lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-31 21:50:31 +03:00
Code Activity
33,243 Commits 176 Branches 276 Tags
32a1112e885f7d41fb80bb48304a032e116feb09
Commit Graph

571 Commits

Author SHA1 Message Date
David Horstmann
232da48471 Merge pull request #9421 from mfil/feature/implement_tls_exporter 
Implement TLS-Exporter
 2025-04-17 14:47:13 +00:00
Gilles Peskine
bc694b3cbd Fix printf of enum 
The enum is promoted to `int`, so `%d` is a correct format,
but `gcc -Wformat` complains.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-09 12:52:26 +02:00
Gilles Peskine
c67befee6a Add a log message on every SSL state transition 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-09 12:52:26 +02:00
Gilles Peskine
f670ba5e52 Always call mbedtls_ssl_handshake_set_state 
Call a single function for all handshake state changes, for easier tracing.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-04-09 12:52:22 +02:00
Manuel Pégourié-Gonnard
ed4a2b4f0a Merge branch 'development-restricted' into merge-from-restricted 
* development-restricted:
  Add missing credit for set_hostname issue
  Add changelog entry for TLS 1.2 Finished fix
  TLS1.2: Check for failures in Finished calculation
  ssl_session_reset: preserve HOSTNAME_SET flag
  Document the need to call mbedtls_ssl_set_hostname
  Improve documentation of mbedtls_ssl_set_hostname
  Changelog entries for requiring mbedls_ssl_set_hostname() in TLS clients
  Add a note about calling mbedtls_ssl_set_hostname to mbedtls_ssl_setup
  mbedtls_ssl_set_hostname tests: add tests with CA callback
  Call mbedtls_ssl_set_hostname in the generic endpoint setup in unit tests
  Require calling mbedtls_ssl_set_hostname() for security
  Create error code for mbedtls_ssl_set_hostname not called
  Keep track of whether mbedtls_ssl_set_hostname() has been called
  Access ssl->hostname through abstractions in certificate verification
  mbedtls_ssl_set_hostname tests: baseline
  Add a flags field to mbedtls_ssl_context
  Automate MBEDTLS_X509_TRUSTED_CERTIFICATE_CALLBACK dependency
  Make guards more consistent between X.509-has-certs and SSL-has-certs
  Fix Doxygen markup
  Make ticket_alpn field private

 Conflicts:
	programs/ssl/ssl_test_common_source.c
 2025-04-01 09:40:47 +02:00
Max Fillinger
0747388254 Fix #endif comment 
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 16:53:58 +01:00
Max Fillinger
2fe35f61bf Create MBEDTLS_SSL_KEYING_MATERIAL_EXPORT option 
Add the option MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to mbedtls_config.h
to control if the function mbedtls_ssl_export_keying_material() should
be available. By default, the option is disabled.

This is because the exporter for TLS 1.2 requires client_random and
server_random need to be stored after the handshake is complete.

Signed-off-by: Max Fillinger <max@max-fillinger.net>
 2025-03-28 16:53:58 +01:00
Max Fillinger
c9f2c9adba Revert "Store randbytes for TLS 1.2 TLS-Exporter" 
This reverts commit cb01dd1333f8083af469e9a0c59f316f1eb0cfe3.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 16:53:58 +01:00
Max Fillinger
48150f5dc3 Store randbytes for TLS 1.2 TLS-Exporter 
Previously, if MBEDTLS_SSL_CONTEXT_SERIALIZATION is not defined,
randbytes are not stored after the handshake is done, but they are
needed for TLS-Exporter in TLS 1.2.

This commit also saves randbytes if MBEDTLS_SSL_PROTO_TLS1_2 is defined.

Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
 2025-03-28 16:53:58 +01:00
Ben Taylor
602b2968ca pre-test version of the mbedtls_ssl_conf_rng removal 
Signed-off-by: Ben Taylor <ben.taylor@linaro.org>
 2025-03-26 13:32:10 +00:00
Gabor Mezei
e99e591179 Remove key exchange based on encryption/decryption 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2025-03-20 17:53:07 +01:00
Minos Galanakis
a2a0c2cbe7 Merge remote-tracking branch 'origin/features/tls-defragmentation/development' into feature_merge_defragmentation_dev 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2025-03-12 15:25:06 +00:00
Valerio Setti
15fd5c9925 ssl: remove support for MBEDTLS_DHM_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2025-03-05 10:11:23 +01:00
Gilles Peskine
fd89acc735 ssl_session_reset: preserve HOSTNAME_SET flag 
When we don't reset `ssl->hostname`, we must not reset the
`MBEDTLS_SSL_CONTEXT_FLAG_HOSTNAME_SET` flag either.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-24 18:48:49 +01:00
Gilles Peskine
434016e2eb Keep track of whether mbedtls_ssl_set_hostname() has been called 
No behavior change apart from now emitting a different log message depending
on whether mbedtls_ssl_set_hostname() has been called with NULL or not at all.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2025-02-24 18:47:44 +01:00
Manuel Pégourié-Gonnard
28f8e205eb Merge pull request #9872 from rojer/tls_hs_defrag_in 
Defragment incoming TLS handshake messages
 2025-02-24 09:28:11 +01:00
Harry Ramsey
2547ae9fcc Move SSL macro checks from TF-PSA-Crypto to Mbed TLS 
This commit moves macro checks specifically for Mbed TLS from
TF-PSA-Crypto to Mbed TLS where they more approriately belong.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2025-01-31 13:58:43 +00:00
Manuel Pégourié-Gonnard
072c98eb75 Remove empty #if #endif block 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-29 10:40:15 +01:00
Manuel Pégourié-Gonnard
53fe26c5ad Update a function's doxygen 
There was two versions of this function with different arguments. Update
the documentation to match the signature of the function we kept.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:44:15 +01:00
Manuel Pégourié-Gonnard
615914b5ac Rm dead !USE_PSA code: SSL headers (part 2) 
Expression that are too complex for unifdef - please review carefully :)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:15:14 +01:00
Manuel Pégourié-Gonnard
11ae619e77 Rm dead !USE_PSA code: SSL headers (part 1) 
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl*.h

