mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-31 21:50:31 +03:00

Author	SHA1	Message	Date
Neil Armstrong	a33a255dcf	Disable non-PSA ECDHE code in mbedtls_ssl_psk_derive_premaster() when USE_PSA_CRYPTO is selected Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-12 14:40:47 +02:00
Glenn Strauss	236e17ec26	Introduce mbedtls_ssl_hs_cb_t typedef Inline func for mbedtls_ssl_conf_cert_cb() Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-07 14:18:30 -04:00
Manuel Pégourié-Gonnard	1b05aff3ad	Merge pull request #5624 from superna9999/5312-tls-server-ecdh TLS ECDH 3b: server-side static ECDH (1.2)	2022-04-07 11:46:25 +02:00
Neil Armstrong	f716a700a1	Rename mbedtls_ssl_handshake_params variable ecdh_psa_shared_key to ecdh_psa_privkey_is_external Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-04 11:23:46 +02:00
Ronald Cron	0e980e8e84	Merge pull request #5640 from ronald-cron-arm/version-negotiation-2 TLS 1.2/1.3 version negotiation - 2	2022-04-01 12:29:06 +02:00
Manuel Pégourié-Gonnard	33a9d61885	Merge pull request #5638 from paul-elliott-arm/ssl_cid_accessors Accessors to own CID within mbedtls_ssl_context	2022-04-01 11:36:00 +02:00
Manuel Pégourié-Gonnard	451114fe42	Merge pull request #5647 from superna9999/5179-follow-up-tls-record-hmac-no-mdinfo Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined	2022-04-01 10:04:56 +02:00
Paul Elliott	0113cf1022	Add accessor for own cid to ssl context Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-03-31 19:21:41 +01:00
Neil Armstrong	8113d25d1e	Add ecdh_psa_shared_key flag to protect PSA privkey if imported Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-31 15:24:17 +02:00
Ronald Cron	a980adf4ce	Merge pull request #5637 from ronald-cron-arm/version-negotiation-1 TLS 1.2/1.3 version negotiation - 1	2022-03-31 11:47:16 +02:00
Ronald Cron	1fa4f6863b	ssl_tls.c: Return in error if default config fails Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:27:35 +02:00
Ronald Cron	37bdaab64f	tls: Simplify the logic of the config version check and test it Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-31 09:26:58 +02:00
Neil Armstrong	e451295179	Remove md_info in ssl_tls12_populate_transform() when USE_PSA_CRYPTO is defined Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-30 16:41:12 +02:00
Manuel Pégourié-Gonnard	3304f253d7	Merge pull request #5653 from paul-elliott-arm/handshake_over Add mbedtls_ssl_is_handshake_over()	2022-03-30 12:16:40 +02:00
Ronald Cron	f660655b84	TLS: Allow hybrid TLS 1.2/1.3 in default configurations This implies that when both TLS 1.2 and TLS 1.3 are included in the build all the TLS 1.2 tests using the default configuration now go through a version negotiation on the client side. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	e71639d39b	Simplify TLS major version default value setting Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	9f0fba374c	Add logic to switch to TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	e1d3f06399	Allow hybrid TLS 1.3 + TLS 1.2 configuration Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	fbd9f99f10	ssl_tls.c: Move some client specific functions to ssl_client.c Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	27c85e743f	ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	8f6d39a81d	Make some handshake TLS 1.3 utility routines available for TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	086ee0be0e	ssl_tls.c: Reject TLS 1.3 version configuration for server Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	a25cf58681	ssl_tls.c: Remove one unnecessary minor version check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	c2f13a0568	ssl_tls.c: Modify mbedtls_ssl_set_calc_verify_md() Modify mbedtls_ssl_set_calc_verify_md() taking into account that it is an TLS 1.2 only function. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	4dcbca952e	ssl_tls.c: Move mbedtls_ssl_set_calc_verify_md() to TLS 1.2 section In ssl_tls.c, move mbedtls_ssl_set_calc_verify_md() under the "if defined(MBEDTLS_SSL_PROTO_TLS1_2)" pre-processor directive as it is specific to TLS 1.2. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	81591aa0f3	ssl_tls.c: Remove ssl_set_handshake_prfs unnecessary minor_ver param ssl_set_handshake_prfs() is TLS 1.2 specific and only called from TLS 1.2 only code thus no need to pass the TLS minor version of the currebt session. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	f12b81d387	ssl_tls.c: Fix PSA ECDH private key destruction In TLS 1.3, a PSA ECDH private key may be created even if MBEDTLS_SSL_USA_PSA_CRYPTO is disabled. We must destroy this key if still referenced by an handshake context when we free such context. