Gabor Mezei 
							
						 
					 
					
						
						
							
						
						c15ef93aa5 
					 
					
						
						
							
							Replace MBEDTLS_MD_CAN_SHA512 with PSA_WANT_ALG_SHA_512  
						
						... 
						
						
						
						Signed-off-by: Gabor Mezei <gabor.mezei@arm.com > 
						
						
					 
					
						2024-08-28 18:20:25 +02:00 
						 
				 
			
				
					
						
							
							
								Elena Uziunaite 
							
						 
					 
					
						
						
							
						
						da41b60cef 
					 
					
						
						
							
							Replace MBEDTLS_SSL_HAVE_CAMELLIA with PSA_WANT_KEY_TYPE_CAMELLIA  
						
						... 
						
						
						
						Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com > 
						
						
					 
					
						2024-08-13 09:58:00 +01:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						0858fdca38 
					 
					
						
						
							
							Merge pull request  #9189  from misch7/fix-v3.6-issues-9186-and-9188  
						
						... 
						
						
						
						Fix build of v3.6 (issues #9186  and #9188 ) 
						
						
					 
					
						2024-08-12 09:34:17 +00:00 
						 
				 
			
				
					
						
							
							
								Michael Schuster 
							
						 
					 
					
						
						
							
						
						4394067071 
					 
					
						
						
							
							Fix server mode only build of v3.6 with MBEDTLS_SSL_CLI_C unset ( fixes   #9186 )  
						
						... 
						
						
						
						Signed-off-by: Michael Schuster <michael@schuster.ms > 
						
						
					 
					
						2024-08-09 10:27:44 +01:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						e1171bd26f 
					 
					
						
						
							
							Merge pull request  #9361  from eleuzi01/replace-key-aria  
						
						... 
						
						
						
						Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA 
						
						
					 
					
						2024-08-08 15:41:01 +00:00 
						 
				 
			
				
					
						
							
							
								Elena Uziunaite 
							
						 
					 
					
						
						
							
						
						51c85a0296 
					 
					
						
						
							
							Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA  
						
						... 
						
						
						
						Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com > 
						
						
					 
					
						2024-08-07 11:33:14 +01:00 
						 
				 
			
				
					
						
							
							
								Elena Uziunaite 
							
						 
					 
					
						
						
							
						
						8dde3b3dec 
					 
					
						
						
							
							Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY  
						
						... 
						
						
						
						Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com > 
						
						
					 
					
						2024-08-05 15:41:58 +01:00 
						 
				 
			
				
					
						
							
							
								Elena Uziunaite 
							
						 
					 
					
						
						
							
						
						74342c7c2b 
					 
					
						
						
							
							Replace MBEDTLS_SSL_HAVE_CBC with PSA_WANT_ALG_CBC_NO_PADDING  
						
						... 
						
						
						
						Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com > 
						
						
					 
					
						2024-07-31 16:19:15 +01:00 
						 
				 
			
				
					
						
							
							
								Elena Uziunaite 
							
						 
					 
					
						
						
							
						
						6121a344dd 
					 
					
						
						
							
							Replace MBEDTLS_SSL_HAVE_AES with PSA_WANT_KEY_TYPE_AES  
						
						... 
						
						
						
						Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com > 
						
						
					 
					
						2024-07-30 18:42:19 +01:00 
						 
				 
			
				
					
						
							
							
								Elena Uziunaite 
							
						 
					 
					
						
						
							
						
						b66a991f04 
					 
					
						
						
							
							Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5  
						
						... 
						
						
						
						Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com > 
						
						
					 
					
						2024-07-18 14:31:59 +03:00 
						 
				 
			
				
					
						
							
							
								Elena Uziunaite 
							
						 
					 
					
						
						
							
						
						0916cd702f 
					 
					
						
						
							
							Replace MBEDTLS_MD_CAN_SHA256 with PSA_WANT_ALG_SHA_256  
						
						... 
						
						
						
						Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com > 
						
						
					 
					
						2024-07-11 11:13:35 +03:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						2cf41a273e 
					 
					
						
						
							
							Merge pull request  #9171  from eleuzi01/replace-mbedtls-md-can-sha384  
						
						... 
						
