fb6cea508f
Remove duplicate mbedtls/build_info.h include
...
This commit removes duplicate includes for mbedtls/build_info.h where
the file already includes common.h.
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com >
2024-10-14 08:41:31 +01:00
e8e23fb519
Include ssl_misc.h for additional SSL helper files
...
This commit replaces #include "common.h" in favour of #include
"ssl_misc.h".
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com >
2024-10-11 12:21:30 +01:00
0f6bc41a22
Update includes for each library file
...
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com >
2024-10-09 11:18:50 +01:00
a6950b8ce7
Replace MBEDTLS_PK_CAN_ECDSA_SOME with PSA_HAVE_ALG_SOME_ECDSA
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-09-09 11:17:36 +01:00
9fc5be09cb
Replace MBEDTLS_MD_CAN_SHA1 with PSA_WANT_ALG_SHA_1
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-09-04 18:12:59 +01:00
1d98d9d861
Merge pull request #9526 from mpg/refactor-tls123-verif-dev
...
Refactor tls123 verif dev
2024-09-03 15:29:10 +00:00
9e3e991d04
Fix typos in comments
...
Co-authored-by: David Horstmann <david.horstmann@arm.com >
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
19dd9f59bc
Merge 1.2 and 1.3 certificate verification
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
7a4aa4d133
Make mbedtls_ssl_check_cert_usage() work for 1.3
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
94f70228e9
Clean up mbedtls_ssl_check_cert_usage()
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2024-09-02 12:46:03 +02:00
c15ef93aa5
Replace MBEDTLS_MD_CAN_SHA512
with PSA_WANT_ALG_SHA_512
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2024-08-28 18:20:25 +02:00
da41b60cef
Replace MBEDTLS_SSL_HAVE_CAMELLIA with PSA_WANT_KEY_TYPE_CAMELLIA
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-08-13 09:58:00 +01:00
0858fdca38
Merge pull request #9189 from misch7/fix-v3.6-issues-9186-and-9188
...
Fix build of v3.6 (issues #9186 and #9188 )
2024-08-12 09:34:17 +00:00
4394067071
Fix server mode only build of v3.6 with MBEDTLS_SSL_CLI_C unset ( fixes #9186 )
...
Signed-off-by: Michael Schuster <michael@schuster.ms >
2024-08-09 10:27:44 +01:00
e1171bd26f
Merge pull request #9361 from eleuzi01/replace-key-aria
...
Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA
2024-08-08 15:41:01 +00:00
51c85a0296
Replace MBEDTLS_SSL_HAVE_ARIA with PSA_WANT_KEY_TYPE_ARIA
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-08-07 11:33:14 +01:00
8dde3b3dec
Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-08-05 15:41:58 +01:00
74342c7c2b
Replace MBEDTLS_SSL_HAVE_CBC with PSA_WANT_ALG_CBC_NO_PADDING
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-31 16:19:15 +01:00
6121a344dd
Replace MBEDTLS_SSL_HAVE_AES with PSA_WANT_KEY_TYPE_AES
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-30 18:42:19 +01:00
b66a991f04
Replace MBEDTLS_MD_CAN_MD5 with PSA_WANT_ALG_MD5
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-18 14:31:59 +03:00
0916cd702f
Replace MBEDTLS_MD_CAN_SHA256 with PSA_WANT_ALG_SHA_256
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-11 11:13:35 +03:00
2cf41a273e
Merge pull request #9171 from eleuzi01/replace-mbedtls-md-can-sha384
...
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
2024-07-04 08:56:52 +00:00
b476d4bf21
Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-03 10:20:41 +01:00
fcc9afaf9d
Replace MBEDTLS_MD_CAN_SHA224 with PSA_WANT_ALG_SHA_224
...
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com >
2024-07-02 11:08:04 +01:00
5bc5263b2c
Add code improvments and refactoring in dealing with ALPN
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-03-13 16:50:01 +00:00
883f77cb08
Add mbedtls_ssl_session_set_alpn() function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-03-13 16:50:01 +00:00
fd4c0c8b3d
tls13: cli: Fix comment
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-12 17:48:18 +01:00
aa3593141b
tls13: cli: Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
...
Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
from ssl.h(public) to ssl_misc.h(private) even if
that means we cannot use the enum type for
early_data_state in ssl.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-12 17:48:18 +01:00
8571804382
tls13: srv: Enforce maximum size of early data
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-01 09:29:09 +01:00
d6d32b9210
tls13: Improve declaration and doc of early data status
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-15 17:19:14 +01:00
b9a9b1f5a5
tls13: Fix/Improve comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-15 17:19:14 +01:00
5fbd27055d
tls13: Use a flag not a counter for CCS and HRR handling
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-15 17:19:02 +01:00
90e223364c
tls13: cli: Refine early data status
...
The main purpose of the change is to
know from the status, at any point in
the handshake, if early data can be
sent or not and why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-06 16:43:33 +01:00
fe59ff794d
tls13: Send dummy CCS only once
...
Fix cases where the client was sending
two CCS, no harm but better to send only one.
Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-06 16:43:33 +01:00
32c28cebb4
Merge pull request #8715 from valeriosetti/issue7964
...
Remove all internal functions from public headers
2024-02-05 15:09:15 +00:00
78a38f607c
tls13: srv: Do not use early_data_status
...
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-01 20:10:35 +01:00
3b9034544e
Revert "tls13: Introduce early_data_state SSL context field"
...
This reverts commit 0883b8b625
.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-01 20:03:57 +01:00
0883b8b625
tls13: Introduce early_data_state SSL context field
...
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-01 16:45:04 +01:00
5d0ae9021f
tls13: srv: Refine early data status
...
The main purpose is to know from the status
if early data can be received of not and
why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-01 16:40:47 +01:00
25b282ebfe
x509: move internal functions declarations to a private header
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-01-19 09:07:35 +01:00
d929106f36
ssl_ciphersuites: move internal functions declarations to a private header
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-01-18 15:08:28 +01:00
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
...
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
f0ccf46713
Add minor cosmetic changes to record size limit changelog and comments
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-12 10:52:45 +00:00
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
...
Harmonise the names and return values of check functions in TLS code
2024-01-11 13:51:39 +00:00
f501790ff2
Improve comments across record size limit changes
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
148dfb6457
Change record size limit writing function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:27 +00:00
a8b4291836
tls13: add generic function to write Record Size Limit ext
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2024-01-10 16:17:27 +00:00
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
...
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
e2d3db5cfc
Update mbedtls_ssl_get_output_record_size_limit signature
...
Co-authored-by: Ronald Cron <ronald.cron@arm.com >
Signed-off-by: Waleed-Ziad Maamoun-Elmelegy <122474370+waleed-elmelegy-arm@users.noreply.github.com >
2024-01-05 14:19:16 +00:00
94a42ccb3e
Add tls13 in ticket flags helper function names
...
```
sed -i \
"s/\(mbedtls_ssl\)_\(session_\(\w*_\)\?ticket\)/\1_tls13_\2/g" \
library/*.[ch]
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 11:12:46 +08:00