mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-07 06:42:56 +03:00

Author	SHA1	Message	Date
Ronald Cron	feb577a949	Fix TLS 1.2 session serialization on server side Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:58:19 +01:00
Ronald Cron	7b1921ac57	Add endpoint in TLS 1.2 session serialization data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:58:19 +01:00
Ronald Cron	17ef8dfddb	ssl_session: Define unconditionally the endpoint field The endpoint field is needed to serialize/deserialize a session in TLS 1.2 the same way it is needed in the TLS 1.3 case: client specific fields that should not be in the serialized version on server side if both TLS client and server are enabled in the TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:58:19 +01:00
Ronald Cron	ba5165e09a	ssl_ticket.c: Fix ticket lifetime enforcement Take into account that the lifetime of tickets can be changed through the mbedtls_ssl_ticket_rotate() API. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:58:15 +01:00
Ronald Cron	e34f124ff1	ssl_ticket.c: Remove pedantic server endpoint check When calculating the ticket age, remove the check that the endpoint is a server. The module is supposed to be used only server side. Furthermore, if such check was necessary, it should be at the beginning of all ssl_ticket.c APIs. As there is no such protection in any API, just remove the check. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:56:40 +01:00
Ronald Cron	3c3e2e62f6	ssl_ticket.c: Remove TLS server guard The ticket module is removed from the build if the TLS server is not in the build now thus no need for the guard. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:54:29 +01:00
Ronald Cron	ce72763f78	ssl_ticket.c: Remove client code ssl_ticket.c is a server module. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:52:55 +01:00
Tom Cosgrove	bc5d9165ae	Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile TLS: remove RSA signature algorithms in `suite B` profile	2024-01-12 14:34:28 +00:00
Tom Cosgrove	f1ba1933cf	Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext TLS1.3: SRV/CLI: add support for sending Record Size Limit extension	2024-01-12 13:39:15 +00:00
Waleed Elmelegy	f0ccf46713	Add minor cosmetic changes to record size limit changelog and comments Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-12 10:52:45 +00:00
BensonLiou	57cf55233e	Merge branch 'development' of https://github.com/Mbed-TLS/mbedtls into random_bye_on_hrr	2024-01-12 17:53:06 +08:00
BensonLiou	35178fe7ec	Do not generate new random number while receiving HRR Signed-off-by: BensonLiou <momo1208@gmail.com>	2024-01-12 17:52:31 +08:00
Ronald Cron	ae2213c307	Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function Harmonise the names and return values of check functions in TLS code	2024-01-11 13:51:39 +00:00
Ronald Cron	7c14afcaaa	Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check TLS1.3: SRV: check `min_tls_version` when parsing ClientHello	2024-01-11 13:34:09 +00:00
Valerio Setti	19ec9e4f66	psa_crypto_ecp: remove support for secp224k1 Since this curve is not supported in PSA (and it will not ever be in the future), we save a few bytes. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-11 07:07:14 +01:00
Paul Elliott	f149cd1a3a	Merge pull request #8688 from jwinzig-at-hilscher/development Fix bug in mbedtls_x509_set_extension	2024-01-10 16:57:16 +00:00
Kusumit Ghoderao	7d4db631cf	add depends on for capacity tests and fix code style Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2024-01-10 21:49:09 +05:30
Kusumit Ghoderao	d3f70d321a	fix unused variable warning and other fixes Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2024-01-10 21:49:09 +05:30
Kusumit Ghoderao	86e83dd4a7	Add kdf_set_max_capacity function Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2024-01-10 21:49:09 +05:30
Kusumit Ghoderao	a0907f5750	Reorder and correct comment Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2024-01-10 21:49:09 +05:30
Kusumit Ghoderao	5f3a938d95	Fix psa_key_derivation_setup_kdf Signed-off-by: Kusumit Ghoderao <Kusumit.Ghoderao@silabs.com>	2024-01-10 21:49:09 +05:30
