mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-31 21:50:31 +03:00

Author	SHA1	Message	Date
Harry Ramsey	0f6bc41a22	Update includes for each library file Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>	2024-10-09 11:18:50 +01:00
Gilles Peskine	9ca9b924cc	Reduce level of non-error debug message Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-09-24 18:59:31 +02:00
Gilles Peskine	dfbc1a9769	Remove transitional always-on internal option Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-09-24 18:59:31 +02:00
Gilles Peskine	73a406ee60	Separate accepting TLS 1.3 middlebox compatibility from sending it The compile-time option MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE gates both support for interoperability with a peer that uses middlebox compatibility mode, and support for activating that mode ourselves. Change code that is only needed for interoperability to be guarded by MBEDTLS_SSL_TLS1_3_ACCEPT_COMPATIBILITY_MODE. As of this commit, MBEDTLS_SSL_TLS1_3_ACCEPT_COMPATIBILITY_MODE is always enabled: there is no way to disable it, and there are no tests with it disabled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-09-24 18:58:49 +02:00
Ronald Cron	cf47a15e96	ssl_msg.c: Rename _check_new_session_ticket to _is_new_session_ticket Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-04-02 17:46:52 +02:00
Ronald Cron	7df18bc210	tls13: cli: Ignore tickets if not supported If a TLS 1.3 client receives a ticket and the feature is not enabled, ignore it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-27 09:37:37 +01:00
Ronald Cron	3641df2980	tls13: cli: Rename STATE_SENT to STATE_IND_SENT Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	05d7cfbd9c	tls13: cli: Rename STATE_UNKNOWN to STATE_IDLE Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	d2884662c1	tls13: cli: Split early data user status and internal state Do not use the return values of mbedtls_ssl_get_early_data_status() (MBEDTLS_SSL_EARLY_DATA_STATUS_ macros) for the state of the negotiation and transfer of early data during the handshake. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:15 +01:00
Ronald Cron	61fd13c6a5	Merge remote-tracking branch 'mbedtls/development' into tls13-cli-max-early-data-size	2024-03-10 18:09:47 +01:00
Ronald Cron	db944a7863	ssl_msg.c: Fix log position Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 14:50:58 +01:00
Ronald Cron	5dbfcceb81	tls13: cli: Fix error code not checked Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:15:30 +01:00
Ronald Cron	de9b03dcba	tls13: Rename early_data_count to total_early_data_size Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:14:17 +01:00
Ronald Cron	62f971aa60	tls13: cli: Enforce maximum size of early data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:10:22 +01:00
Ronald Cron	01d273d31f	Enforce maximum size of early data in case of HRR Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	919e596c05	Enforce maximum size of early data when rejected Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	d4069247b8	Improve comments/documentation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-21 17:37:26 +01:00
Ronald Cron	49221900b0	tls13: write_early_data: Add endpoint check Return in error of the API is not called from a client endpoint. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-21 14:37:52 +01:00
Xiaokang Qian	b62732e1d6	tls13: cli: Add mbedtls_ssl_write_early_data() API Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-07 08:06:46 +01:00
Manuel Pégourié-Gonnard	5c9cc0b30f	Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected TLS 1.3: SRV: Ignore early data when rejected	2024-02-06 13:16:03 +00:00
Ronald Cron	71c6e65d83	tls13: ssl_msg.c: Improve/add comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-05 16:54:37 +01:00
Manuel Pégourié-Gonnard	32c28cebb4	Merge pull request #8715 from valeriosetti/issue7964 Remove all internal functions from public headers	2024-02-05 15:09:15 +00:00
Jerry Yu	f57d14bed4	Ignore early data app msg before 2nd client hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-02 17:31:20 +01:00
Ronald Cron	2995d35ac3	tls13: srv: Deprotect and discard early data records Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-02 17:31:20 +01:00
Ronald Cron	164537c4a6	tls13: early data: Improve, add comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 19:52:30 +01:00
Ronald Cron	ed7d4bfda5	tls13: srv: Simplify mbedtls_ssl_read_early_data() API Do not progress the handshake in the API, just read early data if some has been detected by a previous call to mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or mbedtls_ssl_write(). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:45:07 +01:00
