mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-30 10:45:34 +03:00

Author	SHA1	Message	Date
Anton Matkin	6eb5335ef0	Fixed issues with policy verification, since wildcard JPAKE policy is now disallowed, changed to concrete jpake algorithm (with SHA256 hash) Signed-off-by: Anton Matkin <anton.matkin@arm.com>	2025-08-12 13:50:48 +02:00
Anton Matkin	1b70084bd9	TF-PSA-Crypto submodule link fixup Signed-off-by: Anton Matkin <anton.matkin@arm.com>	2025-08-12 13:50:45 +02:00
Ben Taylor	cdc191b500	Correct code style Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-07-30 07:55:14 +01:00
Ben Taylor	98ecfdb440	corrected code style Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-07-30 07:55:14 +01:00
Ben Taylor	62278dc93d	remove MBEDTLS_USE_PSA_CRYPTO from ssl progs Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-07-30 07:55:14 +01:00
Ben Taylor	6bcdd67f83	Update ssl progs to restore build Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-07-30 07:55:14 +01:00
Ben Taylor	4bb98be277	initial remove of MBEDTLS_USE_PSA_CRYPTO Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-07-30 07:55:13 +01:00
Ben Taylor	c801d3293e	include private pk.h internally Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-07-17 15:18:53 +01:00
Manuel Pégourié-Gonnard	92a9bd345c	Remove call to pk_decrypt() in ssl_server2 We no longer use decrypt TLS 1.2 (never did in 1.3) so we no longer need this path. Further simplifications could probably be made (we currently have an enum type with only one possible value...) but for now I'm trying to keep changes minimal. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2025-05-20 12:04:26 +02:00
Max Fillinger	22728dc5e3	Use mbedtls_calloc, not regular calloc Also fix the allocation size. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:08:12 +01:00
Max Fillinger	144cccecb7	Fix memory leak in example programs Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:08:12 +01:00
Max Fillinger	2fe35f61bf	Create MBEDTLS_SSL_KEYING_MATERIAL_EXPORT option Add the option MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to mbedtls_config.h to control if the function mbedtls_ssl_export_keying_material() should be available. By default, the option is disabled. This is because the exporter for TLS 1.2 requires client_random and server_random need to be stored after the handshake is complete. Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 16:53:58 +01:00
Max Fillinger	281fb79116	Remove TLS 1.2 Exporter if we don't have randbytes The TLS-Exporter in TLS 1.2 requires client_random and server_random. Unless MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined, these aren't stored after the handshake is completed. Therefore, mbedtls_ssl_export_keying_material() exists only if either MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined or MBEDTLS_SSL_PROTO_TLS1_2 is not defined. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:58 +01:00
Max Fillinger	dbe864569e	Fix typos in comments Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:58 +01:00
Max Fillinger	7b72220d42	Fix coding style Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 16:53:58 +01:00
Max Fillinger	32ba7f4a17	Add TLS-Exporter options to ssl_server2 The program prints out the derived symmetric key for testing purposes. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:57 +01:00
Ben Taylor	47111a1cb1	initial remove of mbedtls_ssl_conf_rng Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-03-26 13:32:10 +00:00
Ben Taylor	440cb2aac2	Remove RNG from x509 and PK remove the f_rng and p_rng parameter from x509 and PK. Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-03-26 08:17:38 +00:00
Gabor Mezei	e99e591179	Remove key exchange based on encryption/decryption Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2025-03-20 17:53:07 +01:00
Ben Taylor	0cfe54e4e0	remove RNG parameters from SSL API's Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-03-10 13:24:31 +00:00
Valerio Setti	73cd415c0b	programs: remove DHM_C from ssl_client2 and ssl_server2 MBEDTLS_DHM_C is being removed so all its occurencies should be removed as well. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-03-05 10:11:22 +01:00
Ben Taylor	837130cf65	Improve Changelog and correct alg selection Improve the description of the API changes in the changelog and fix some incorrect alg selection variables in ssl_server2.c. Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-02-04 07:50:19 +00:00
Ben Taylor	0c29cf87b1	Move ssl_ticket to the PSA API Convert the mbedtl_ssl_ticket_setup function to use the TF_PSA_Crypto API. Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-01-30 08:22:40 +00:00
Elena Uziunaite	8d8620bf18	Address review comments: add PSA_WANT_KEY_TYPE_ECC_KEY_PAIR_IMPORT Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-09-09 11:18:10 +01:00
