AuroraMiddleware/mbedtls
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
15,273 Commits 1 Branch 0 Tags 61 MiB
fc1f4135c3
Commit Graph

6622 Commits

Author SHA1 Message Date
Hanno Becker
fc1f4135c3 Use memset( x, 0, sizeof( x ) ) to clear local structure 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 14:57:54 +01:00
Hanno Becker
78196e366f Fix search for outdated entries in SSL session cache 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 14:55:15 +01:00
Hanno Becker
c3f4a97b8f Don't infer last element of SSL session cache twice 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 14:54:24 +01:00
Hanno Becker
466ed6fd08 Improve local variable naming in SSL session cache implementation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 14:54:00 +01:00
Hanno Becker
5cf6f7eafe Fix swapping of first and last entry in SSL session cache 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 14:45:04 +01:00
Hanno Becker
006f2cce2e Fix compile-time guard in session cache implementation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 04:57:44 +01:00
Hanno Becker
b94fdae3c3 Improve code structure for session cache query 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-14 04:57:40 +01:00
Hanno Becker
845ceb7cc8 Improve readability and efficiency of SSL cache reference impl 
The reference session cache implementation may end up storing multiple
sessions associated to the same session ID if the set()-call for the
second session finds an outdated cache entry prior to noticing the entry
with the matching session ID. While this logically overwrites the existing
entry since we always search the cache in order, this is at least a waste
of resources.

This commit fixes this by always checking first whether the given ID is
already present in the cache.

It also restructures the code for easier readability.

Fixes #4509.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-13 07:11:30 +01:00
Hanno Becker
f47199da26 Improve naming of helper function for reference session cache 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-13 07:09:09 +01:00
Hanno Becker
df56402623 Fix memory leak upon ciphersuite mismatch during session resumption 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-13 07:09:06 +01:00
Hanno Becker
7ad77963d1 Use shorthand local variable for session under negotiation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-13 06:13:34 +01:00
Hanno Becker
f6e09c6f83 Don't use ssl_check_xxx() for functions with void return 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-13 06:12:38 +01:00
Hanno Becker
aee4cc4cbb Use sizeof() instead of magic constant 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 16:49:32 +01:00
Hanno Becker
a5b1a3945b Don't use 0-initializer for structs 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 16:48:01 +01:00
Hanno Becker
7e6eb9fa27 Simplify SSL session cache implementation via session serialization 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 10:47:40 +01:00
Hanno Becker
f938c436fb Add helper function to find entry in SSL session cache 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 10:47:40 +01:00
Hanno Becker
02a68ebc0e Add helper function to finding a fresh entry in the SSL cache 
This commit improves the readability of the SSL session cache
reference implementation of mbedtls_ssl_cache_set() by moving
the logic for finding a suitable free slot for the session to
store into a static helper function.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 10:47:40 +01:00
Hanno Becker
ccdaf6ed22 Add session ID as explicit parameter to SSL session cache API 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 10:47:40 +01:00
Hanno Becker
a637ff6ddd Introduce typedef for SSL session cache callbacks 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 10:47:40 +01:00
Hanno Becker
64ce974180 Don't check ciphersuite and compression in SSL session cache lookup 
Session-ID based session resumption requires that the resumed session
is consistent with the client's ClientHello in terms of choice of
ciphersuite and choice of compression.

This check was previously assumed to be performed in the session cache
implementation, which seems wrong: The session cache should be an id-based
lookup only, and protocol specific checks should be left to Mbed TLS.

This commit
- adds an explicit ciphersuite and compression consistency check after
  the SSL session cache has been queried
- removes the ciphersuite and compression consistency check from
  Mbed TLS' session cache reference implementation.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-04-15 10:47:40 +01:00
Dave Rodgman
3b5e6f0b30 Fix some errors relating to header file renames 
Fix some errors due to renaming of header files in the 3.0 branch.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-07 16:36:53 +01:00
Dave Rodgman
73e3e2cb1a Merge remote-tracking branch 'origin/development' into development_new 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>

Conflicts:
        include/mbedtls/check_config.h: nearby edits
	library/entropy.c: nearby edits
	programs/random/gen_random_havege.c: modification vs. removal
	programs/ssl/ssl_test_lib.h: nearby edits
	programs/test/cpp_dummy_build.cpp: nearby edits
	visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
            regenerated with scripts/generate_visualc_files.pl
 2021-04-07 16:31:09 +01:00
Dave Rodgman
b746825418 Capitalise MPS trace macros 
Capitalise the MPS trace macros, as per the coding style (and make a slight
change to naming convention to avoid a name collision).

