mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00

Author	SHA1	Message	Date
Jerry Yu	4caf3ca08c	tls13: srv: Add discard_early_data_record SSL field Add discard_early_data_record in SSL context for the record layer to know if it has to discard some potential early data record and how. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-02 17:31:20 +01:00
Ronald Cron	78a38f607c	tls13: srv: Do not use early_data_status Due to the scope reduction for mbedtls_ssl_read_early_data(), on server as early data state variable we now only need a flag in the handshake context indicating if the server has accepted early data or not. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 20:10:35 +01:00
Ronald Cron	3b9034544e	Revert "tls13: Introduce early_data_state SSL context field" This reverts commit `0883b8b625`. Due to the scope reduction of mbedtls_ssl_read_early_data() it is not necessary anymore to refine the usage of early_data_status/state rather the opposite. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 20:03:57 +01:00
Ronald Cron	ed7d4bfda5	tls13: srv: Simplify mbedtls_ssl_read_early_data() API Do not progress the handshake in the API, just read early data if some has been detected by a previous call to mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or mbedtls_ssl_write(). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:45:07 +01:00
Ronald Cron	0883b8b625	tls13: Introduce early_data_state SSL context field Introduce early_data_state SSL context field to distinguish better this internal state from the status values defined for the mbedtls_ssl_get_early_data_status() API. Distinguish also between the client and server states. Note that the client state are going to be documented and reworked as part of the implementation of mbedtls_ssl_write_early_data(). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:45:04 +01:00
Ronald Cron	7b6ee9482e	tls13: srv: Reject early data in case of HRR Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Jerry Yu	d9ca354dbd	tls13: srv: Add mbedtls_ssl_read_early_data() API Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Jerry Yu	6a5904db45	tls13: srv: Move early data size check placeholder Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Ronald Cron	5d0ae9021f	tls13: srv: Refine early data status The main purpose is to know from the status if early data can be received of not and why. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Valerio Setti	b4f5076270	debug: move internal functions declarations to an internal header file Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-18 15:30:46 +01:00
Gilles Peskine	4d4891e18a	Merge pull request #8666 from valeriosetti/issue8340 Export the mbedtls_md_psa_alg_from_type function	2024-01-18 13:58:55 +00:00
Ronald Cron	3c0072b58e	ssl_ticket.c: Base ticket age check on the ticket creation time Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 10:29:51 +01:00
Ronald Cron	17ef8dfddb	ssl_session: Define unconditionally the endpoint field The endpoint field is needed to serialize/deserialize a session in TLS 1.2 the same way it is needed in the TLS 1.3 case: client specific fields that should not be in the serialized version on server side if both TLS client and server are enabled in the TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:58:19 +01:00
Tom Cosgrove	f1ba1933cf	Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext TLS1.3: SRV/CLI: add support for sending Record Size Limit extension	2024-01-12 13:39:15 +00:00
Ronald Cron	ae2213c307	Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function Harmonise the names and return values of check functions in TLS code	2024-01-11 13:51:39 +00:00
Ronald Cron	7c14afcaaa	Merge pull request #8595 from yanrayw/issue/8593/srv-CH-fix-version-check TLS1.3: SRV: check `min_tls_version` when parsing ClientHello	2024-01-11 13:34:09 +00:00
Waleed Elmelegy	fbe42743eb	Fix issue in checking in writing extensions Fix issue in checking if server received record size limit extension. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Waleed Elmelegy	d2fc90e024	Stop sending record size limit extension if it's not sent from client Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Waleed Elmelegy	47d2946943	tls13: server: write Record Size Limit ext in EncryptedExtensions - add the support in library - update corresponding test cases. Signed-off-by: Yanray Wang <yanray.wang@arm.com> Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Tom Cosgrove	3a6059beca	Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit Comply with the received Record Size Limit extension	2024-01-09 15:22:17 +00:00
