mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-24 13:32:59 +03:00

Author	SHA1	Message	Date
Yanray Wang	0790041dc6	Revert "tls13: early_data: cli: remove nst_ prefix" This reverts commit `3781ab40fb`. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-30 16:44:44 +08:00
Yanray Wang	f4bad42670	itls13: early_data: cli: improve comment Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-30 15:58:07 +08:00
Yanray Wang	a29db7da2e	tls13: early_data: cli: assign ciphersuite properly When early_data extension is enabled and sent in ClientHello, the client does not know if the server will accept early data and select the first proposed pre-shared key with a ciphersuite that is different from the ciphersuite associated to the selected pre-shared key. To address aforementioned case, we do associated verification when parsing early_data ext in EncryptedExtensions. Therefore we have to assign the ciphersuite in current handshake to session_negotiate later than the associated verification. This won't impact decryption of EncryptedExtensions since we compute handshake keys by the ciphersuite in handshake not via the one in session_negotiate. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-30 14:27:38 +08:00
Yanray Wang	3781ab40fb	tls13: early_data: cli: remove nst_ prefix Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-23 18:17:14 +08:00
Yanray Wang	d012084e91	tls13: early_data: cli: optimize code - remove unnecessary check - using local variable session Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-23 16:38:20 +08:00
Yanray Wang	554ee62fba	tls13: early_data: fix wrong debug_ret message Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-22 18:55:03 +08:00
Yanray Wang	5da8ecffe6	tls13: nst early_data: remove duplicate code Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-22 18:52:21 +08:00
Yanray Wang	920db45818	tls13: early_data: support to parse max_early_data_size ext Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-22 10:33:11 +08:00
Jerry Yu	8e0174ac05	Add maximum ticket lifetime check Also add comments for age cast Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:59:24 +08:00
Jerry Yu	cf9135100e	fix various issues - fix CI failure due to wrong usage of ticket_lifetime - Improve document and comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	342a555eef	rename ticket received Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	46c7926f74	Add maximum ticket lifetime check Also add comments for age cast Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	cebffc3446	change time unit of ticket to milliseconds Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Tom Cosgrove	53199b1c0a	Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed TLS 1.3: EarlyData SRV: Write early data extension in EncryptedExtension	2023-11-07 13:59:13 +00:00
Dave Rodgman	4eb44e4780	Standardise some more headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-03 12:15:12 +00:00
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Jerry Yu	960b7ebbcf	move psk check to EE message on client side early_data extension is sent in EE. So it should not be checked in SH message. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-01 10:32:18 +08:00
Dave Rodgman	2eab462a8c	Fix IAR warnings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 13:30:37 +01:00
Gilles Peskine	e820c0abc8	Update spelling "mbed TLS" to "Mbed TLS" The official spelling of the trade mark changed from all-lowercase "mbed" to normal proper noun capitalization "Mbed" a few years ago. We've been using the new spelling in new text but still have the old spelling in a lot of text. This commit updates most occurrences of "mbed TLS": ``` sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/*' ':!tests/suites/.data' ':!programs/x509/' ':!configs/tfm') ``` Justification for the omissions: * `ChangeLog`: historical text. * `test/data_files/*`, `tests/suites/.data`, `programs/x509/`: many occurrences are significant names in certificates and such. Changing the spelling would invalidate many signatures and tests. `configs/tfm*`: this is an imported file. We'll follow the upstream updates. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-12 19:18:17 +02:00
Valerio Setti	c9ae862225	tls: use TLS 1.3 guards in ssl_tls13 modules Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-25 11:23:50 +02:00
Valerio Setti	ea59c43499	tls: fix a comment a rename a variable/symbol Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-25 11:14:03 +02:00
Valerio Setti	3d237b5ff1	ssl_misc: fix guards for PSA data used in XXDH key exchanges Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-07 19:02:16 +02:00
