yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
20740 commits 89 branches 205 tags 114 MiB
Commit graph

9156 commits

Author SHA1 Message Date
Jerry Yu 9f7f646b11 Revert "remove psk key when ephemeral selected" 
This reverts commit 5c28e7aa0e.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:59:17 +08:00
Jerry Yu e9d4fc09a3 fix binder value security issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:59:17 +08:00
Jerry Yu 24b8c813c4 fix comments and wrong initial value issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:55:45 +08:00
Jerry Yu 5d01c05d93 fix various issues 
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:55:01 +08:00
Jerry Yu 6cf6b47b5c fix format and comment issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:54:53 +08:00
Jerry Yu 5c28e7aa0e remove psk key when ephemeral selected 
ephemeral is selected, `handshake->psk` must be removed.
Otherwise the encrypt key will be caculate fail.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu 56acc9421c Write key_share base on key_exchange mode. 
In ServerHello, write key share should base on key_exchange mode, not
base on configuration.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu f0bad2554a Continue check next psk key when binder mismatch 
with matched identity and mismatch binder, should check next psk key.
Exit with error will break multi-psk cases.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu 32e1370fbc Add config check for pre_shared_key parser 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu e95c8af266 Align ciphersuite with psk key 
With OpenSSL and GnuTLS client, if the MAC of ciphersuite
does not match selected binder, client will reject connection.
This change is to select ciphersuite base on algo of psk binder.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu ccc68a466e change handshake psk key type for tls13 
PSK key type of TLS1.3 must be HKDF_EXTRACT and the algo is
decided when create binder

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Ronald Cron 295d93ebe8 Add psk handshake with gnutls 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Jerry Yu 40f3771e18 Add handshake psk export function. 
Rename `ssl_tls13_get_psk` and export the
function.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 21:25:35 +08:00
Dave Rodgman 8a9f88899d
Merge pull request #6186 from leorosen/ssl_tls_null_on_invalid_code 
ssl_tls: avoid the appearance of a potential NULL dereferencing
 2022-08-11 10:12:34 +01:00
Leonid Rozenboim e9d8dcdbf5 ssl_tls: avoid the appearance of a potential NULL dereferencing 
Looking at the bigger picture it is clear that if `ssl->session` is NULL,
there will be a failure much earlier, and that is well protected from,
however, the practice of dereferencing a pointer which has not been
verified in prior for validity goes against secure coding practices.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
 2022-08-09 12:34:30 -07:00
Dave Rodgman f421d45869
Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype 
Fix build error due to  missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled
 2022-08-09 11:27:42 +01:00
Dave Rodgman 953ce3962f
Merge pull request #5971 from yuhaoth/pr/add-rsa-pss-rsae-for-tls12 
Add rsa pss rsae for tls12
 2022-08-09 10:21:45 +01:00
Gilles Peskine b3edc1576c
Merge pull request #2602 from edsiper/crt-symlink 
x509_crt: handle properly broken links when looking for certificates
 2022-08-03 13:05:29 +02:00
Gilles Peskine 07e7fe516b
Merge pull request #6088 from tuvshinzayaArm/validation_remove_change_curve 
Validation remove and change in files related to curve in library
 2022-08-03 13:05:16 +02:00
Gilles Peskine 7e1ee0f04b
Merge pull request #6114 from mman/development 
Use double quotes to include private header file psa_crypto_cipher.h
 2022-08-03 13:04:57 +02:00
Martin Man 4741e0b56c Use double quotes to include private header file psa_crypto_cipher.h 
Signed-off-by: Martin Man <mman@martinman.net>
Co-authored-by: Tom Cosgrove <81633263+tom-cosgrove-arm@users.noreply.github.com>
 2022-08-02 12:44:35 +02:00
Aditya Patwardhan 3096f331ee Fix missing prototype warning when MBEDTLS_DEPRECATED_REMOVED is 
enabled

