mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00

Author	SHA1	Message	Date
Gilles Peskine	5a668dd5af	Reduce level of non-error debug message Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-09-20 07:44:36 +02:00
Gilles Peskine	015d222008	Remove transitional always-on internal option Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-09-20 07:44:36 +02:00
Gilles Peskine	78df03aaa5	Separate accepting TLS 1.3 middlebox compatibility from sending it The compile-time option MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE gates both support for interoperability with a peer that uses middlebox compatibility mode, and support for activating that mode ourselves. Change code that is only needed for interoperability to be guarded by MBEDTLS_SSL_TLS1_3_ACCEPT_COMPATIBILITY_MODE. As of this commit, MBEDTLS_SSL_TLS1_3_ACCEPT_COMPATIBILITY_MODE is always enabled: there is no way to disable it, and there are no tests with it disabled. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-09-20 07:40:02 +02:00
Ronald Cron	9f44c883f4	Rename some "new_session_tickets" symbols Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-08-28 17:47:46 +02:00
Ronald Cron	97dc5832c5	Improve debug logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-08-28 10:42:01 +02:00
Ronald Cron	d67f801c63	Do not add a new field in the SSL config We cannot add a new field in SSL config in an LTS. Use `session_tickets` field instead. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-08-28 10:41:54 +02:00
Ronald Cron	b675b2ba5d	TLS 1.3: Ignore tickets if disabled at runtime Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-08-27 15:41:24 +02:00
Ronald Cron	698c8e902e	ssl_msg.c: Rename _check_new_session_ticket to _is_new_session_ticket Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-04-05 14:16:32 +02:00
Ronald Cron	6071f611f6	tls13: cli: Ignore tickets if not supported If a TLS 1.3 client receives a ticket and the feature is not enabled, ignore it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-04-05 14:16:32 +02:00
Ronald Cron	3641df2980	tls13: cli: Rename STATE_SENT to STATE_IND_SENT Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	05d7cfbd9c	tls13: cli: Rename STATE_UNKNOWN to STATE_IDLE Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	d2884662c1	tls13: cli: Split early data user status and internal state Do not use the return values of mbedtls_ssl_get_early_data_status() (MBEDTLS_SSL_EARLY_DATA_STATUS_ macros) for the state of the negotiation and transfer of early data during the handshake. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:15 +01:00
Ronald Cron	61fd13c6a5	Merge remote-tracking branch 'mbedtls/development' into tls13-cli-max-early-data-size	2024-03-10 18:09:47 +01:00
Ronald Cron	db944a7863	ssl_msg.c: Fix log position Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 14:50:58 +01:00
Ronald Cron	5dbfcceb81	tls13: cli: Fix error code not checked Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:15:30 +01:00
Ronald Cron	de9b03dcba	tls13: Rename early_data_count to total_early_data_size Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:14:17 +01:00
Ronald Cron	62f971aa60	tls13: cli: Enforce maximum size of early data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:10:22 +01:00
Ronald Cron	01d273d31f	Enforce maximum size of early data in case of HRR Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	919e596c05	Enforce maximum size of early data when rejected Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	d4069247b8	Improve comments/documentation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-21 17:37:26 +01:00
Ronald Cron	49221900b0	tls13: write_early_data: Add endpoint check Return in error of the API is not called from a client endpoint. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-21 14:37:52 +01:00
Xiaokang Qian	b62732e1d6	tls13: cli: Add mbedtls_ssl_write_early_data() API Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-07 08:06:46 +01:00
Manuel Pégourié-Gonnard	5c9cc0b30f	Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected TLS 1.3: SRV: Ignore early data when rejected	2024-02-06 13:16:03 +00:00
Ronald Cron	71c6e65d83	tls13: ssl_msg.c: Improve/add comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-05 16:54:37 +01:00
Manuel Pégourié-Gonnard	32c28cebb4	Merge pull request #8715 from valeriosetti/issue7964 Remove all internal functions from public headers	2024-02-05 15:09:15 +00:00
Jerry Yu	f57d14bed4	Ignore early data app msg before 2nd client hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-02 17:31:20 +01:00
Ronald Cron	2995d35ac3	tls13: srv: Deprotect and discard early data records Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-02 17:31:20 +01:00
