lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00
Code Activity
31,141 Commits 176 Branches 276 Tags
ad6d1ceeefa3adc95d0c7fa6ad10b901673899bb
Commit Graph

2014 Commits

Author SHA1 Message Date
Gilles Peskine
4efd1645e8 Merge pull request #8983 from Troy-Butler/handle-null-args 
Fix NULL argument handling in mbedtls_xxx_free() functions
 2024-07-04 14:50:55 +00:00
Ronald Cron
2cf41a273e Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384 
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
 2024-07-04 08:56:52 +00:00
Elena Uziunaite
b476d4bf21 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-03 10:20:41 +01:00
Elena Uziunaite
fcc9afaf9d Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224 
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
 2024-07-02 11:08:04 +01:00
Tom Cosgrove
f41272099b Merge pull request #9242 from sezrab/fix-function-parameter 
Fix incorrect array length in function prototype
 2024-06-13 07:55:50 +00:00
Sam Berry
3504c88916 Fix incorrect array length in function prototype 
Issue #9179 (MBEDTLS_SSL_CID_OUT_LEN_MAX changed to
MBEDTLS_SSL_CID_IN_LEN_MAX in library\ssl.h and library\ssl_tls.c)

Signed-off-by: Sam Berry <sam.berry@arm.com>
 2024-06-11 14:46:31 +01:00
lhuang04
54adeab866 set psk to null in ssl_psk_remove 
Summary:
set the psk to null after it is released.