Valerio Setti	384fbde49a	library/tests: replace md_psa.h with psa_util.h as include file for MD conversion Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-02 13:27:32 +01:00
Pengyu Lv	94a42ccb3e	Add tls13 in ticket flags helper function names ``` sed -i \ "s/\(mbedtls_ssl\)_\(session_\(\w_\)\?ticket\)/\1_tls13_\2/g" \ library/.[ch] ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 11:12:46 +08:00
Yanray Wang	90acdc65e5	tl13: srv: improve comment Improve comment when received version 1.2 of the protocol while TLS 1.2 is disabled on server side. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-08 11:00:38 +08:00
Yanray Wang	2bef917a3c	tls13: srv: return BAD_PROTOCOL_VERSION if chosen unsupported version Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-08 11:00:35 +08:00
Yanray Wang	177e49ad7a	tls13: srv: improve DEBUG_MSG in case of TLS 1.2 disabled Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-08 11:00:33 +08:00
Yanray Wang	408ba6f7b8	tls13: srv: replace with internal API to check is_tls12_enabled Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-08 11:00:30 +08:00
Pengyu Lv	bc4aab7673	Add "_is_" to functions ssl_tls13_key_exchange_._available Done by command: ``` sed -i \ "s/ssl_tls13_key_exchange_\(.\)_available/ssl_tls13_key_exchange_is_\1_available/g" \ library/*.[ch] ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	b2cfafbb9e	Consistent renaming Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	0a1ff2b969	Consistent renaming Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	4f537f73fa	tls13: rename mbedtls_ssl_session_check_ticket_flags The function is renamed to mbedtls_ssl_session_ticket_has_flags. Descriptions are added. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	d72e858fd1	tls13: srv: rename ssl_tls13_ticket_permission_check The function is renamed to ssl_tls13_ticket_is_kex_mode_permitted Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Pengyu Lv	981ec14744	tls13: rename ssl_tls13_check_*_key_exchange functions Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Jan Bruckner	f482dcc6c7	Comply with the received Record Size Limit extension Fixes #7010 Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-12-06 15:18:08 +00:00
Jerry Yu	95648b0134	Some minor improvement - move early data check to `prepare` - avoid `((void) output_len) - replace check with `session_ticket_allow` in 2nd place Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:21:16 +08:00
Jerry Yu	c59c586ac4	change prototype of `write_early_data_ext` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:21:15 +08:00
Jerry Yu	163e12f7ff	remove assignment for `session->max_early_data_size` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:21:09 +08:00
Jerry Yu	9e7f9bc253	Add missing debug message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:20:22 +08:00
Jerry Yu	db97163ac7	add ticket max_early_data_size check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:20:13 +08:00
Jerry Yu	5233539d9f	share write_early_data_ext function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:50 +08:00
Jerry Yu	0069abc141	improve comments of new session ticket Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:46 +08:00
Jerry Yu	1a160703f8	set max_early_data_size of ticket to keep consistent Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:43 +08:00
Jerry Yu	f135bac89c	Add max_early_data_size check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:39 +08:00
Jerry Yu	930ce4cfac	Revert "change max_early_data_size source" This reverts commit 3d8d6a770f3a0f3045820970bc4a5d6ee7df8e10. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:36 +08:00
Jerry Yu	2f5d93b1c9	Revert "set init value for max_early_data_size in session" This reverts commit 8b02d75ed1af883e135979d24e38c0847e66fede. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:33 +08:00
Jerry Yu	d450fd25ae	change max_early_data_size source Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:31 +08:00
Jerry Yu	525990fb62	set init value for max_early_data_size in session Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:28 +08:00
Jerry Yu	db6fda71e5	improve early data comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:17:51 +08:00
Jerry Yu	10795a0c3b	replace ticket permission set Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:17:48 +08:00
Jerry Yu	c2b1bc4fb6	replace early data permission check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:17:46 +08:00
Jerry Yu	ea96ac3da9	fix various issues - get ticket_flags with function. - improve output message and check it. - improve `ssl_server2` help message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:17:37 +08:00

1 2 3 4 5 ...

477 Commits