a2a0c2cbe7
Merge remote-tracking branch 'origin/features/tls-defragmentation/development' into feature_merge_defragmentation_dev
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com >
2025-03-12 15:25:06 +00:00
15fd5c9925
ssl: remove support for MBEDTLS_DHM_C
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2025-03-05 10:11:23 +01:00
28f8e205eb
Merge pull request #9872 from rojer/tls_hs_defrag_in
...
Defragment incoming TLS handshake messages
2025-02-24 09:28:11 +01:00
2547ae9fcc
Move SSL macro checks from TF-PSA-Crypto to Mbed TLS
...
This commit moves macro checks specifically for Mbed TLS from
TF-PSA-Crypto to Mbed TLS where they more approriately belong.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com >
2025-01-31 13:58:43 +00:00
072c98eb75
Remove empty #if #endif block
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-29 10:40:15 +01:00
53fe26c5ad
Update a function's doxygen
...
There was two versions of this function with different arguments. Update
the documentation to match the signature of the function we kept.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:44:15 +01:00
615914b5ac
Rm dead !USE_PSA code: SSL headers (part 2)
...
Expression that are too complex for unifdef - please review carefully :)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:15:14 +01:00
11ae619e77
Rm dead !USE_PSA code: SSL headers (part 1)
...
unifdef -m -DMBEDTLS_USE_PSA_CRYPTO {library,include/mbedtls}/ssl*.h
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-28 16:15:04 +01:00
3dfe75e115
Remove mbedtls_ssl_reset_in_out_pointers
...
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me >
2025-01-26 11:12:21 +02:00
6402c35eca
Remove internal helper mbedtls_ssl_get_groups()
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-14 12:23:56 +01:00
6b720161ca
Remove mbedtls_ssl_conf::curve_list
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2025-01-14 12:17:20 +01:00
ac2cf1f26c
Defragment incoming TLS handshake messages
...
Signed-off-by: Deomid rojer Ryabkov <rojer@rojer.me >
2024-12-25 14:34:17 +02:00
51f228cc1b
Switch to actual TF-PSA-Crypto build_info.h
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-12-11 22:32:45 +01:00
fb6cea508f
Remove duplicate mbedtls/build_info.h include
...
This commit removes duplicate includes for mbedtls/build_info.h where
the file already includes common.h.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com >
2024-10-14 08:41:31 +01:00
e8e23fb519
Include ssl_misc.h for additional SSL helper files
...
This commit replaces #include "common.h" in favour of #include
"ssl_misc.h".
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com >
2024-10-11 12:21:30 +01:00
0f6bc41a22
Update includes for each library file
...
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com >
2024-10-09 11:18:50 +01:00
a6950b8ce7
Replace MBEDTLS_PK_CAN_ECDSA_SOME with PSA_HAVE_ALG_SOME_ECDSA
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-09-09 11:17:36 +01:00
9fc5be09cb
Replace MBEDTLS_MD_CAN_SHA1 with PSA_WANT_ALG_SHA_1
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-09-04 18:12:59 +01:00
1d98d9d861
Merge pull request #9526 from mpg/refactor-tls123-verif-dev
...
Refactor tls123 verif dev
2024-09-03 15:29:10 +00:00
9e3e991d04
Fix typos in comments
...
Co-authored-by: David Horstmann <david.horstmann@arm.com >
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
19dd9f59bc
Merge 1.2 and 1.3 certificate verification
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
7a4aa4d133
Make mbedtls_ssl_check_cert_usage() work for 1.3
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
94f70228e9
Clean up mbedtls_ssl_check_cert_usage()
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
c15ef93aa5
Replace MBEDTLS_MD_CAN_SHA512 with PSA_WANT_ALG_SHA_512
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2024-08-28 18:20:25 +02:00
da41b60cef
Replace MBEDTLS_SSL_HAVE_CAMELLIA with PSA_WANT_KEY_TYPE_CAMELLIA
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-08-13 09:58:00 +01:00
0858fdca38
Merge pull request #9189 from misch7/fix-v3.6-issues-9186-and-9188
...
Fix build of v3.6 (issues #9186 and #9188 )
2024-08-12 09:34:17 +00:00
4394067071
Fix server mode only build of v3.6 with MBEDTLS_SSL_CLI_C unset ( fixes #9186 )
...
Signed-off-by: Michael Schuster <michael@schuster.ms >
2024-08-09 10:27:44 +01:00
e1171bd26f
Merge pull request #9361 from eleuzi01/replace-key-aria
...
Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA
2024-08-08 15:41:01 +00:00
51c85a0296
Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-08-07 11:33:14 +01:00
8dde3b3dec
Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-08-05 15:41:58 +01:00
74342c7c2b
Replace MBEDTLS_SSL_HAVE_CBC with PSA_WANT_ALG_CBC_NO_PADDING
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-31 16:19:15 +01:00
6121a344dd
Replace MBEDTLS_SSL_HAVE_AES with PSA_WANT_KEY_TYPE_AES
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-30 18:42:19 +01:00
b66a991f04
Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-18 14:31:59 +03:00
0916cd702f
Replace MBEDTLS_MD_CAN_SHA256 with PSA_WANT_ALG_SHA_256
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-11 11:13:35 +03:00
2cf41a273e
Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384
...
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
2024-07-04 08:56:52 +00:00
b476d4bf21
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-03 10:20:41 +01:00
fcc9afaf9d
Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-02 11:08:04 +01:00
5bc5263b2c
Add code improvments and refactoring in dealing with ALPN
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-03-13 16:50:01 +00:00
883f77cb08
Add mbedtls_ssl_session_set_alpn() function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-03-13 16:50:01 +00:00
fd4c0c8b3d
tls13: cli: Fix comment
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-12 17:48:18 +01:00
aa3593141b
tls13: cli: Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
...
Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
from ssl.h(public) to ssl_misc.h(private) even if
that means we cannot use the enum type for
early_data_state in ssl.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-12 17:48:18 +01:00
8571804382
tls13: srv: Enforce maximum size of early data
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-01 09:29:09 +01:00
d6d32b9210
tls13: Improve declaration and doc of early data status
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-15 17:19:14 +01:00
b9a9b1f5a5
tls13: Fix/Improve comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-15 17:19:14 +01:00
5fbd27055d
tls13: Use a flag not a counter for CCS and HRR handling
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-15 17:19:02 +01:00
90e223364c
tls13: cli: Refine early data status
...
The main purpose of the change is to
know from the status, at any point in
the handshake, if early data can be
sent or not and why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-06 16:43:33 +01:00
fe59ff794d
tls13: Send dummy CCS only once
...
Fix cases where the client was sending
two CCS, no harm but better to send only one.
Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-06 16:43:33 +01:00
32c28cebb4
Merge pull request #8715 from valeriosetti/issue7964
...
Remove all internal functions from public headers
2024-02-05 15:09:15 +00:00
78a38f607c
tls13: srv: Do not use early_data_status
...
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-01 20:10:35 +01:00
3b9034544e
Revert "tls13: Introduce early_data_state SSL context field"
...
This reverts commit 0883b8b625ronald.cron@arm.com >
2024-02-01 20:03:57 +01:00