Elena Uziunaite	a6950b8ce7	Replace MBEDTLS_PK_CAN_ECDSA_SOME with PSA_HAVE_ALG_SOME_ECDSA Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-09-09 11:17:36 +01:00
Gilles Peskine	99b57bd35a	Merge pull request #1272 from eleuzi01/forward-1263 Fix 1.3 cli-auth optional reporting of (ext)KeyUsage issues	2024-08-28 19:38:36 +02:00
Manuel Pégourié-Gonnard	92a391e0fe	Always print detailed cert errors in test programs Previously the client was only printing them on handshake success, and the server was printing them on success and some but not all failures. This makes ssl-opt.sh more consistent as we can always check for the presence of the expected message in the output, regardless of whether the failure is hard or soft. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-08-16 17:24:05 +01:00
Gilles Peskine	0858fdca38	Merge pull request #9189 from misch7/fix-v3.6-issues-9186-and-9188 Fix build of v3.6 (issues #9186 and #9188)	2024-08-12 09:34:17 +00:00
Michael Schuster	f672b694fa	Use correct conditionals in programs/ssl (fix unused-function errors) Signed-off-by: Michael Schuster <michael@schuster.ms>	2024-08-09 10:29:59 +01:00
Michael Schuster	0420093795	Adjust spacing in sample programs Signed-off-by: Michael Schuster <michael@schuster.ms>	2024-08-09 10:29:58 +01:00
Michael Schuster	8db8d6182f	Fix missing-prototype errors in sample programs Signed-off-by: Michael Schuster <michael@schuster.ms>	2024-08-09 10:29:58 +01:00
Elena Uziunaite	8dde3b3dec	Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-08-05 15:41:58 +01:00
Elena Uziunaite	b476d4bf21	Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384 Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-03 10:20:41 +01:00
Ronald Cron	74191a56e8	ssl_server2: Split early data enablement from max_early_data_size setting Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-14 20:00:42 +01:00
Valerio Setti	7541ebea52	programs: remove usage of mbedtls_pk_wrap_as_opaque() from tests This is replaced with: mbedtls_pk_get_psa_attributes() + mbedtls_pk_import_into_psa() + mbedtls_pk_setup_opaque(). Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-27 10:44:33 +01:00
Manuel Pégourié-Gonnard	0ecb5fd6f5	Merge pull request #8574 from ronald-cron-arm/ssl-tickets Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3	2024-02-21 09:38:46 +00:00
Jerry Yu	192e0f9b1d	ssl_server2: Add read early data support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Ronald Cron	d1c106c787	Define ticket creation time in TLS 1.2 case as well The purpose of this change is to eventually base the calculation in ssl_ticket.c of the ticket age when parsing a ticket on the ticket creation time both in TLS 1.2 and TLS 1.3 case. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:58:19 +01:00
Tom Cosgrove	3a6059beca	Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit Comply with the received Record Size Limit extension	2024-01-09 15:22:17 +00:00
Jan Bruckner	f482dcc6c7	Comply with the received Record Size Limit extension Fixes #7010 Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-12-06 15:18:08 +00:00
Jerry Yu	750e06743f	remove misbehavior tests and code Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:22:15 +08:00
Jerry Yu	ea96ac3da9	fix various issues - get ticket_flags with function. - improve output message and check it. - improve `ssl_server2` help message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:17:37 +08:00
Jerry Yu	3c2b21ed0e	Enable multi max_early_data_size value for connections For test purpose, we set different value for each session Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:14:56 +08:00
Jerry Yu	713ce1f889	various improvement - improve change log entry - improve comments - remove unnecessary statement - change type of client_age Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:59:25 +08:00
Jerry Yu	cf9135100e	fix various issues - fix CI failure due to wrong usage of ticket_lifetime - Improve document and comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	25ba4d40ef	rename `ticket_creation` to `ticket_creation_time` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	3ff0b1fda3	Cleanup ticket negative tests. - improve comments - case 3/4 is for server age check. - case 5/6 is for client age check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Jerry Yu	ec6d07870d	Replace `start` with `ticket_creation` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Jerry Yu	f16efbc78d	fix various issues - Add comments for ticket test hooks - improve code style. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00
Jerry Yu	cebffc3446	change time unit of ticket to milliseconds Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:18 +08:00

1 2 3 4 5 ...

714 Commits