c3 fix various guards issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-23 12:20:01 +08:00
Jerry Yu cef3f33012 Guard rsa sig algs with rsa_c and pkcs1_v{15,21} 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 23:16:42 +08:00
Jerry Yu 3a58b462b6 add pss_rsae_sha{384,512} 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Manuel Pégourié-Gonnard f4042f076b
Merge pull request #5573 from superna9999/5176-5177-5178-5179-tsl-record-hmac 
TLS record HMAC
 2022-03-21 11:36:44 +01:00
Ronald Cron 8d7afc642c
Merge pull request #5523 from ronald-cron-arm/one-flush-output-development 
TLS 1.3: One flush output
 2022-03-21 08:44:04 +01:00
Manuel Pégourié-Gonnard 10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data 
server certificate selection callback
 2022-03-10 11:51:42 +01:00
Ronald Cron 00d012f2be Fix type of force_flush parameter 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Ronald Cron 66dbf9118e TLS 1.3: Do not send handshake data in handshake step handlers 
Send data (call to mbedtls_ssl_flush_output()) only from
the loop over the handshake steps. That way, we do not
have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE
error code) on the network in handshake step handlers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-03-09 07:51:52 +01:00
Manuel Pégourié-Gonnard d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c 
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
 2022-03-08 11:43:45 +01:00
Glenn Strauss 6989407261 Add accessor to retrieve SNI during handshake 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Neil Armstrong cf8841a076 Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined 
Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.

Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-25 15:16:49 +01:00
Neil Armstrong 39b8e7dde4 Add, Initialize & Free HMAC keys in mbedtls_ssl_transform 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-02-23 09:24:57 +01:00
Jerry Yu 3e536442f5 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu a23b9d954c fix undefine error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 1bb5a1ffe3 Implement received sig_algs check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 90f152dfac fix psk only build fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 8511f125af Add certificteVerify 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu 5cc3506c9f Add write certificate and client handler 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-22 10:17:58 +08:00
Jerry Yu bef175db96 Wrap derive_keys with TLS1_2 option 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu 7d2396332d fix wrong setting of max_minor version 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu c5aef88be6 tls13_only: guard ssl_{cli,srv}.c with TLS1_2 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Jerry Yu c3091b1c8c tls13_only: compile pass 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-21 09:06:00 +08:00
Manuel Pégourié-Gonnard e14b644f4d
Merge pull request #5456 from mpg/cleanup-ecdh-psa 
Cleanup PSA-based ECDHE in TLS 1.2
 2022-02-15 09:09:07 +01:00
Przemyslaw Stekiel b15f33d496 Enable ecdh_psa_xxx fields in struct mbedtls_ssl_handshake_params for TLS 1.3 
These fields need to be enabled for 1.3 even if MBEDTLS_USE_PSA_CRYPTO isn't (1.3 should always use PSA).

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-10 15:24:27 +01:00
Manuel Pégourié-Gonnard 62b49cd06a
Merge pull request #5472 from yuhaoth/pr/move-client-auth 
Move client_auth to handshake
 2022-02-09 10:57:00 +01:00
Ronald Cron 6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request 
add tls1_3 read certificate request
 2022-02-09 09:51:55 +01:00
Jerry Yu 5c7d1cce97 fix typo error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-08 21:08:29 +08:00
Jerry Yu 2d9a694088 change type of client_auth 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-08 21:07:10 +08:00
Xiaofei Bai 51f515a503 update based on comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-02-08 07:28:04 +00:00