Added the changelog.d entry

Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
 2022-08-02 11:15:18 +05:30
Dave Rodgman 919ff15ecf
Merge pull request #4686 from Kazuyuki-Kimura/patch_#2020 
Fixed a bug that the little-endian Microblaze does not work when MBEDTLS_HAVE_ASM is defined
 2022-07-29 17:08:11 +01:00
Dave Rodgman 27036c9e28
Merge pull request #6142 from tom-cosgrove-arm/fix-comments-in-docs-and-comments 
Fix a/an typos in doxygen and other comments
 2022-07-29 12:59:05 +01:00
Jerry Yu c3bf748dc7 fix vertical alignment 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-29 10:27:17 +08:00
Jerry Yu 09a99fcf8a Add rsa_pss_rsae_* sig algos for tls12 default 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Jerry Yu 379b1ff3a5 remove useless comment 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Jerry Yu 95b743ca17 Rename get_pk_type_and_md_alg 
The function is for both tls12 and tls13 now.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Jerry Yu 693a47ab1d add rsa_pss_rsae_* support in tls12 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-28 23:08:00 +08:00
Tuvshinzaya Erdenekhuu 86669de348 Broke 2 long lines 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-07-28 10:31:16 +01:00
Dave Rodgman aba26d0099
Merge pull request #5963 from tom-daubney-arm/remove_ssl_compression_new 
Remove use of SSL session compression
 2022-07-28 10:28:23 +01:00
Manuel Pégourié-Gonnard f6b8c3297a
Merge pull request #6065 from mpg/explore2 
Driver-only hashes: RSA 1.5 and PK + strategy doc
 2022-07-28 10:43:38 +02:00
Tom Cosgrove ce7f18c00b Fix a/an typos in doxygen and other comments 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-07-28 05:50:56 +01:00
Manuel Pégourié-Gonnard 68429fc44d Fix a few more typos 
Update link while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-27 20:44:02 +02:00
Tuvshinzaya Erdenekhuu 22f3654324 Remove NULL pointer validation in ecp.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-07-27 15:21:48 +01:00
Tuvshinzaya Erdenekhuu a891f83803 Re-introduce ENUM validation in ecjpake.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-07-27 15:20:08 +01:00
Tuvshinzaya Erdenekhuu 2b1ecdaf4e Remove NULL pointer validation in ecjpake.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-07-27 15:20:08 +01:00
Tuvshinzaya Erdenekhuu f69cac784a Reintroduce enum validation ecdh.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-07-27 14:43:38 +01:00
Tuvshinzaya Erdenekhuu 7857caadcd Remove NULL pointer validation in ecdh.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-07-27 14:40:47 +01:00
Tuvshinzaya Erdenekhuu 375950f119 Remove NULL pointer validations in ecdsa.c 
Signed-off-by: Tuvshinzaya Erdenekhuu <tuvshinzaya.erdenekhuu@arm.com>
 2022-07-27 14:28:20 +01:00
Thomas Daubney 31e03a8e15 Replace hard-coded zeroes for constant 
Replace two occurances of hard-coded zero for
MBEDTLS_SSL_COMPRESS_NULL in TLS 1.3 code.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-07-26 16:13:23 +01:00
Thomas Daubney 54e38ea9cd Remove remaining references to compression in docs 
Some references to compression exist in the docs.
This commit removes those instances.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-07-26 16:13:23 +01:00
Thomas Daubney 20f89a9605 Remove uses of SSL compression 
Remove or modify current uses of session compression.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-07-26 16:13:03 +01:00
Manuel Pégourié-Gonnard de9ffe37ab Fix typos in hash_info.[ch] 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-07-26 10:20:52 +02:00
Ronald Cron e579ece305
Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load 
TLS 1.3: Add serialize session save load
I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in  #6123. Thus I am ok to merge it as it is.
 2022-07-23 08:57:11 +02:00
Ronald Cron 340c559cb3
Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks 
TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.
 2022-07-23 08:50:45 +02:00
Jerry Yu 13ab81d5ac Add handshake failure in pre_shared_key withou psk_kex_modes 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:17:11 +08:00
Jerry Yu bc7c1a4260 fix typo/format/name issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:09:40 +08:00
Jerry Yu 438ddd835b Add tls13 session save/load 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:08:43 +08:00
Jerry Yu a66fecebe7 Add endpoint/ticket_flag field for session 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-22 23:08:43 +08:00