token2/mbedtls
0
0
Fork 0
mirror of https://github.com/token2/mbedtls.git synced 2026-03-13 11:14:05 -07:00
Code Issues Packages Projects Releases Wiki Activity
32,156 Commits 174 Branches 272 Tags
master
Commit Graph

1269 Commits

Author SHA1 Message Date
Max Fillinger
6f7cf0e402 Use mbedtls_calloc, not regular calloc 
Also fix the allocation size.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:50 +02:00
Max Fillinger
a442aea2be Fix memory leak in example programs 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:24:49 +02:00
Max Fillinger
951b886801 Create MBEDTLS_SSL_KEYING_MATERIAL_EXPORT option 
Add the option MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to mbedtls_config.h
to control if the function mbedtls_ssl_export_keying_material() should
be available. By default, the option is disabled.

This is because the exporter for TLS 1.2 requires client_random and
server_random need to be stored after the handshake is complete.

Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-04-16 11:20:50 +02:00
Max Fillinger
7b52328f6c Remove TLS 1.2 Exporter if we don't have randbytes 
The TLS-Exporter in TLS 1.2 requires client_random and server_random.
Unless MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined, these aren't stored
after the handshake is completed.

Therefore, mbedtls_ssl_export_keying_material() exists only if either
MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined or MBEDTLS_SSL_PROTO_TLS1_2
is *not* defined.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:20:50 +02:00
Max Fillinger
948e15d3b7 Fix typos in comments 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:20:50 +02:00
Max Fillinger
9359f4d703 Fix coding style 
Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-04-16 11:20:49 +02:00
Max Fillinger
77a447ba97 Actually set exporter defaults in ssl_client2 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:20:49 +02:00
Max Fillinger
de3d5fdc83 Add TLS-Exporter options to ssl_client2 
Prints out the exported key on the command line for testing purposes.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:20:49 +02:00
Max Fillinger
90ed7f7f5e Add TLS-Exporter options to ssl_server2 
The program prints out the derived symmetric key for testing purposes.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-04-16 11:20:49 +02:00
Minos Galanakis
7a95d16a31 Merge branch 'mbedtls-3.6-restricted' into mbedtls-3.6.3rc0-pr 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-18 16:28:26 +00:00
Minos Galanakis
dfc8e43614 Merge remote-tracking branch 'upstream/mbedtls-3.6' into pre-3.6.3-upstream-merge 2025-03-14 14:23:23 +00:00
Minos Galanakis
eec6eb9cd4 programs -> ssl_client2.c: Added option renego_delay to set record buffer depth. 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-14 00:10:10 +00:00
Gilles Peskine
b6102b6ccf Fix Doxygen markup 
Pacify `clang -Wdocumentation`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-03-05 17:03:20 +01:00
Gilles Peskine
e0f1240cd5 Merge remote-tracking branch 'mbedtls-3.6' into tls-defragmentation-merge-3.6-20250303 2025-03-02 21:16:08 +01:00
Harry Ramsey
061e0f5466 Update paths for moved program files in CMakeLists 
This commit fixes the paths of program files which were moved to the
MbedTLS Framework.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2025-02-20 14:51:26 +00:00
Harry Ramsey
dab817a4c6 Update include paths in C files 
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2025-02-20 14:51:26 +00:00
Gilles Peskine
c52273d017 Add a note about badmac_seen's new name in ssl_context_info 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-18 14:11:25 +01:00
Gilles Peskine
b3de9da6b0 mbedtls_ssl_set_hostname tests: baseline 
Test the current behavior.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-13 21:24:01 +01:00
Gilles Peskine
2a8acc41b2 Make guards more consistent between X.509-has-certs and SSL-has-certs 
Fix some build errors when MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED is false
but MBEDTLS_X509_CRT_PARSE_C is enabled. This is not a particularly useful
configuration, but for quick testing, it's convenient for it to work.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-13 20:57:32 +01:00
Gilles Peskine
154269d25b Fix Doxygen markup 
Pacify `clang -Wdocumentation`.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-13 20:57:12 +01:00
David Horstmann
1d9b033067 Add SSL-related test includes to ssl programs 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-11-14 14:19:42 +00:00
David Horstmann
dcf42a0b53 Update references to test helpers 
Replace:
* tests/src -> framework/tests/src
* tests/include -> framework/tests/include

Except for occurrences of:
* tests/src/test_helpers (since this only contains ssl_helpers.c)
* tests/src/test_certs.h
* tests/include/alt_dummy

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-11-14 14:19:40 +00:00
Paul Elliott
346d2f4e58 Merge pull request #9731 from gilles-peskine-arm/coverity-20241004-3.6 
Backport 3.6: Fix edge cases of mbedtls_psa_raw_to_der and mbedtls_psa_der_to_raw
 2024-11-06 19:02:54 +00:00
Bence Szépkúti
5544b280ed Merge pull request #9118 from jetm/ssl-client2-get-req-host-3.6 
Backport 3.6: ssl_client2: Add Host to HTTP GET request
 2024-10-31 11:32:55 +00:00
Gilles Peskine
f7b62e063d Remove unreachable assignments 
This is harmless, but we might as well remove the unreachable line. If we
ever add a break to the loop and we don't think of changing the surrounding
code, it would make more sense not to set exit_code to SUCCESS.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-10-28 10:09:18 +01:00