						
						
						Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384 
						
						
					 
					
						2024-07-04 08:56:52 +00:00 
						 
				 
			
				
					
						
							
							
								Elena Uziunaite 
							
						 
					 
					
						
						
							
						
						b476d4bf21 
					 
					
						
						
							
							Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384  
						
						... 
						
						
						
						Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com > 
						
						
					 
					
						2024-07-03 10:20:41 +01:00 
						 
				 
			
				
					
						
							
							
								Elena Uziunaite 
							
						 
					 
					
						
						
							
						
						fcc9afaf9d 
					 
					
						
						
							
							Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224  
						
						... 
						
						
						
						Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com > 
						
						
					 
					
						2024-07-02 11:08:04 +01:00 
						 
				 
			
				
					
						
							
							
								Waleed Elmelegy 
							
						 
					 
					
						
						
							
						
						5bc5263b2c 
					 
					
						
						
							
							Add code improvments and refactoring in dealing with ALPN  
						
						... 
						
						
						
						Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com > 
						
						
					 
					
						2024-03-13 16:50:01 +00:00 
						 
				 
			
				
					
						
							
							
								Waleed Elmelegy 
							
						 
					 
					
						
						
							
						
						883f77cb08 
					 
					
						
						
							
							Add mbedtls_ssl_session_set_alpn() function  
						
						... 
						
						
						
						Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com > 
						
						
					 
					
						2024-03-13 16:50:01 +00:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						fd4c0c8b3d 
					 
					
						
						
							
							tls13: cli: Fix comment  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-12 17:48:18 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						aa3593141b 
					 
					
						
						
							
							tls13: cli: Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz  
						
						... 
						
						
						
						Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
from ssl.h(public) to ssl_misc.h(private) even if
that means we cannot use the enum type for
early_data_state in ssl.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-12 17:48:18 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						8571804382 
					 
					
						
						
							
							tls13: srv: Enforce maximum size of early data  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-01 09:29:09 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						d6d32b9210 
					 
					
						
						
							
							tls13: Improve declaration and doc of early data status  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-02-15 17:19:14 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						b9a9b1f5a5 
					 
					
						
						
							
							tls13: Fix/Improve comments  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-02-15 17:19:14 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						5fbd27055d 
					 
					
						
						
							
							tls13: Use a flag not a counter for CCS and HRR handling  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-02-15 17:19:02 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						90e223364c 
					 
					
						
						
							
							tls13: cli: Refine early data status  
						
						... 
						
						
						
						The main purpose of the change is to
know from the status, at any point in
the handshake, if early data can be
sent or not and why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-02-06 16:43:33 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						fe59ff794d 
					 
					
						
						
							
							tls13: Send dummy CCS only once  
						
						... 
						
						
						
						Fix cases where the client was sending
two CCS, no harm but better to send only one.
Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-02-06 16:43:33 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						32c28cebb4 
					 
					
						
						
							
							Merge pull request  #8715  from valeriosetti/issue7964  
						
						... 
						
						
						
						Remove all internal functions from public headers 
						
						
					 
					
						2024-02-05 15:09:15 +00:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						78a38f607c 
					 
					
						
						
							
							tls13: srv: Do not use early_data_status  
						
						... 
						
						
						
						Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-02-01 20:10:35 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						3b9034544e 
					 
					
						
						
							
							Revert "tls13: Introduce early_data_state SSL context field"  
						
						... 
						
						
						
						This reverts commit 0883b8b625ronald.cron@arm.com > 
						
						
					 
					
						2024-02-01 20:03:57 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						0883b8b625 
					 
					
						
						
							
							tls13: Introduce early_data_state SSL context field  
						
						... 
						
						
						
						Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-02-01 16:45:04 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						5d0ae9021f 
					 
					
						
						
							
							tls13: srv: Refine early data status  
						
						... 
						
						
						
						The main purpose is to know from the status
if early data can be received of not and
why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-02-01 16:40:47 +01:00 
						 
				 
			
				
					
						
							
							
								Valerio Setti 
							
						 
					 
					
						
						
							
						
						25b282ebfe 
					 
					
						
						
							
							x509: move internal functions declarations to a private header  
						
						... 
						
