Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						1038b22d74 
					 
					
						
						
							
							Reduce the level of logging used in tests  
						
						... 
						
						
						
						This should avoid running into a bug with printf format specifiers one
windows.
It's also a logical move for actual tests: I used the highest debug
level for discovery, but we don't need that all the time.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2025-03-14 09:22:09 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						6637ef798f 
					 
					
						
						
							
							New test function inject_client_content_on_the_wire()  
						
						... 
						
						
						
						Not used for real stuff so far, just getting the tooling in place.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2025-03-14 09:22:09 +01:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						855f5bf244 
					 
					
						
						
							
							Rm dead !USE_PSA code: ssl_tls13_xxx (part 1)  
						
						... 
						
						
						
						unifdef -m -DMBEDTLS_USE_PSA_CRYPTO library/ssl_tls13*.c
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com > 
						
						
					 
					
						2025-01-28 16:15:29 +01:00 
						 
				 
			
				
					
						
							
							
								Harry Ramsey 
							
						 
					 
					
						
						
							
						
						0f6bc41a22 
					 
					
						
						
							
							Update includes for each library file  
						
						... 
						
						
						
						Signed-off-by: Harry Ramsey <harry.ramsey@arm.com > 
						
						
					 
					
						2024-10-09 11:18:50 +01:00 
						 
				 
			
				
					
						
							
							
								Waleed Elmelegy 
							
						 
					 
					
						
						
							
						
						e2a6aa5369 
					 
					
						
						
							
							Improve comments explaining legacy_methods_compression handling  
						
						... 
						
						
						
						Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com > 
						
						
					 
					
						2024-06-25 18:16:16 +01:00 
						 
				 
			
				
					
						
							
							
								Waleed Elmelegy 
							
						 
					 
					
						
						
							
						
						0a9e8a3a18 
					 
					
						
						
							
							Correct a small typo in ssl_tls13_parse_client_hello()  
						
						... 
						
						
						
						Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com > 
						
						
					 
					
						2024-06-25 10:22:49 +01:00 
						 
				 
			
				
					
						
							
							
								Waleed Elmelegy 
							
						 
					 
					
						
						
							
						
						a5842ac20e 
					 
					
						
						
							
							Improve handling of legacy_compression_methods in ssl_tls13_parse_client_hello()  
						
						... 
						
						
						
						Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com > 
						
						
					 
					
						2024-06-19 15:09:48 +01:00 
						 
				 
			
				
					
						
							
							
								Waleed Elmelegy 
							
						 
					 
					
						
						
							
						
						b6e7331739 
					 
					
						
						
							
							Fix issue in handling legacy_compression_methods in ssl_tls13_parse_client_hello()  
						
						... 
						
						
						
						Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com > 
						
						
					 
					
						2024-06-11 18:45:40 +01:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						a9d4ef0998 
					 
					
						
						
							
							Fix uint32_t printed as unsigned int  
						
						... 
						
						
						
						This is ok in practice since we don't support 16-bit platforms, but it makes
`arm-none-eabi-gcc-10 -mthumb -Wformat` complain.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2024-06-03 22:16:23 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						a4b773d3bb 
					 
					
						
						
							
							Merge pull request  #6955  from inorick/nofa_no_session_tickets  
						
						... 
						
						
						
						Guard ticket specific TLS 1.3 function with macro 
						
						
					 
					
						2024-04-08 08:56:17 +00:00 
						 
				 
			
				
					
						
							
							
								Norbert Fabritius 
							
						 
					 
					
						
						
							
						
						d60aef0f1b 
					 
					
						
						
							
							Unconditionally define session variable  
						
						... 
						
						
						
						Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com > 
						
						
					 
					
						2024-03-27 08:22:53 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						1f045f3a0c 
					 
					
						
						
							
							tls13: srv: Fix guards of _is_psk_(ephemeral_)available  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-27 08:22:53 +01:00 
						 
				 
			
				
					
						
							
							
								Norbert Fabritius 
							
						 
					 
					
						
						
							
						
						96eed725e1 
					 
					
						
						
							
							Guard ticket specific TLS 1.3 function with macro  
						
						... 
						
