1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-10 21:01:41 +03:00
Commit Graph

545 Commits

Author SHA1 Message Date
fb6cea508f Remove duplicate mbedtls/build_info.h include
This commit removes duplicate includes for mbedtls/build_info.h where
the file already includes common.h.

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-10-14 08:41:31 +01:00
e8e23fb519 Include ssl_misc.h for additional SSL helper files
This commit replaces #include "common.h" in favour of #include
"ssl_misc.h".

Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-10-11 12:21:30 +01:00
0f6bc41a22 Update includes for each library file
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-10-09 11:18:50 +01:00
a6950b8ce7 Replace MBEDTLS_PK_CAN_ECDSA_SOME with PSA_HAVE_ALG_SOME_ECDSA
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-09-09 11:17:36 +01:00
9fc5be09cb Replace MBEDTLS_MD_CAN_SHA1 with PSA_WANT_ALG_SHA_1
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-09-04 18:12:59 +01:00
1d98d9d861 Merge pull request #9526 from mpg/refactor-tls123-verif-dev
Refactor tls123 verif dev
2024-09-03 15:29:10 +00:00
9e3e991d04 Fix typos in comments
Co-authored-by: David Horstmann <david.horstmann@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
19dd9f59bc Merge 1.2 and 1.3 certificate verification
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
7a4aa4d133 Make mbedtls_ssl_check_cert_usage() work for 1.3
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
94f70228e9 Clean up mbedtls_ssl_check_cert_usage()
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-09-02 12:46:03 +02:00
c15ef93aa5 Replace MBEDTLS_MD_CAN_SHA512 with PSA_WANT_ALG_SHA_512
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2024-08-28 18:20:25 +02:00
da41b60cef Replace MBEDTLS_SSL_HAVE_CAMELLIA with PSA_WANT_KEY_TYPE_CAMELLIA
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-08-13 09:58:00 +01:00
0858fdca38 Merge pull request #9189 from misch7/fix-v3.6-issues-9186-and-9188
Fix build of v3.6 (issues #9186 and #9188)
2024-08-12 09:34:17 +00:00
4394067071 Fix server mode only build of v3.6 with MBEDTLS_SSL_CLI_C unset (fixes #9186)
Signed-off-by: Michael Schuster <michael@schuster.ms>
2024-08-09 10:27:44 +01:00
e1171bd26f Merge pull request #9361 from eleuzi01/replace-key-aria
Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA
2024-08-08 15:41:01 +00:00
51c85a0296 Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-08-07 11:33:14 +01:00
8dde3b3dec Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-08-05 15:41:58 +01:00
74342c7c2b Replace MBEDTLS_SSL_HAVE_CBC with PSA_WANT_ALG_CBC_NO_PADDING
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-31 16:19:15 +01:00
6121a344dd Replace MBEDTLS_SSL_HAVE_AES with PSA_WANT_KEY_TYPE_AES
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-30 18:42:19 +01:00
b66a991f04 Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-18 14:31:59 +03:00
0916cd702f Replace MBEDTLS_MD_CAN_SHA256 with PSA_WANT_ALG_SHA_256
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-11 11:13:35 +03:00
2cf41a273e Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
2024-07-04 08:56:52 +00:00
b476d4bf21 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-03 10:20:41 +01:00
fcc9afaf9d Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-02 11:08:04 +01:00
5bc5263b2c Add code improvments and refactoring in dealing with ALPN
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-03-13 16:50:01 +00:00
883f77cb08 Add mbedtls_ssl_session_set_alpn() function
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-03-13 16:50:01 +00:00
fd4c0c8b3d tls13: cli: Fix comment
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-12 17:48:18 +01:00
aa3593141b tls13: cli: Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
from ssl.h(public) to ssl_misc.h(private) even if
that means we cannot use the enum type for
early_data_state in ssl.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-12 17:48:18 +01:00
8571804382 tls13: srv: Enforce maximum size of early data
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-01 09:29:09 +01:00
d6d32b9210 tls13: Improve declaration and doc of early data status
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:14 +01:00
b9a9b1f5a5 tls13: Fix/Improve comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:14 +01:00
5fbd27055d tls13: Use a flag not a counter for CCS and HRR handling
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:02 +01:00
90e223364c tls13: cli: Refine early data status
The main purpose of the change is to
know from the status, at any point in
the handshake, if early data can be
sent or not and why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
fe59ff794d tls13: Send dummy CCS only once
Fix cases where the client was sending
two CCS, no harm but better to send only one.

Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
32c28cebb4 Merge pull request #8715 from valeriosetti/issue7964
Remove all internal functions from public headers
2024-02-05 15:09:15 +00:00
78a38f607c tls13: srv: Do not use early_data_status
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:10:35 +01:00
3b9034544e Revert "tls13: Introduce early_data_state SSL context field"
This reverts commit 0883b8b625.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:03:57 +01:00
0883b8b625 tls13: Introduce early_data_state SSL context field
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:04 +01:00
5d0ae9021f tls13: srv: Refine early data status
The main purpose is to know from the status
if early data can be received of not and
why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
25b282ebfe x509: move internal functions declarations to a private header
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-19 09:07:35 +01:00
d929106f36 ssl_ciphersuites: move internal functions declarations to a private header
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-18 15:08:28 +01:00
f1ba1933cf Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
f0ccf46713 Add minor cosmetic changes to record size limit changelog and comments
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-12 10:52:45 +00:00
ae2213c307 Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
Harmonise the names and return values of check functions in TLS code
2024-01-11 13:51:39 +00:00
f501790ff2 Improve comments across record size limit changes
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
148dfb6457 Change record size limit writing function
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
a8b4291836 tls13: add generic function to write Record Size Limit ext
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
3a6059beca Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
e2d3db5cfc Update mbedtls_ssl_get_output_record_size_limit signature
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Waleed-Ziad Maamoun-Elmelegy <122474370+waleed-elmelegy-arm@users.noreply.github.com>
2024-01-05 14:19:16 +00:00
94a42ccb3e Add tls13 in ticket flags helper function names
```
sed -i \
"s/\(mbedtls_ssl\)_\(session_\(\w*_\)\?ticket\)/\1_tls13_\2/g" \
library/*.[ch]
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 11:12:46 +08:00