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	8540cf66ac	ssl_tls.c: Propose PKCS1 v1.5 signatures with SHA_384/512 In case of TLS 1.3 and hybrid TLS 1.2/1.3, propose PKCS1 v1.5 signatures with SHA_384/512 not only SHA_256. There is no point in not proposing them if they are available. In TLS 1.3 those could be useful for certificate signature verification. In hybrid TLS 1.2/1.3 this allows to propose for TLS 1.2 the same set of signature algorithms. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Manuel Pégourié-Gonnard	39f2f73e69	Merge pull request #5630 from ronald-cron-arm/restore-full-compat-testing Restore full TLS compatibility testing	2022-03-28 18:31:17 +02:00
Ronald Cron	fb39f15fa1	ssl_tls.c: Use ETM status only in CBC mode case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-25 16:50:18 +01:00
XiaokangQian	9b93c0dd8d	Change cookie parameters for dtls and tls 1.3 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-25 07:50:56 +00:00
Paul Elliott	27b0d94e25	Use mbedtls_ssl_is_handshake_over() Switch over to using the new function both internally and in tests. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2022-03-24 14:43:52 +00:00
Manuel Pégourié-Gonnard	f4042f076b	Merge pull request #5573 from superna9999/5176-5177-5178-5179-tsl-record-hmac TLS record HMAC	2022-03-21 11:36:44 +01:00
Ronald Cron	8d7afc642c	Merge pull request #5523 from ronald-cron-arm/one-flush-output-development TLS 1.3: One flush output	2022-03-21 08:44:04 +01:00
Neil Armstrong	29c0c040fc	Only make PSA HMAC key exportable when NULL or CBC & not EtM in ssl_tls12_populate_transform() This requires moving the HMAC init after CIPHER init. Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-18 11:10:09 +01:00
Ronald Cron	3f20b77517	Improve comment Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	66dbf9118e	TLS 1.3: Do not send handshake data in handshake step handlers Send data (call to mbedtls_ssl_flush_output()) only from the loop over the handshake steps. That way, we do not have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE error code) on the network in handshake step handlers. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Neil Armstrong	6828d8fdc4	Return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if MAC algorithm isn't supported in ssl_tls.c Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-02 15:37:11 +01:00
Neil Armstrong	321116c755	Remove spurious debug in ssl_tls12_populate_transform() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-03-02 15:06:15 +01:00
Glenn Strauss	6989407261	Add accessor to retrieve SNI during handshake Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-25 19:55:53 -05:00
Glenn Strauss	36872dbd0b	Provide means to reset handshake cert list Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list if cert provided is null. Previously, mbedtls_ssl_set_hs_own_cert() only provided a way to append to the handshake certificate list, without providing a way to replace the handshake certificate list. Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-25 19:55:48 -05:00
Glenn Strauss	2ed95279c0	Add server certificate selection callback https://github.com/ARMmbed/mbedtls/issues/5430 Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-25 17:31:49 -05:00
Neil Armstrong	e858996413	Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf() Due to mbedtls_ct_hmac() implementation the decryption MAC key must be exportable. Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-25 15:17:50 +01:00
Neil Armstrong	cf8841a076	Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test. Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-25 15:16:49 +01:00
Neil Armstrong	0760ade761	Setup & Import HMAC keys in ssl_tls12_populate_transform() Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-25 15:16:49 +01:00
Neil Armstrong	39b8e7dde4	Add, Initialize & Free HMAC keys in mbedtls_ssl_transform Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-02-23 09:24:57 +01:00
Gilles Peskine	c63a1e0e15	Fix mbedtls_ssl_get_version() for TLSv1.3 Test it in ssl-opt.sh. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Gilles Peskine	e1a0c25f71	New function to access the TLS version from a context as an enum Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-02-21 15:14:01 +01:00
Jerry Yu	f1b23caa4e	move wrong comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00
Jerry Yu	18621dfd23	remove extra empty line Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:01 +08:00

... 8 9 10 11 12 ...

2014 Commits