Przemek Stekiel	408569f91a	Adapt function name: mbedtls_ssl_tls13_generate_and_write_dh_key_exchange Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-06 12:16:44 +02:00
Przemek Stekiel	7ac93bea8c	Adapt names: dh -> xxdh Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-05 09:26:26 +02:00
Przemek Stekiel	d5f79e7297	Adapt functions names for ffdh Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-05 09:26:26 +02:00
Przemek Stekiel	6f199859b6	Adapt handshake fields to ffdh Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-07-05 09:25:00 +02:00
Valerio Setti	dbd01cb677	tls13: fix guards for PSA error translating function Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-07-04 09:18:52 +02:00
Manuel Pégourié-Gonnard	56b159a12a	Merge pull request #7627 from mprse/ffdh_tls13_v2 Make use of FFDH keys in TLS 1.3 v.2	2023-07-03 10:12:33 +02:00
Przemek Stekiel	a05e9c1ec8	Fix selection of default FFDH group Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-15 17:07:16 +02:00
Przemek Stekiel	7d42c0d0e5	Code cleanup #2 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-13 12:30:40 +02:00
Andrzej Kurek	a6033ac431	Add missing guards in tls 1.3 Error translation is only used with these defines on. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-13 05:46:47 -04:00
Andrzej Kurek	1e4a030b00	Fix wrong array size calculation in error translation code Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-13 05:46:47 -04:00
Andrzej Kurek	0064484a70	Optimize error translation code size Introducing an intermediate function saves code size that's otherwise taken by excessive, repeated arguments in each place that was translating errors. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2023-06-13 05:46:46 -04:00
Przemek Stekiel	75a5a9c205	Code cleanup Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-13 09:57:23 +02:00
Przemek Stekiel	29c219c285	Combine mbedtls_ssl_tls13_generate_and_write_ecdh/ffdh_key_exchange functions Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:31:09 +02:00
Przemek Stekiel	c89f3ea9f2	Add support for FFDH in TLS 1.3 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2023-06-06 12:31:08 +02:00
Manuel Pégourié-Gonnard	02b10d8266	Add missing include Fix build failures with config full Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	1f2a587cdf	Use actual function instead of static inline Large static inline functions used from several translation units in the library are bad for code size as we end up with multiple copies. Use the actual function instead. There's already a comment that says so. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
Manuel Pégourié-Gonnard	2d6d993662	Use MD<->PSA functions from MD light As usual, just a search-and-replace plus: 1. Removing things from hash_info.[ch] 2. Adding new auto-enable MD_LIGHT in build-info.h 3. Including md_psa.h where needed Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-06-06 10:33:54 +02:00
YxC	da609130f3	fix: correct calling to time function in tls13 client&server Call `mbedtls_time` to handle the case when MBEDTLS_PLATFORM_TIME_MACRO is defined Signed-off-by: Yuxiang Cao <yuxiang.cao@fortanix.com>	2023-05-22 13:22:00 -07:00
Xiaokang Qian	91bb3f0665	Wrap lines in library/ssl_tls13_client.c Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-04-10 08:29:17 +00:00
Xiaokang Qian	958b6ffe98	Wrap lines which exceed 80 chars in ssl_tls13_client.c Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-04-10 08:27:52 +00:00
Ronald Cron	eff5673e09	Improve and align variable names for supported versions data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	b828c7d3de	Fix, improve and add comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:18 +02:00
Ronald Cron	47dce630f4	tls13: Add function to search for a supported_versions extension Move in a dedicated function the search for the supported_versions extension in a list of extensions, to be able to use it on server side as well. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-04-06 10:26:17 +02:00
Valerio Setti	080a22ba75	ssl_tls13: use PSA_WANT_ALG_ECDH as symbol for marking ECDH capability Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-22 10:48:34 +01:00
Valerio Setti	0c8ec3983e	ssl_tls: fix proper guards for accelerated ECDH Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-22 10:48:34 +01:00
Valerio Setti	90df310d89	ssl_tls13: fix guards for accel ECDH These changes fix all failures found in test_suite_ssl Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-03-22 10:48:34 +01:00
Jan Bruckner	1a38e54436	Changes from 2nd review Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-03-15 14:15:11 +01:00
Jan Bruckner	a0589e75a0	Changes from review Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-03-15 11:04:45 +01:00

1 2 3 4 5 ...

483 Commits