1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-10 21:01:41 +03:00
Commit Graph

482 Commits

Author SHA1 Message Date
0f6bc41a22 Update includes for each library file
Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>
2024-10-09 11:18:50 +01:00
8ceeff95e9 Enable ssl_tls13_get_ciphersuite_hash_alg only if macro is active
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
2024-03-27 08:22:53 +01:00
7b333f1e88 Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime
TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime
2024-03-14 15:59:25 +00:00
840de7ff2f tls13: cli: Rename STATUS_NOT_SENT to STATUS_NOT_INDICATED
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-12 17:48:18 +01:00
3641df2980 tls13: cli: Rename STATE_SENT to STATE_IND_SENT
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-12 17:48:18 +01:00
3c5a68339b tls13: cli: Rename STATE_NOT_SENT to STATE_NO_IND_SENT
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-12 17:48:18 +01:00
0c80dc1ed5 tls13: cli: Rename STATUS_NOT_SENT to STATUS_NO_IND_SENT
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-12 17:48:18 +01:00
d2884662c1 tls13: cli: Split early data user status and internal state
Do not use the return values of
mbedtls_ssl_get_early_data_status()
(MBEDTLS_SSL_EARLY_DATA_STATUS_ macros)
for the state of the negotiation and
transfer of early data during the
handshake.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-12 17:48:15 +01:00
9422725aba tls13: cli: Discard ticket with zero lifetime
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-10 17:48:26 +01:00
9b4e964c2c Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data
TLS 1.3: Add mbedtls_ssl_write_early_data() API
2024-02-29 14:31:55 +00:00
f19989da31 tls13: Improve sanity check in get_early_data_status
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-22 12:22:53 +01:00
9f2c3c09df tls13: cli: Add mbedtls_ssl_get_early_data_status() API
Add mbedtls_ssl_get_early_data_status() API and its
testing.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:44:51 +01:00
e21c2d2ce1 tls13: cli: Add missing MBEDTLS_SSL_EARLY_DATA guards
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:44:51 +01:00
0ecb5fd6f5 Merge pull request #8574 from ronald-cron-arm/ssl-tickets
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
2024-02-21 09:38:46 +00:00
84dfbf488a tls13: client: Add comment about early data in 2nd ClientHello
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:14 +01:00
5fbd27055d tls13: Use a flag not a counter for CCS and HRR handling
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:02 +01:00
e273f7203d tls13: client: Improve CCS handling
Call unconditionally the CCS writing function
when sending a CCS may be necessary in the
course of an handshake. Enforce in the writing
function and only in the writing function that
only one CCS is sent.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-14 10:24:00 +01:00
90e223364c tls13: cli: Refine early data status
The main purpose of the change is to
know from the status, at any point in
the handshake, if early data can be
sent or not and why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
fe59ff794d tls13: Send dummy CCS only once
Fix cases where the client was sending
two CCS, no harm but better to send only one.

Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
5c9cc0b30f Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected
TLS 1.3: SRV: Ignore early data when rejected
2024-02-06 13:16:03 +00:00
32c28cebb4 Merge pull request #8715 from valeriosetti/issue7964
Remove all internal functions from public headers
2024-02-05 15:09:15 +00:00
1483dc3bde tls13: cli: Indicate early data only in first ClientHello
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
297c608915 tls13: cli: Fix setting of early data transform
Fix setting of early data transform when we
do not send dummy CCS for middlebox compatibility.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-22 09:37:45 +01:00
b4f5076270 debug: move internal functions declarations to an internal header file
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-18 15:30:46 +01:00
4d4891e18a Merge pull request #8666 from valeriosetti/issue8340
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
17ef8dfddb ssl_session: Define unconditionally the endpoint field
The endpoint field is needed to serialize/deserialize
a session in TLS 1.2 the same way it is needed in the
TLS 1.3 case: client specific fields that should not
be in the serialized version on server side if both
TLS client and server are enabled in the TLS library.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-15 08:58:19 +01:00
f1ba1933cf Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
ae2213c307 Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
Harmonise the names and return values of check functions in TLS code
2024-01-11 13:51:39 +00:00
148dfb6457 Change record size limit writing function
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:27 +00:00
42017cd4c9 tls13: cli: write Record Size Limit ext in ClientHello
- add the support in library
- update corresponding test case

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2024-01-10 16:17:27 +00:00
3a6059beca Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
384fbde49a library/tests: replace md_psa.h with psa_util.h as include file for MD conversion
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 13:27:32 +01:00
6a971fd61a Refactor and improve Record size limit handling
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-28 17:48:16 +00:00
049cd302ed Refactor record size limit extension handling
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-20 17:28:31 +00:00
94a42ccb3e Add tls13 in ticket flags helper function names
```
sed -i \
"s/\(mbedtls_ssl\)_\(session_\(\w*_\)\?ticket\)/\1_tls13_\2/g" \
library/*.[ch]
```

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 11:12:46 +08:00
0a1ff2b969 Consistent renaming
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
fc2cb9632b tls13: rename mbedtls_ssl_conf_tls13_check_kex_modes
The function is renamed to
mbedtls_ssl_conf_tls13_is_kex_mode_enabled.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:57 +08:00
60a22567e4 tls13: change return value of mbedtls_ssl_conf_tls13_check_kex_modes
To keep the convention in TLS code, check functions should return 0
when check is successful.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:57 +08:00
f482dcc6c7 Comply with the received Record Size Limit extension
Fixes #7010

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-12-06 15:18:08 +00:00
c59c586ac4 change prototype of write_early_data_ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:15 +08:00
5233539d9f share write_early_data_ext function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:50 +08:00
c2b1bc4fb6 replace early data permission check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:46 +08:00
a1e867c676 Merge pull request #8576 from yanrayw/issue/fix-tls13-session_negotiate-assignment
TLS13: CLI: EarlyData: Assign ciphersuite after associated verification in EE
2023-12-05 08:31:24 +00:00
744577a429 tls13: early_data: cli: check a PSK has been selected in EE
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 23:03:37 +08:00
9ae6534c20 tls13: early_data: cli: improve comment
This commit improves comment of why we assign the identifier of the
ciphersuite in handshake to `ssl->session_negotiate`.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 17:46:08 +08:00
03a00768c0 tls13: early_data: cli: improve comment
This commit improves comment of the check for handshake parameters
in Encrypted Extension.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 17:40:21 +08:00
e72dfff1d6 tls13: early_data: cli: improve comment
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 12:05:16 +08:00
2bef7fbc8d tls13: early_data: cli: remove guard to fix failure
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 12:02:56 +08:00
b3e207d762 tls13: early_data: cli: rename early_data parser in nst
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 16:49:51 +08:00
0790041dc6 Revert "tls13: early_data: cli: remove nst_ prefix"
This reverts commit 3781ab40fb.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-30 16:44:44 +08:00