						
						
						Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no > 
						
						
					 
					
						2024-01-19 09:07:35 +01:00 
						 
				 
			
				
					
						
							
							
								Valerio Setti 
							
						 
					 
					
						
						
							
						
						d929106f36 
					 
					
						
						
							
							ssl_ciphersuites: move internal functions declarations to a private header  
						
						... 
						
						
						
						Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no > 
						
						
					 
					
						2024-01-18 15:08:28 +01:00 
						 
				 
			
				
					
						
							
							
								Tom Cosgrove 
							
						 
					 
					
						
						
							
						
						f1ba1933cf 
					 
					
						
						
							
							Merge pull request  #8526  from yanrayw/issue/7011/send_record_size_limit_ext  
						
						... 
						
						
						
						TLS1.3: SRV/CLI: add support for sending Record Size Limit extension 
						
						
					 
					
						2024-01-12 13:39:15 +00:00 
						 
				 
			
				
					
						
							
							
								Waleed Elmelegy 
							
						 
					 
					
						
						
							
						
						f0ccf46713 
					 
					
						
						
							
							Add minor cosmetic changes to record size limit changelog and comments  
						
						... 
						
						
						
						Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com > 
						
						
					 
					
						2024-01-12 10:52:45 +00:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						ae2213c307 
					 
					
						
						
							
							Merge pull request  #8414  from lpy4105/issue/uniform-ssl-check-function  
						
						... 
						
						
						
						Harmonise the names and return values of check functions in TLS code 
						
						
					 
					
						2024-01-11 13:51:39 +00:00 
						 
				 
			
				
					
						
							
							
								Waleed Elmelegy 
							
						 
					 
					
						
						
							
						
						f501790ff2 
					 
					
						
						
							
							Improve comments across record size limit changes  
						
						... 
						
						
						
						Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com > 
						
						
					 
					
						2024-01-10 16:17:28 +00:00 
						 
				 
			
				
					
						
							
							
								Waleed Elmelegy 
							
						 
					 
					
						
						
							
						
						148dfb6457 
					 
					
						
						
							
							Change record size limit writing function  
						
						... 
						
						
						
						Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com > 
						
						
					 
					
						2024-01-10 16:17:27 +00:00 
						 
				 
			
				
					
						
							
							
								Yanray Wang 
							
						 
					 
					
						
						
							
						
						a8b4291836 
					 
					
						
						
							
							tls13: add generic function to write Record Size Limit ext  
						
						... 
						
						
						
						Signed-off-by: Yanray Wang <yanray.wang@arm.com > 
						
						
					 
					
						2024-01-10 16:17:27 +00:00 
						 
				 
			
				
					
						
							
							
								Tom Cosgrove 
							
						 
					 
					
						
						
							
						
						3a6059beca 
					 
					
						
						
							
							Merge pull request  #7455  from KloolK/record-size-limit/comply-with-limit  
						
						... 
						
						
						
						Comply with the received Record Size Limit extension 
						
						
					 
					
						2024-01-09 15:22:17 +00:00 
						 
				 
			
				
					
						
							
							
								Waleed-Ziad Maamoun-Elmelegy 
							
						 
					 
					
						
						
							
						
						e2d3db5cfc 
					 
					
						
						
							
							Update mbedtls_ssl_get_output_record_size_limit signature  
						
						... 
						
						
						
						Co-authored-by: Ronald Cron <ronald.cron@arm.com >
Signed-off-by: Waleed-Ziad Maamoun-Elmelegy <122474370+waleed-elmelegy-arm@users.noreply.github.com > 
						
						
					 
					
						2024-01-05 14:19:16 +00:00 
						 
				 
			
				
					
						
							
							
								Pengyu Lv 
							
						 
					 
					
						
						
							
						
						94a42ccb3e 
					 
					
						
						
							
							Add tls13 in ticket flags helper function names  
						
						... 
						
						
						
						```
sed -i \
"s/\(mbedtls_ssl\)_\(session_\(\w*_\)\?ticket\)/\1_tls13_\2/g" \
library/*.[ch]
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com > 
						
						
					 
					
						2023-12-08 11:12:46 +08:00 
						 
				 
			
				
					
						
							
							
								Pengyu Lv 
							
						 
					 
					
						
						
							
						
						abd844f379 
					 
					
						
						
							
							Fix wrong format in the function doc  
						
						... 
						
