lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-12 08:21:54 +03:00
Code Activity
28,454 Commits 172 Branches 268 Tags
2a8035b49506a888bd4edc1891a27b51c920105f
Commit Graph

353 Commits

Author SHA1 Message Date
Jerry Yu
60e997205d replace check string 
The output has been changed

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:25 +08:00
Jerry Yu
713ce1f889 various improvement 
- improve change log entry
- improve comments
- remove unnecessary statement
- change type of client_age

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:25 +08:00
Jerry Yu
d84c14f80c improve code style 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:24 +08:00
Jerry Yu
9cb953a402 improve document 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:24 +08:00
Jerry Yu
8e0174ac05 Add maximum ticket lifetime check 
Also add comments for age cast

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:59:24 +08:00
Jerry Yu
cf9135100e fix various issues 
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
25ba4d40ef rename ticket_creation to ticket_creation_time 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
46c7926f74 Add maximum ticket lifetime check 
Also add comments for age cast

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
28e7c554f4 Change the bottom of tolerance window 
The unit of ticket time has been changed to milliseconds.
And age difference might be negative

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:19 +08:00
Jerry Yu
31b601aa15 improve comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
ec6d07870d Replace start with ticket_creation 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
f16efbc78d fix various issues 
- Add comments for ticket test hooks
- improve code style.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Jerry Yu
cebffc3446 change time unit of ticket to milliseconds 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-21 09:58:18 +08:00
Ronald Cron
97137f91b6 Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field 
TLS 1.3 EarlyData: add `max_early_data_size` field for ticket
 2023-11-20 08:04:57 +00:00
Tom Cosgrove
53199b1c0a Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed 
TLS 1.3: EarlyData SRV: Write early data extension  in EncryptedExtension
 2023-11-07 13:59:13 +00:00
Tom Cosgrove
4122c16abd Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination 
TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption
 2023-11-07 09:26:21 +00:00
Jerry Yu
7ef9fd8989 fix various issues 
- Debug message
- Improve comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-07 14:31:37 +08:00
Jerry Yu
2bea94ce2e check the ticket version unconditional 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-07 14:18:17 +08:00
Pengyu Lv
44670c6eda Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption" 
This reverts commit dadeb20383.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-11-07 09:58:53 +08:00
Dave Rodgman
16799db69a update headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 19:47:20 +00:00
Jerry Yu
82fd6c11bd Add selected key and ciphersuite check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-01 10:32:17 +08:00
Jerry Yu
ce3b95e2c9 move ticket version check 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-01 10:32:17 +08:00
Jerry Yu
454dda3e25 fix various issues 
- improve output message
- Remove unnecessary checks
- Simplify test command

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-11-01 10:28:43 +08:00
Pengyu Lv
dbd1e0d986 tls13: add helpers to check if psk[_ephemeral] allowed by ticket 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-31 10:17:17 +08:00
Pengyu Lv
29daf4a36b tls13: server: fully check ticket_flags with available kex mode. 
We need to fully check if the provided session ticket could be
used in the handshake, so that we wouldn't cause handshake
failure in some cases. Here we bring f8e50a9 back.

Example scenario:
A client proposes to a server, that supports only the psk_ephemeral
key exchange mode, two tickets, the first one is allowed only for
pure PSK key exchange mode and the second one is psk_ephemeral only.
We need to select the second tickets instead of the first one whose
ticket_flags forbid psk_ephemeral and thus cause a handshake
failure.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-31 09:34:14 +08:00
Pengyu Lv
cfb23b8090 tls13: server: parse pre_shared_key only when some psk is selectable 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-30 15:26:26 +08:00
Jerry Yu
71c14f1db6 write early data indication in EE msg 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-27 10:52:49 +08:00
Jerry Yu
985c967a14 tls13: add more checks for server early data 
- check if it is enabled
- check if it is psk mode
- check if it is resumption
- check if it is tls13 version

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-27 10:52:27 +08:00
Pengyu Lv
7b711710b2 Add check_ticket_flags helper function 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-10-24 17:07:14 +08:00
Pengyu Lv
ed5e4e86a5 Merge branch 'development' into issue/6935/ticket_flags-kex-mode-determination 2023-10-18 18:03:07 +08:00
Jerry Yu
b47b2990d6 fix various issues 
- fix wrong typo
- remove redundant check
- remove psk mode tests

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-18 15:50:35 +08:00
Jerry Yu
ab0da370a4 Add early data status update 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-12 15:02:01 +08:00
Jerry Yu
33bf240e53 Add max_early_data_size into copy list 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-12 15:00:26 +08:00
Dave Rodgman
2eab462a8c Fix IAR warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-10-05 13:30:37 +01:00
Manuel Pégourié-Gonnard
de8f56e936 Merge pull request #7884 from valeriosetti/issue7612 
TLS: Clean up (EC)DH dependencies
 2023-08-01 07:13:36 +00:00
Valerio Setti
c9ae862225 tls: use TLS 1.3 guards in ssl_tls13 modules 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-25 11:23:50 +02:00
Valerio Setti
ea59c43499 tls: fix a comment a rename a variable/symbol 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-25 11:14:03 +02:00
Gilles Peskine
6aca2c9613 Merge pull request #7716 from mpg/psa-util-internal 
Split psa_util.h between internal and public
 2023-07-10 18:33:23 +02:00
Manuel Pégourié-Gonnard
5c41ae867b Merge pull request #7887 from ronald-cron-arm/fix-hrr-in-psk-kem 
tls13: server: Fix spurious HRR
 2023-07-10 09:58:13 +02:00
Valerio Setti
3d237b5ff1 ssl_misc: fix guards for PSA data used in XXDH key exchanges 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-07-07 19:02:16 +02:00
Ronald Cron
8a74f07c2a tls13: server: Fix spurious HRR 
If the server during a TLS 1.3 handshake selects
the PSK key exchange mode, it does not matter
if it did not find in the key share extension
a key share for a group it supports. Such a
key share is used and necessary only in the
case of the ephemeral or PSK ephemeral key
exchange mode. This is a possible scenario in
the case of a server that supports only the PSK
key exchange mode and a client that also
supports a key exchange mode with ephemeral keys.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-07 15:53:12 +02:00
Manuel Pégourié-Gonnard
d55d66f5ec Fix missing includes 
Some files relied on psa_util.h to provide the includes they need.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-07-06 12:47:28 +02:00
Przemek Stekiel
408569f91a Adapt function name: mbedtls_ssl_tls13_generate_and_write_dh_key_exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-06 12:16:44 +02:00
Przemek Stekiel
7ac93bea8c Adapt names: dh -> xxdh 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:26:26 +02:00
Przemek Stekiel
d5f79e7297 Adapt functions names for ffdh 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:26:26 +02:00
Manuel Pégourié-Gonnard
56b159a12a Merge pull request #7627 from mprse/ffdh_tls13_v2 
Make use of FFDH keys in TLS 1.3 v.2
 2023-07-03 10:12:33 +02:00
Przemek Stekiel
8c0a95374f Adapt remaining guards to FFDH 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-15 17:07:10 +02:00
Przemek Stekiel
29c219c285 Combine mbedtls_ssl_tls13_generate_and_write_ecdh/ffdh_key_exchange functions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel
63706628d0 Adapt guards for FFDH 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel
c89f3ea9f2 Add support for FFDH in TLS 1.3 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00