Waleed Elmelegy	3ff472441a	Fix warning in ssl_tls13_generic.c Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	f501790ff2	Improve comments across record size limit changes Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	fbe42743eb	Fix issue in checking in writing extensions Fix issue in checking if server received record size limit extension. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Waleed Elmelegy	e1ac98d888	remove mbedtls_ssl_is_record_size_limit_valid function Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Waleed Elmelegy	d2fc90e024	Stop sending record size limit extension if it's not sent from client Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Waleed Elmelegy	148dfb6457	Change record size limit writing function Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Waleed Elmelegy	47d2946943	tls13: server: write Record Size Limit ext in EncryptedExtensions - add the support in library - update corresponding test cases. Signed-off-by: Yanray Wang <yanray.wang@arm.com> Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Yanray Wang	42017cd4c9	tls13: cli: write Record Size Limit ext in ClientHello - add the support in library - update corresponding test case Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2024-01-10 16:17:27 +00:00
Yanray Wang	faf70bdf9d	ssl_tls13_generic: check value of RecordSizeLimit in helper function Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2024-01-10 16:17:27 +00:00
Yanray Wang	a8b4291836	tls13: add generic function to write Record Size Limit ext Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2024-01-10 16:17:27 +00:00
Janos Follath	890c74447d	Merge pull request #1123 from yanesca/fix-marvin-attack Fix for the Marvin attack	2024-01-10 12:16:57 +00:00
Jonathan Winzig	5caf20ea80	Update fix to be more platform-independent Co-authored-by: David Horstmann <david.horstmann@arm.com> Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>	2024-01-09 16:41:10 +01:00
Tom Cosgrove	3a6059beca	Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit Comply with the received Record Size Limit extension	2024-01-09 15:22:17 +00:00
Jonathan Winzig	05c722bfd0	Fix Issue #8687 Signed-off-by: Jonathan Winzig <jwinzig@hilscher.com>	2024-01-09 15:20:03 +01:00
Valerio Setti	39faa9cad4	psa_util: rename parameter of mbedtls_ecc_group_from_psa The new name better reflects the fact that the 1st parameter is just the EC family and not the curve. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:53 +01:00
Valerio Setti	0d438fa390	psa_crypto_ecp: fix comment for secp224k1 in check_ecc_parameters Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:52 +01:00
Valerio Setti	7863627bd6	psa_util: remove support for secp224k1 in EC conversion functions Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:52 +01:00
Valerio Setti	65df79303f	psa_crypto_ecp: return unsupported for secp224k1 in check_ecc_parameters() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:52 +01:00
Valerio Setti	0bc8598d20	psa_util: properly handle secp224r1 private key size Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:52 +01:00
Valerio Setti	0e608807e3	psa: let mbedtls_ecc_group_from_psa() accept only exact bit lengths Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:52 +01:00
Valerio Setti	673868be5d	psa_crypto_ecp: add helper for checking EC parameters This commit also updates "test_suite_psa_crypto.data" replacing PSA_ERROR_NOT_SUPPORTED with PSA_ERROR_INVALID_ARGUMENT when a wrong bit size is provided while importing key. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:52 +01:00
Valerio Setti	d36c313b53	psa: remove bits_is_sloppy parameter from mbedtls_ecc_group_from_psa() Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:52 +01:00
Valerio Setti	ddba51e6c9	psa: rename "mbedtls_ecc_group_of_psa" to "mbedtls_ecc_group_from_psa" Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 13:41:52 +01:00
Valerio Setti	dd2afcd881	Revert "psa_util: add algorithm's availability checks for MD conversion functions" This reverts commit `3d2e0f5f42`. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-09 08:41:29 +01:00
Manuel Pégourié-Gonnard	4aad0ff510	Merge pull request #8632 from valeriosetti/issue8598 [G5] Make block_cipher work with PSA	2024-01-08 08:07:53 +00:00
Waleed-Ziad Maamoun-Elmelegy	e2d3db5cfc	Update mbedtls_ssl_get_output_record_size_limit signature Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Waleed-Ziad Maamoun-Elmelegy <122474370+waleed-elmelegy-arm@users.noreply.github.com>	2024-01-05 14:19:16 +00:00
Ryan Everett	6a9c14b918	Update mbedtls_psa_get_stats Uses readers to report "locked_slots", and slot state empty to report "empty_slots". Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-04 16:57:48 +00:00
Ryan Everett	6cd2b8db96	Update psa_wipe_all_key_slots This will still wipe the slot regardless of state/readers. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-04 16:57:48 +00:00
Ryan Everett	1b70a07eca	Replace psa_unlock_key_slot calls in operations which act on FULL slots Replaces calls to psa_unlock_key_slot with calls to psa_unregister_read. All instances follow a pattern of a call to psa_get_and_lock_key_slot_X, followed by some code which reads from a slot, followed by a call to psa_unregister_read. Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-01-04 16:57:48 +00:00

... 13 14 15 16 17 ...

13425 Commits