mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00

Author	SHA1	Message	Date
Jerry Yu	3db60dfe5e	rename nst early data write function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:16:56 +08:00
Jerry Yu	fceddb310e	Add early data permission check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:14:54 +08:00
Jerry Yu	01da35e2c8	add early data extension of NST Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:14:52 +08:00
Jerry Yu	42020fb186	revert output message which used by testing Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-05 17:35:53 +08:00
Jerry Yu	ebb1b1d48f	fix ci test failure "skip parse certificate verify" can not be changed. It is used in `Authentication: client badcert, server none` test. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-05 11:02:15 +08:00
Jerry Yu	b55f9eb5c5	fix various issues - remove unnecessary statements - improve macro name - improve output message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-05 10:27:17 +08:00
Yanray Wang	fb0f47b1f8	tls13: srv: check tls version in ClientHello with min_tls_version When server is configured as TLS 1.3 only and receives ClientHello from a TLS 1.2 only client, it's expected to abort the handshake instead of downgrading protocol to TLS 1.2 and continuing handshake. This commit adds a check to make sure server min_tls_version always larger than received version in ClientHello. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-04 17:50:36 +08:00
Yanray Wang	197199f154	tls12 & tls13 server: remove RNG check in `write_server_hello` RNG check is added in ssl_conf_check when calling mbedtls_ssl_setup, so there is no need to check it again. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-04 11:03:14 +08:00
Jerry Yu	7bb40a3650	send unexpected alert when not received eoed or app during reading early data Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-04 10:04:15 +08:00
Jerry Yu	fbf039932a	Send decode error alert when EOED parsing fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-04 10:00:37 +08:00
Jerry Yu	3be850782c	fix various issues - improve comments - rename function and macros name - remove unnecessary comments - remove extra empty lines - remove unnecessary condition Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-04 09:58:54 +08:00
Jerry Yu	0af63dc263	improve comments and output message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-01 17:18:04 +08:00
Jerry Yu	ee4d729555	print received early application data Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-01 16:53:50 +08:00
Jerry Yu	e96551276a	switch inbound transform to handshake Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-01 16:53:50 +08:00
Jerry Yu	75c9ab76b5	implement parser of eoed Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-01 16:53:50 +08:00
Jerry Yu	b4ed4602f2	implement coordinate of eoed Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-01 16:34:00 +08:00
Jerry Yu	d5c3496ce2	Add dummy framework of eoed state Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-01 16:32:31 +08:00
Jerry Yu	59d420f17b	empty process_end_of_early_data Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-01 16:30:34 +08:00
Jerry Yu	9b72e39701	re-introduce process_wait_flight2 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-01 16:27:08 +08:00
Jerry Yu	e32fac3d23	remove wait_flight2 state Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-01 16:25:16 +08:00
Jerry Yu	d33f7a8c72	improve document Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-29 15:09:21 +08:00
Jerry Yu	87b5ed4e5b	Add server side end-of-early-data handler Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-22 16:48:39 +08:00
Jerry Yu	7d8c3fe12c	Add wait flight2 state. The state is come from RFC8446 section A.2 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-22 16:48:39 +08:00
Jerry Yu	4e9b70e03a	Add early transform computation when accepted Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-22 16:48:39 +08:00
Jerry Yu	60e997205d	replace check string The output has been changed Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:59:25 +08:00
Jerry Yu	713ce1f889	various improvement - improve change log entry - improve comments - remove unnecessary statement - change type of client_age Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:59:25 +08:00
Jerry Yu	d84c14f80c	improve code style Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:59:24 +08:00
Jerry Yu	9cb953a402	improve document Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:59:24 +08:00
Jerry Yu	8e0174ac05	Add maximum ticket lifetime check Also add comments for age cast Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:59:24 +08:00
Jerry Yu	cf9135100e	fix various issues - fix CI failure due to wrong usage of ticket_lifetime - Improve document and comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	25ba4d40ef	rename `ticket_creation` to `ticket_creation_time` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	46c7926f74	Add maximum ticket lifetime check Also add comments for age cast Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	28e7c554f4	Change the bottom of tolerance window The unit of ticket time has been changed to milliseconds. And age difference might be negative Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	31b601aa15	improve comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Jerry Yu	ec6d07870d	Replace `start` with `ticket_creation` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Jerry Yu	f16efbc78d	fix various issues - Add comments for ticket test hooks - improve code style. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Jerry Yu	cebffc3446	change time unit of ticket to milliseconds Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Ronald Cron	97137f91b6	Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field TLS 1.3 EarlyData: add `max_early_data_size` field for ticket	2023-11-20 08:04:57 +00:00
Tom Cosgrove	53199b1c0a	Merge pull request #6720 from yuhaoth/pr/tls13-early-data-receive-0_rtt-and-eoed TLS 1.3: EarlyData SRV: Write early data extension in EncryptedExtension	2023-11-07 13:59:13 +00:00
Tom Cosgrove	4122c16abd	Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption	2023-11-07 09:26:21 +00:00
Jerry Yu	7ef9fd8989	fix various issues - Debug message - Improve comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-07 14:31:37 +08:00
Jerry Yu	2bea94ce2e	check the ticket version unconditional Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-07 14:18:17 +08:00
Pengyu Lv	44670c6eda	Revert "TLS 1.3: SRV: Don't select ephemeral mode on resumption" This reverts commit `dadeb20383`. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-07 09:58:53 +08:00
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Jerry Yu	82fd6c11bd	Add selected key and ciphersuite check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-01 10:32:17 +08:00
Jerry Yu	ce3b95e2c9	move ticket version check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-01 10:32:17 +08:00
Jerry Yu	454dda3e25	fix various issues - improve output message - Remove unnecessary checks - Simplify test command Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-01 10:28:43 +08:00
Pengyu Lv	dbd1e0d986	tls13: add helpers to check if psk[_ephemeral] allowed by ticket Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-10-31 10:17:17 +08:00
Pengyu Lv	29daf4a36b	tls13: server: fully check ticket_flags with available kex mode. We need to fully check if the provided session ticket could be used in the handshake, so that we wouldn't cause handshake failure in some cases. Here we bring `f8e50a9` back. Example scenario: A client proposes to a server, that supports only the psk_ephemeral key exchange mode, two tickets, the first one is allowed only for pure PSK key exchange mode and the second one is psk_ephemeral only. We need to select the second tickets instead of the first one whose ticket_flags forbid psk_ephemeral and thus cause a handshake failure. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-10-31 09:34:14 +08:00
Pengyu Lv	cfb23b8090	tls13: server: parse pre_shared_key only when some psk is selectable Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-10-30 15:26:26 +08:00

1 2 3 4 5 ...

477 Commits