cuberite/polarssl
1
0
Fork 0
mirror of https://github.com/cuberite/polarssl.git synced 2025-10-05 11:34:26 -04:00
Code Issues Packages Projects Releases Wiki Activity
24,261 Commits 7 Branches 115 Tags
Commit Graph

720 Commits

Author SHA1 Message Date
Paul Elliott
d01a3bca05 Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback 
Mbed TLS 3.4.0
 2023-03-27 18:09:49 +01:00
Manuel Pégourié-Gonnard
93302422fd Fix instances of old feature macros being used 
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data

Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-24 10:43:40 +01:00
Paul Elliott
f1eb5e2a04 Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-21 15:35:17 +00:00
Jan Bruckner
151f64283f Add parsing for Record Size Limit extension in TLS 1.3 
Fixes #7007

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-03-14 08:41:25 +01:00
Paul Elliott
e4622a3436 Merge remote-tracking branch 'development/development' into development-restricted 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-13 17:49:32 +00:00
Gilles Peskine
5b7e1644a7 Document the need to call psa_crypto_init() with USE_PSA_CRYPTO 
When MBEDTLS_USE_PSA_CRYPTO is enabled, the application must call
psa_crypto_init() before directly or indirectly calling cipher or PK code
that will use PSA under the hood. Document this explicitly for some
functions.

To avoid clutter, this commit only documents the need to call
psa_crypto_init() in common, non-obvious cases: parsing a public key
directly or via X.509, or setting up an SSL context. Functions that are
normally only called after such a function (for example, using an already
constructed PK object), or where the need for PSA is obvious because they
take a key ID as argument, do not need more explicit documentaion.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-01 20:10:29 +01:00
Gilles Peskine
8c2830a06a Document what "TLS 1.3 depends on PSA" entails 
Explicitly document that when using TLS 1.3, you must initialize PSA crypto
before starting a handshake.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-03-01 20:06:35 +01:00
Ronald Cron
ee54de02b1 Fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-24 12:06:30 +01:00
Ronald Cron
1aa6e8d6e9 Restore same PSK length enforcement 
Restore same PSK length enforcement in
conf_psk and set_hs_psk, whether the
negotiated protocol is TLS 1.2 or TLS 1.3.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-02-23 09:48:50 +01:00
Gilles Peskine
b009559c8f
Merge pull request #7049 from KloolK/typos 
Fix typos
 2023-02-10 15:07:07 +01:00
Xiaokang Qian
ea28a78384 Revert new field and check ciphersuite match when resume by exist info_id 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian
33ff868dca Fix various errors 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian
f10f474981 Check server selected cipher suite indicating a Hash associated with the PSK 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian
592021aceb Add CCS after client hello in case of early data and comp mode 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:47:47 +00:00
Xiaokang Qian
5b410075cf Remove useless comments about handshake messages for TLS13 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:46:48 +00:00
Xiaokang Qian
125afcb060 Add end-of-early-data write 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2023-02-08 05:43:58 +00:00
Jan Bruckner
1aabe5c4d7 Fix typos 
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2023-02-06 12:54:53 +01:00
Pengyu Lv
acecf9c95b make ticket_flags param types consistent 
When ticket_flags used as parameter, use unsigned int,
instead of uint8_t or mbedtls_ssl_tls13_ticket_flags.Also
remove the definition of mbedtls_ssl_tls13_ticket_flags.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-16 11:23:24 +08:00
Pengyu Lv
189465306d remove MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE error 
Return MBEDTLS_ERR_ERROR_GENERIC_ERROR when ticket_flags
are not compatible with advertised key exchange mode.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:06:00 +08:00
Pengyu Lv
a1aa31b8b1 fix review comments 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:58 +08:00
Pengyu Lv
3eb49be6a8 move kex mode check in ticket_flags to psks_check_identity_match_ticket 
Move the kex mode check in ticket_flags to
ssl_tls13_offered_psks_check_identity_match_ticket and add new error
'MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE' to indicate the check
failure.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:55 +08:00
Gilles Peskine
449bd8303e Switch to the new code style 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-11 14:50:10 +01:00
Gilles Peskine
cd0a565644
Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype 
TLS 1.3: Upstream misc fix from prototype
 2023-01-05 14:35:54 +01:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599 
Allow isolation of EC J-PAKE password when used in TLS
 2022-12-14 11:04:33 +01:00
Jerry Yu
2e19981e17 tls13: guards transform negotiate 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-09 09:51:20 +08:00
Valerio Setti
c689ed8633 tls: pake: minor adjustments 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-07 14:40:38 +01:00
Ronald Cron
fbba0e9d75
Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface 
TLS 1.3: Refactor early data configuration interface.
 2022-12-07 09:42:12 +01:00
Jerry Yu
12c46bd14f fix various issues 
- disable reuse of max_early_data_size.
- make conf_early_data available for server.
- various comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-06 11:02:51 +08:00
Tom Cosgrove
1797b05602 Fix typos prior to release 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-04 17:19:59 +00:00
Valerio Setti
e98db0b866 tls: pake: fix description for mbedtls_ssl_set_hs_ecjpake_password_opaque 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-01 16:52:57 +01:00
Jerry Yu
cc4e007ff6 Add max_early_data_size to mbedtls_ssl_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-01 23:11:48 +08:00
Manuel Pégourié-Gonnard
ffc330fafa
Merge pull request #6264 from hannestschofenig/rfc9146_2 
CID update to RFC 9146
 2022-11-29 09:25:14 +01:00
Valerio Setti
a9a97dca63 psa_pake: add support for opaque password 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-28 18:26:16 +01:00
Hannes Tschofenig
6b6b63f039 Added closing SECTION of doxygen markup 
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-11-25 11:19:05 +01:00
Ronald Cron
4a8c9e2cff tls13: Add definition of mbedtls_ssl_{write,read}_early_data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-23 14:29:37 +01:00
Manuel Pégourié-Gonnard
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847 
Use PSA EC-JPAKE in TLS (1.2) - Part 2
 2022-11-23 13:27:30 +01:00
Ronald Cron
cb0e680779
Merge pull request #6476 from yuhaoth/pr/fix-tls13-mbedtls_ssl_is_handshake_over 
TLS 1.3: Fix tls13 mbedtls ssl is handshake over
 2022-11-23 12:12:02 +01:00
Ronald Cron
da13072c5b tls13: Make ..._RECEIVED_NEW_SESSION_TICKET experimental 
We are considering using a callback instead.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-11-22 13:21:13 +01:00
Jerry Yu
a8d3c5048f Rename new session ticket name for TLS 1.3 
NewSessionTicket is different with TLS 1.2.
It should not share same state.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:35 +08:00
Jerry Yu
5ed73ff6de Add NEW_SESSION_TICKET* into handshake over states 
All state list after HANDSHAKE_OVER as is_handshakeover