						
						
						Signed-off-by: Pengyu Lv <pengyu.lv@arm.com > 
						
						
					 
					
						2023-12-08 10:01:58 +08:00 
						 
				 
			
				
					
						
							
							
								Pengyu Lv 
							
						 
					 
					
						
						
							
						
						02e72f65da 
					 
					
						
						
							
							Reword return value description for mbedtls_ssl_tls13_is_kex_mode_supported  
						
						... 
						
						
						
						Signed-off-by: Pengyu Lv <pengyu.lv@arm.com > 
						
						
					 
					
						2023-12-08 10:01:58 +08:00 
						 
				 
			
				
					
						
							
							
								Pengyu Lv 
							
						 
					 
					
						
						
							
						
						b2cfafbb9e 
					 
					
						
						
							
							Consistent renaming  
						
						... 
						
						
						
						Signed-off-by: Pengyu Lv <pengyu.lv@arm.com > 
						
						
					 
					
						2023-12-08 10:01:58 +08:00 
						 
				 
			
				
					
						
							
							
								Pengyu Lv 
							
						 
					 
					
						
						
							
						
						2333b826f4 
					 
					
						
						
							
							tls13: srv: rename mbedtls_ssl_tls13_check_kex_modes  
						
						... 
						
						
						
						The function is renamed to
`mbedtls_ssl_tls13_is_kex_mode_supported` and
the behaviour is reversed.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com > 
						
						
					 
					
						2023-12-08 10:01:58 +08:00 
						 
				 
			
				
					
						
							
							
								Pengyu Lv 
							
						 
					 
					
						
						
							
						
						0a1ff2b969 
					 
					
						
						
							
							Consistent renaming  
						
						... 
						
						
						
						Signed-off-by: Pengyu Lv <pengyu.lv@arm.com > 
						
						
					 
					
						2023-12-08 10:01:58 +08:00 
						 
				 
			
				
					
						
							
							
								Pengyu Lv 
							
						 
					 
					
						
						
							
						
						4f537f73fa 
					 
					
						
						
							
							tls13: rename mbedtls_ssl_session_check_ticket_flags  
						
						... 
						
						
						
						The function is renamed to mbedtls_ssl_session_ticket_has_flags.
Descriptions are added.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com > 
						
						
					 
					
						2023-12-08 10:01:58 +08:00 
						 
				 
			
				
					
						
							
							
								Pengyu Lv 
							
						 
					 
					
						
						
							
						
						fc2cb9632b 
					 
					
						
						
							
							tls13: rename mbedtls_ssl_conf_tls13_check_kex_modes  
						
						... 
						
						
						
						The function is renamed to
mbedtls_ssl_conf_tls13_is_kex_mode_enabled.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com > 
						
						
					 
					
						2023-12-08 10:01:57 +08:00 
						 
				 
			
				
					
						
							
							
								Pengyu Lv 
							
						 
					 
					
						
						
							
						
						60a22567e4 
					 
					
						
						
							
							tls13: change return value of mbedtls_ssl_conf_tls13_check_kex_modes  
						
						... 
						
						
						
						To keep the convention in TLS code, check functions should return 0
when check is successful.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com > 
						
						
					 
					
						2023-12-08 10:01:57 +08:00 
						 
				 
			
				
					
						
							
							
								Waleed Elmelegy 
							
						 
					 
					
						
						
							
						
						9aec1c71f2 
					 
					
						
						
							
							Add record size checking during handshake  
						
						... 
						
						
						
						Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com > 
						
						
					 
					
						2023-12-06 15:18:15 +00:00 
						 
				 
			
				
					
						
							
							
								Jan Bruckner 
							
						 
					 
					
						
						
							
						
						f482dcc6c7 
					 
					
						
						
							
							Comply with the received Record Size Limit extension  
						
						... 
						
						
						
						Fixes  #7010 
Signed-off-by: Jan Bruckner <jan@janbruckner.de > 
					
						2023-12-06 15:18:08 +00:00