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-28 16:15:04 +01:00
Deomid rojer Ryabkov
3dfe75e115 Remove mbedtls_ssl_reset_in_out_pointers 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2025-01-26 11:12:21 +02:00
Manuel Pégourié-Gonnard
6402c35eca Remove internal helper mbedtls_ssl_get_groups() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-14 12:23:56 +01:00
Manuel Pégourié-Gonnard
6b720161ca Remove mbedtls_ssl_conf::curve_list 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2025-01-14 12:17:20 +01:00
Deomid rojer Ryabkov
ac2cf1f26c Defragment incoming TLS handshake messages 
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me>
 2024-12-25 14:34:17 +02:00
Ronald Cron
51f228cc1b Switch to actual TF-PSA-Crypto build_info.h 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-12-11 22:32:45 +01:00
Harry Ramsey
fb6cea508f Remove duplicate mbedtls/build_info.h include 
This commit removes duplicate includes for mbedtls/build_info.h where
the file already includes common.h.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2024-10-14 08:41:31 +01:00
Harry Ramsey
e8e23fb519 Include ssl_misc.h for additional SSL helper files 
This commit replaces #include "common.h" in favour of #include
"ssl_misc.h".

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2024-10-11 12:21:30 +01:00
Harry Ramsey
0f6bc41a22 Update includes for each library file 
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
 2024-10-09 11:18:50 +01:00
Elena Uziunaite
a6950b8ce7 Replace MBEDTLS_PK_CAN_ECDSA_SOME with PSA_HAVE_ALG_SOME_ECDSA 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-09 11:17:36 +01:00
Elena Uziunaite
9fc5be09cb Replace MBEDTLS_MD_CAN_SHA1 with PSA_WANT_ALG_SHA_1 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-09-04 18:12:59 +01:00
David Horstmann
1d98d9d861 Merge pull request #9526 from mpg/refactor-tls123-verif-dev 
Refactor tls123 verif dev
 2024-09-03 15:29:10 +00:00
Manuel Pégourié-Gonnard
9e3e991d04 Fix typos in comments 
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
19dd9f59bc Merge 1.2 and 1.3 certificate verification 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
7a4aa4d133 Make mbedtls_ssl_check_cert_usage() work for 1.3 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard
94f70228e9 Clean up mbedtls_ssl_check_cert_usage() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-09-02 12:46:03 +02:00
Gabor Mezei
c15ef93aa5 Replace MBEDTLS_MD_CAN_SHA512 with PSA_WANT_ALG_SHA_512 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2024-08-28 18:20:25 +02:00
Elena Uziunaite
da41b60cef Replace MBEDTLS_SSL_HAVE_CAMELLIA with PSA_WANT_KEY_TYPE_CAMELLIA 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-13 09:58:00 +01:00
Gilles Peskine
0858fdca38 Merge pull request #9189 from misch7/fix-v3.6-issues-9186-and-9188 
Fix build of v3.6 (issues #9186 and #9188)
 2024-08-12 09:34:17 +00:00
Michael Schuster
4394067071 Fix server mode only build of v3.6 with MBEDTLS_SSL_CLI_C unset (fixes #9186) 
Signed-off-by: Michael Schuster <michael@schuster.ms>
 2024-08-09 10:27:44 +01:00
Gilles Peskine
e1171bd26f Merge pull request #9361 from eleuzi01/replace-key-aria 
Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA
 2024-08-08 15:41:01 +00:00
Elena Uziunaite
51c85a0296 Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-07 11:33:14 +01:00
Elena Uziunaite
8dde3b3dec Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-08-05 15:41:58 +01:00
Elena Uziunaite
74342c7c2b Replace MBEDTLS_SSL_HAVE_CBC with PSA_WANT_ALG_CBC_NO_PADDING 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-31 16:19:15 +01:00
Elena Uziunaite
6121a344dd Replace MBEDTLS_SSL_HAVE_AES with PSA_WANT_KEY_TYPE_AES 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-30 18:42:19 +01:00
Elena Uziunaite
b66a991f04 Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-18 14:31:59 +03:00
Elena Uziunaite
0916cd702f Replace MBEDTLS_MD_CAN_SHA256 with PSA_WANT_ALG_SHA_256 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-11 11:13:35 +03:00
Ronald Cron
2cf41a273e Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384 
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
 2024-07-04 08:56:52 +00:00
Elena Uziunaite
b476d4bf21 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-03 10:20:41 +01:00
Elena Uziunaite
fcc9afaf9d Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-02 11:08:04 +01:00