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-04-07 12:45:35 +01:00
Gilles Peskine
7bc6a3749c
Merge pull request #3183 from meuter/development 
RSA PSS signature generation with the option to specify the salt length
 2021-04-06 21:36:06 +02:00
Gilles Peskine
889828d0b4
Merge pull request #4279 from ronald-cron-arm/fix-invalid-id-error-code 
Fix error code when creating/registering a key with invalid id
 2021-04-06 18:46:30 +02:00
Ronald Cron
6cc6631015 psa: Return in error when requested to copy a key to an opaque driver 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-04-02 12:27:47 +02:00
Gilles Peskine
d5200371ec
Merge pull request #3512 from gilles-peskine-arm/ecp-alloc-202007 
Reduce the number of allocations in ECP operations
 2021-04-02 00:08:35 +02:00
Ronald Cron
77e412cd71 psa: Fix error code when creating/registering a key with invalid id 
When creating a persistent key or registering a key
with an invalid key identifier return
PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_INVALID_HANDLE.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-04-01 14:05:41 +02:00
Ronald Cron
de825e62a6 psa: Fix psa_validate_key_persistence documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-04-01 14:05:41 +02:00
Ronald Cron
2af9641a7d
Merge pull request #4198 from maulik-arm/maulik-arm/fix-4162 
PSA Update return code for non-existing key in various key operations
 2021-04-01 13:27:31 +02:00
Gilles Peskine
bf792e0a82
Merge pull request #3616 from militant-daos/bug_3175 
Fix premature fopen() call in mbedtls_entropy_write_seed_file
 2021-03-30 17:33:08 +02:00
Hanno Becker
ecb02fbbc5 Apply suggestions from code review 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
d4d33a1b6b Remove unnecessary check before calling memcpy() 
This check was added earlier to avoid useless calls to `memcpy()`
with length `0` in the _frequent_ case where we're not accumulating.
By now, the whole code path has been moved to a branch which is only
executed if the reader is accumulating, and the only time this check
would be relevant is if we happen to feed an empty fragment to the
reader. In this case, the call to memcpy() could be removed, but
since this case is exceptional and the call to memcpy() is still
correct even for a length 0 copy, we remove the check for simplicity
of the code.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
032b352684 Improve naming of local variables in MPS reader implementation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
43c8f8cf79 Put MPS under the umbrella of the TLS 1.3 experimental configuration 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
61d7eedcb5 Fix Doxygen headers for MPS files 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
2332f8f435 Rename static variable for MPS trace depth 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
77e4f485e1 Move illustration of (un)supported cases in MPS reader documentation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
97c8e930e2 Fix diagram in documentation of MPS reader 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
1682a8b6fe Don't use abbreviated names for local variables in MPS reader 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
b9c086adc5 Use int pointer for paused param in mbedtls_mps_reader_reclaim() 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
fea81b3997 Improve and fix wording in MPS reader documentation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
f1cfa319c4 Fix typos in documentation of MBEDTLS_ERR_MPS_READER_NEED_MORE 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
d913e2e982 Remove duplicate definition of MBEDTLS_MPS_ERR_BASE 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
4a079c5be7 Fix documentation for mbedtls_mps_[stored_]size_t 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
46101c76f9 Improve wording of documentation of mbedtls_mps_size_t 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
6e3484e123 Clarify documentation of MBEDTLS_MPS_STATE_VALIDATION 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
53314aade1 Adjust spacing for MPS reader entries in library/Makefile 
Existing entries use combination of tabs and spaces, for whatever reason.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
3d0db81690 Fix typo in MPS reader documentation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00
Hanno Becker
8fc107c9fb Clarify wording in MPS reader documentation 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-03-29 14:20:18 +01:00