Ronald Cron	0883b8b625	tls13: Introduce early_data_state SSL context field Introduce early_data_state SSL context field to distinguish better this internal state from the status values defined for the mbedtls_ssl_get_early_data_status() API. Distinguish also between the client and server states. Note that the client state are going to be documented and reworked as part of the implementation of mbedtls_ssl_write_early_data(). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:45:04 +01:00
Jerry Yu	d9ca354dbd	tls13: srv: Add mbedtls_ssl_read_early_data() API Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Jerry Yu	739a1d4246	tls: Add internal function ssl_read_application_data() The function will be used by mbedtls_ssl_read_early_data() as well. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Valerio Setti	b4f5076270	debug: move internal functions declarations to an internal header file Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-18 15:30:46 +01:00
Manuel Pégourié-Gonnard	ad4f0ada37	Merge pull request #8514 from mschulz-at-hilscher/fixes/uninitialized-variable-in-ssl_msg Fix uninitialized variable warnings in ssl_msg.c	2023-12-06 11:06:03 +00:00
Dave Rodgman	c37ad4432b	misc type fixes in ssl Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-21 17:09:46 +00:00
Dave Rodgman	a3d0f61aec	Use MBEDTLS_GET_UINTxx_BE macro Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-21 17:09:46 +00:00
Dave Rodgman	e4a6f5a7ec	Use size_t cast for pointer subtractions Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-21 17:09:46 +00:00
Matthias Schulz	9916b06ce7	Fix uninitialized variable warnings. Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-11-09 14:25:01 +01:00
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Valerio Setti	e570704f1f	ssl: use MBEDTLS_SSL_HAVE_[CCM/GCM/CHACHAPOLY/AEAD] macros for ssl code Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-12 10:39:37 +02:00
Valerio Setti	d4a10cebe4	cipher/tls: use new symbols for guarding AEAD code Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-11 13:10:34 +02:00
Gilles Peskine	ca1e605b9c	Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925 Conflicts: * `include/mbedtls/build_info.h`: a new fragment to auto-enable `MBEDTLS_CIPHER_PADDING_PKCS7` was added in `c9f4040f7f` in `development-restricted`. In `development`, this section of the file has moved to `include/mbedtls/config_adjust_legacy_crypto.h`. * `library/bignum.c`: function name change in `development-restricted` vs comment change in development. The comment change in `development` is not really relevant, so just take the line from `development-restricted`.	2023-09-25 16:16:26 +02:00
Gilles Peskine	faf0b8604a	mbedtls_ssl_decrypt_buf(): fix buffer overread with stream cipher With stream ciphers, add a check that there's enough room to read a MAC in the record. Without this check, subtracting the MAC length from the data length resulted in an integer underflow, causing the MAC calculation to try reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-18 19:07:50 +02:00
Dave Rodgman	7d52f2a0d9	Improve use of ct interface in mbedtls_ssl_decrypt_buf Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-13 09:30:03 +01:00
Tom Cosgrove	9d8a7d62f5	Use the correct variable when tracking padding length Fixes an error introduced in `a81373f80` Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-09-12 16:01:52 +01:00
Dave Rodgman	48fb8a3448	Fix some renames that were missed Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-10 14:01:51 +01:00
Dave Rodgman	98ddc01a7c	Rename ...if0 to ...else_0 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-10 12:11:31 +01:00
Dave Rodgman	b7825ceb3e	Rename uint->bool operators to reflect input types Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-10 11:58:18 +01:00
Dave Rodgman	c98f8d996a	Merge branch 'development' into safer-ct5 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-07 11:47:35 +01:00
Dave Rodgman	1d4d944e19	Merge pull request #7933 from tom-cosgrove-arm/add-mbedtls_zeroize_and_free Provide and use internal function mbedtls_zeroize_and_free()	2023-08-03 12:56:21 +00:00
Gilles Peskine	bb07377458	Merge pull request #7935 from AgathiyanB/add-enum-casts Add type casts for integer and enum types	2023-07-26 11:27:27 +02:00
Tom Cosgrove	ca8c61b815	Provide and use internal function mbedtls_zeroize_and_free() Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-07-17 15:17:40 +01:00
Agathiyan Bragadeesh	8b52b88b6d	Add type casts in ssl library Signed-off-by: Agathiyan Bragadeesh <agathiyan.bragadeesh2@arm.com>	2023-07-17 15:14:42 +01:00

1 2 3 4 5 ...

309 Commits