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:34 +08:00
Jerry Yu
0b61217c36 set new_session_ticket_* to handshake_over 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-11-19 20:12:34 +08:00
Valerio Setti
aca21b717c tls: psa_pake: enforce not empty passwords 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-17 18:20:50 +01:00
Xiaokang Qian
51c5a8b561 Update ticket flag macros 
Define the ALLOW_PSK_RESUMPTION and ALLOW_PSK_EPHEMERAL_RESUMPTION
to the key exchange mode EXCHANGE_MODE_PSK and
EXCHANGE_MODE_PSK_EPHEMERAL to facilate later check.
Since they are 1( 1u<<0 ) and 4( 1u<<2 ), so define
ALLOW_EARLY_DATA to 8( 1u<<3 ).

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-16 08:32:51 +00:00
Xiaokang Qian
2cd5ce0c6b Fix various issues cause rebase to latest code 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-15 10:33:53 +00:00
Xiaokang Qian
72b9b17e11 Add comments to fix mini format issue 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-15 02:51:27 +00:00
Dave Rodgman
d384b64dd2
Merge branch 'development' into rfc9146_2 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-11-14 17:43:15 +00:00
Xiaokang Qian
de95604f6c Update ticket_flags related macros 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:22 +00:00
Xiaokang Qian
fe3483f9a1 Update early data doument and config dependencies 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:22 +00:00
Xiaokang Qian
ae07cd995a Change ticket_flag base on review 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:22 +00:00
Xiaokang Qian
29ee43c0e1 Update document base on comments 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:16:22 +00:00