Ronald Cron	164537c4a6	tls13: early data: Improve, add comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 19:52:30 +01:00
Ronald Cron	ed7d4bfda5	tls13: srv: Simplify mbedtls_ssl_read_early_data() API Do not progress the handshake in the API, just read early data if some has been detected by a previous call to mbedtls_ssl_handshake(), mbedtls_ssl_handshake_step(), mbedtls_ssl_read() or mbedtls_ssl_write(). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:45:07 +01:00
Ronald Cron	0883b8b625	tls13: Introduce early_data_state SSL context field Introduce early_data_state SSL context field to distinguish better this internal state from the status values defined for the mbedtls_ssl_get_early_data_status() API. Distinguish also between the client and server states. Note that the client state are going to be documented and reworked as part of the implementation of mbedtls_ssl_write_early_data(). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:45:04 +01:00
Jerry Yu	d9ca354dbd	tls13: srv: Add mbedtls_ssl_read_early_data() API Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Jerry Yu	739a1d4246	tls: Add internal function ssl_read_application_data() The function will be used by mbedtls_ssl_read_early_data() as well. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Valerio Setti	b4f5076270	debug: move internal functions declarations to an internal header file Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-18 15:30:46 +01:00
Manuel Pégourié-Gonnard	ad4f0ada37	Merge pull request #8514 from mschulz-at-hilscher/fixes/uninitialized-variable-in-ssl_msg Fix uninitialized variable warnings in ssl_msg.c	2023-12-06 11:06:03 +00:00
Dave Rodgman	c37ad4432b	misc type fixes in ssl Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-21 17:09:46 +00:00
Dave Rodgman	a3d0f61aec	Use MBEDTLS_GET_UINTxx_BE macro Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-21 17:09:46 +00:00
Dave Rodgman	e4a6f5a7ec	Use size_t cast for pointer subtractions Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-21 17:09:46 +00:00
Matthias Schulz	9916b06ce7	Fix uninitialized variable warnings. Signed-off-by: Matthias Schulz <mschulz@hilscher.com>	2023-11-09 14:25:01 +01:00
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Valerio Setti	e570704f1f	ssl: use MBEDTLS_SSL_HAVE_[CCM/GCM/CHACHAPOLY/AEAD] macros for ssl code Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-12 10:39:37 +02:00
Valerio Setti	d4a10cebe4	cipher/tls: use new symbols for guarding AEAD code Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-11 13:10:34 +02:00
Gilles Peskine	ca1e605b9c	Merge remote-tracking branch 'upstream-public/development' into development-restricted-merge-20230925 Conflicts: * `include/mbedtls/build_info.h`: a new fragment to auto-enable `MBEDTLS_CIPHER_PADDING_PKCS7` was added in `c9f4040f7f` in `development-restricted`. In `development`, this section of the file has moved to `include/mbedtls/config_adjust_legacy_crypto.h`. * `library/bignum.c`: function name change in `development-restricted` vs comment change in development. The comment change in `development` is not really relevant, so just take the line from `development-restricted`.	2023-09-25 16:16:26 +02:00
Gilles Peskine	faf0b8604a	mbedtls_ssl_decrypt_buf(): fix buffer overread with stream cipher With stream ciphers, add a check that there's enough room to read a MAC in the record. Without this check, subtracting the MAC length from the data length resulted in an integer underflow, causing the MAC calculation to try reading (SIZE_MAX + 1 - maclen) bytes of input, which is a buffer overread. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-18 19:07:50 +02:00
Dave Rodgman	7d52f2a0d9	Improve use of ct interface in mbedtls_ssl_decrypt_buf Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-09-13 09:30:03 +01:00
Tom Cosgrove	9d8a7d62f5	Use the correct variable when tracking padding length Fixes an error introduced in `a81373f80` Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-09-12 16:01:52 +01:00
Dave Rodgman	48fb8a3448	Fix some renames that were missed Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-10 14:01:51 +01:00
Dave Rodgman	98ddc01a7c	Rename ...if0 to ...else_0 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-10 12:11:31 +01:00
Dave Rodgman	b7825ceb3e	Rename uint->bool operators to reflect input types Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-10 11:58:18 +01:00
Dave Rodgman	c98f8d996a	Merge branch 'development' into safer-ct5 Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-08-07 11:47:35 +01:00
Dave Rodgman	1d4d944e19	Merge pull request #7933 from tom-cosgrove-arm/add-mbedtls_zeroize_and_free Provide and use internal function mbedtls_zeroize_and_free()	2023-08-03 12:56:21 +00:00

1 2 3 4 5 ...

312 Commits