						
						
						Guard ssl_tls13_write_new_session_ticket_coordinate with
MBEDTLS_SSL_SESSION_TICKETS macro.
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com > 
						
						
					 
					
						2024-03-27 08:22:53 +01:00 
						 
				 
			
				
					
						
							
							
								Minos Galanakis 
							
						 
					 
					
						
						
							
						
						b70f0fd9a9 
					 
					
						
						
							
							Merge branch 'development' into 'development-restricted'  
						
						... 
						
						
						
						Signed-off-by: Minos Galanakis <minos.galanakis@arm.com > 
						
						
					 
					
						2024-03-19 22:24:40 +00:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						a5c5c58107 
					 
					
						
						
							
							tls13: srv: Fix potential stack buffer overread  
						
						... 
						
						
						
						Fix potential stack buffer overread when
checking PSK binders.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-19 14:46:21 +01:00 
						 
				 
			
				
					
						
							
							
								Waleed Elmelegy 
							
						 
					 
					
						
						
							
						
						4dfb0e7c90 
					 
					
						
						
							
							Add ALPN checking when accepting early data  
						
						... 
						
						
						
						Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com > 
						
						
					 
					
						2024-03-15 12:12:15 +00:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						6bee910dbd 
					 
					
						
						
							
							Merge pull request  #8858  from waleed-elmelegy-arm/add_alpn_to_session  
						
						... 
						
						
						
						Add ALPN information in session tickets 
						
						
					 
					
						2024-03-15 09:50:24 +00:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						7b333f1e88 
					 
					
						
						
							
							Merge pull request  #8913  from ronald-cron-arm/tls13-ticket-lifetime  
						
						... 
						
						
						
						TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime 
						
						
					 
					
						2024-03-14 15:59:25 +00:00 
						 
				 
			
				
					
						
							
							
								Waleed Elmelegy 
							
						 
					 
					
						
						
							
						
						5bc5263b2c 
					 
					
						
						
							
							Add code improvments and refactoring in dealing with ALPN  
						
						... 
						
						
						
						Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com > 
						
						
					 
					
						2024-03-13 16:50:01 +00:00 
						 
				 
			
				
					
						
							
							
								Waleed Elmelegy 
							
						 
					 
					
						
						
							
						
						883f77cb08 
					 
					
						
						
							
							Add mbedtls_ssl_session_set_alpn() function  
						
						... 
						
						
						
						Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com > 
						
						
					 
					
						2024-03-13 16:50:01 +00:00 
						 
				 
			
				
					
						
							
							
								Waleed Elmelegy 
							
						 
					 
					
						
						
							
						
						2824a209bc 
					 
					
						
						
							
							Add ALPN information in session tickets  
						
						... 
						
						
						
						Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com > 
						
						
					 
					
						2024-03-13 16:50:01 +00:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						ce79488dd5 
					 
					
						
						
							
							tls13: srv: Fail connection if ticket lifetime exceed 7 days  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-10 17:42:43 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						7e1f9f290f 
					 
					
						
						
							
							Merge pull request  #8854  from ronald-cron-arm/tls13-srv-max-early-data-size  
						
						... 
						
						
						
						TLS 1.3: Enforce max_early_data_size on server 
						
						
					 
					
						2024-03-09 00:16:07 +00:00 
						 
				 
			
				
					
						
							
							
								Janos Follath 
							
						 
					 
					
						
						
							
						
						080a5171e2 
					 
					
						
						
							
							Merge pull request  #8861  from ronald-cron-arm/tls13-srv-select-kex  
						
						... 
						
						
						
						TLS 1.3: SRV: Improve key exchange mode selection 
						
						
					 
					
						2024-03-08 14:58:36 +00:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						19521ddc36 
					 
					
						
						
							
							tls13: srv: Fix/Improve debug logs  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						7cab4f885b 
					 
					
						
						
							
							tls13: srv: Fix/Improve comments  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						16cc370423 
					 
					
						
						
							
							tls13: srv: Fix initialization value  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						f602f7ba50 
					 
					
						
						
							
							tls13: srv: Code improvements  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						3811765c0c 
					 
					
						
						
							
							tls13: srv: Add/Improve comments  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						74a1629231 
					 
					
						
						
							
							tls13: srv: Move PSK ciphersuite selection up  
						
						... 
						
						
						
						Move PSK ciphersuite selection up to the main
ClientHello parsing function. That way the
ciphersuite selection only happens in this
function.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						3e47eec431 
					 
					
						
						
							
							tls13: srv: Simplify resumption detection  
						
						... 
						