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2024-06-10 12:17:11 -07:00
Manuel Pégourié-Gonnard
a4b773d3bb Merge pull request #6955 from inorick/nofa_no_session_tickets 
Guard ticket specific TLS 1.3 function with macro
 2024-04-08 08:56:17 +00:00
Ronald Cron
233fcaadbf tls13: Do not initiate at all resumption if tickets not supported 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-04 15:52:40 +02:00
Troy-Butler
da73abc8d7 Fix NULL handling in mbedtls_ssl_config.free() function 
Signed-off-by: Troy-Butler <squintik@outlook.com>
 2024-04-02 13:37:31 -04:00
Norbert Fabritius
d36913a58f Constify parameter of ssl_tls13_session_load 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Minos Galanakis
b70f0fd9a9 Merge branch 'development' into 'development-restricted' 
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
 2024-03-19 22:24:40 +00:00
Waleed Elmelegy
4dfb0e7c90 Add ALPN checking when accepting early data 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-15 12:12:15 +00:00
Waleed Elmelegy
131b2ffd89 Fix bug in ALPN negotiating 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-15 12:12:15 +00:00
Waleed Elmelegy
b28ab0a45a Fix code style in ssl_tls.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
daa4da781a Increase ALPN length in saved session to 2 bytes 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
7dfba34475 Fix possible overflow in ALPN length when saving session 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
75e33fa12e Fix code style in ssl_tls.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
fe9ae085e3 Update serialized session description with ALPN information 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
1102563685 Add ALPN bit flag to session header 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
883f77cb08 Add mbedtls_ssl_session_set_alpn() function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
2824a209bc Add ALPN information in session tickets 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Ronald Cron
05d7cfbd9c tls13: cli: Rename STATE_UNKNOWN to STATE_IDLE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
d2884662c1 tls13: cli: Split early data user status and internal state 
Do not use the return values of
mbedtls_ssl_get_early_data_status()
(MBEDTLS_SSL_EARLY_DATA_STATUS_ macros)
for the state of the negotiation and
transfer of early data during the
handshake.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:15 +01:00
David Horstmann
93fa4e1b87 Merge branch 'development' into buffer-sharing-merge 2024-03-12 15:05:06 +00:00
Ronald Cron
7e1f9f290f Merge pull request #8854 from ronald-cron-arm/tls13-srv-max-early-data-size 
TLS 1.3: Enforce max_early_data_size on server
 2024-03-09 00:16:07 +00:00
Ronald Cron
139a4185b1 Merge pull request #8587 from yanrayw/issue/4911/ssl_setup-check-RNG-configuration 
TLS: check RNG when calling mbedtls_ssl_setup()
 2024-03-08 07:38:39 +00:00
David Horstmann
71fa1a94e7 Fix code style 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 12:32:18 +00:00
David Horstmann
76ba26a542 Fixup: add peer_cert_digest_type to comment 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 12:03:35 +00:00
David Horstmann
f686f1dc17 Fix naming inconsistencies in config bits 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-01 11:20:32 +00:00
Ronald Cron
19bfe0a631 tls13: Rename early_data_count to total_early_data_size 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:29:16 +01:00
Ronald Cron
26a9811027 ssl: Add early_data_count field 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-01 09:03:51 +01:00
David Horstmann
531aca2810 Fix missing fields in ssl session struct comment 
The endpoint and version were factorized out into the main session.
Update the session struct comment to reflect these new fields, as was
previously missed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 18:14:28 +00:00
David Horstmann
cb01b361e1 Move session descriptions into a single comment 
Describe the TLS 1.2, TLS 1.3 and full session structs in the same
place for ease of reference.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 18:10:13 +00:00
David Horstmann
80a9668762 Add config guards to session struct comments 
This shows which fields of the session are dependent on which config
options.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 18:00:32 +00:00
David Horstmann
e59f970f28 Move session functions to same part of file 
Ensure that session save and load functions are not scattered
throughout ssl_tls.c but are in the same part of the file.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 17:50:44 +00:00
David Horstmann
92b258bb50 Update ssl session serialization config bitflag 
Add config bits for server name indication, early data and record size
limit, which all cause the serialized session to be structured
differently.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 17:41:31 +00:00
David Horstmann
5c5a32f52a Add session config bit for KEEP_PEER_CERTIFICATE 
This config option decides whether the session stores the entire
certificate or just a digest of it, but was missing from the
serialization config bitflag.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-02-29 17:41:31 +00:00
Manuel Pégourié-Gonnard
0ecb5fd6f5 Merge pull request #8574 from ronald-cron-arm/ssl-tickets 
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
 2024-02-21 09:38:46 +00:00
Manuel Pégourié-Gonnard
e6c80bc6e5 Merge pull request #8755 from ronald-cron-arm/tls13-client-early-data-status 
TLS 1.3: Refine and test client early data status
 2024-02-13 20:36:42 +00:00
Ronald Cron
a93e25e749 tls12: Fix documentation of TLS 1.2 session serialized data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-09 10:01:30 +01:00
Ronald Cron
195c0bc24e tls: Reset TLS maximum negotiable version 
When reseting an SSL context with
mbedtls_ssl_session_reset() reset
the TLS maximum negotiable version
as configured.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-08 11:54:55 +01:00
Tom Cosgrove
c8de362202 Merge pull request #8665 from ivq/reduce_static_mem 
Reduce many unnecessary static memory consumption
 2024-02-07 23:26:27 +00:00
Ronald Cron
90e223364c tls13: cli: Refine early data status 
The main purpose of the change is to
know from the status, at any point in
the handshake, if early data can be
sent or not and why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-06 16:43:33 +01:00
Manuel Pégourié-Gonnard
5c9cc0b30f Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected 
TLS 1.3: SRV: Ignore early data when rejected
 2024-02-06 13:16:03 +00:00
Chien Wong
4e9683e818 Reduce many unnecessary static memory consumption 
.data section of ssl_client1 becomes 320 bytes smaller on AMD64.

Signed-off-by: Chien Wong <m@xv97.com>
 2024-02-06 17:50:44 +08:00
Manuel Pégourié-Gonnard
32c28cebb4 Merge pull request #8715 from valeriosetti/issue7964 
Remove all internal functions from public headers
 2024-02-05 15:09:15 +00:00
Jerry Yu
4caf3ca08c tls13: srv: Add discard_early_data_record SSL field 
Add discard_early_data_record in SSL context for
the record layer to know if it has to discard
some potential early data record and how.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-02 17:31:20 +01:00
Ronald Cron
78a38f607c tls13: srv: Do not use early_data_status 
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 20:10:35 +01:00
Ronald Cron
3b9034544e Revert "tls13: Introduce early_data_state SSL context field" 
This reverts commit 0883b8b625.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-02-01 20:03:57 +01:00