						
						
						Avoid marking we resume and then
cancelling it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						e8c162d7ba 
					 
					
						
						
							
							tls13: srv: Simplify kex availability checks  
						
						... 
						
						
						
						Regarding the possibility of selecting a
key exchange mode, the check of the ticket
flags is now separated from the check of
the ClientHello content and server
configuration.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						79cdd4156f 
					 
					
						
						
							
							tls13: srv: Improve key exchange mode determination  
						
						... 
						
						
						
						For PSK based key exchange modes do not check twice
anymore if they can be selected or not. Check it
only when looping over the offered PSKs to select
one.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						1f63fe4d74 
					 
					
						
						
							
							tls13: srv: Fix resume flag in case of cancelled PSK  
						
						... 
						
						
						
						If we prefer ephemeral key exchange mode over
the pure PSK one, make sure the resume flag is
disabled as eventually we are not going to
resume a session even if we aimed to at some
point.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						cf284565c5 
					 
					
						
						
							
							tls13: srv: Determine best key exchange mode for a PSK  
						
						... 
						
						
						
						Determine best key exchange for for ticket based and
external PSKs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						89089cc69b 
					 
					
						
						
							
							tls13: srv: Factorize ciphersuite selection code  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						f7e9916b3d 
					 
					
						
						
							
							tls13: srv: Fix MBEDTLS_SSL_SESSION_TICKETS guard position  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						12e72f1664 
					 
					
						
						
							
							tls13: srv: Always parse the pre-shared key extension  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						7a30cf5954 
					 
					
						
						
							
							tls13: srv: Stop earlier identity check  
						
						... 
						
						
						
						If an identity has been determined as a
ticket identity but the ticket is not
usable, do not try to check if the
identity is that of an external
provided PSK.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						fbae94a52f 
					 
					
						
						
							
							tls13: srv: Improve ticket identity check return values  
						
						... 
						
						
						
						Improve the values returned by
ssl_tls13_offered_psks_check_identity_match_ticket().
Distinguish between the two following cases:
1) the PSK identity is not a valid ticket identity
2) the PSK identity is a valid ticket identity but
   the ticket cannot be used for session resumption.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						3cdcac5647 
					 
					
						
						
							
							tls13: srv: Fix return value  
						
						... 
						
						
						
						Fix the value returned by
ssl_tls13_offered_psks_check_identity_match_ticket()
when there is no ticket parser function defined
or no time.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						6e31127f08 
					 
					
						
						
							
							tls13: srv: Define specific return macros for binder check  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-08 08:43:41 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						139a4185b1 
					 
					
						
						
							
							Merge pull request  #8587  from yanrayw/issue/4911/ssl_setup-check-RNG-configuration  
						
						... 
						
						
						
						TLS: check RNG when calling mbedtls_ssl_setup() 
						
						
					 
					
						2024-03-08 07:38:39 +00:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						8571804382 
					 
					
						
						
							
							tls13: srv: Enforce maximum size of early data  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-01 09:29:09 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						c286519747 
					 
					
						
						
							
							tls13: srv: Do not forget to include max_early_data_size in the ticket  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-03-01 09:03:51 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						9b4e964c2c 
					 
					
						
						
							
							Merge pull request  #8760  from ronald-cron-arm/tls13-write-early-data  
						
						... 
						
						
						
						TLS 1.3: Add mbedtls_ssl_write_early_data() API 
						
						
					 
					
						2024-02-29 14:31:55 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						0ecb5fd6f5 
					 
					
						
						
							
							Merge pull request  #8574  from ronald-cron-arm/ssl-tickets  
						
						... 
						
						
						
						Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3 
						
						
					 
					
						2024-02-21 09:38:46 +00:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						5fbd27055d 
					 
					
						
						
							
							tls13: Use a flag not a counter for CCS and HRR handling  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-02-15 17:19:02 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						e273f7203d 
					 
					
						
						
							
							tls13: client: Improve CCS handling  
						
						... 
						
						
						
						Call unconditionally the CCS writing function
when sending a CCS may be necessary in the
course of an handshake. Enforce in the writing
function and only in the writing function that
only one CCS is sent.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-02-14 10:24:00 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						fe59ff794d 
					 
					
						
						
							
							tls13: Send dummy CCS only once  
						
						... 
						
						
						
						Fix cases where the client was sending
two CCS, no harm but better to send only one.
Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2024-02-06 16:43:33 +01:00