mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-10 21:01:41 +03:00

Author	SHA1	Message	Date
Harry Ramsey	0f6bc41a22	Update includes for each library file Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>	2024-10-09 11:18:50 +01:00
Norbert Fabritius	8ceeff95e9	Enable ssl_tls13_get_ciphersuite_hash_alg only if macro is active Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>	2024-03-27 08:22:53 +01:00
Gilles Peskine	7b333f1e88	Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime	2024-03-14 15:59:25 +00:00
Ronald Cron	840de7ff2f	tls13: cli: Rename STATUS_NOT_SENT to STATUS_NOT_INDICATED Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	3641df2980	tls13: cli: Rename STATE_SENT to STATE_IND_SENT Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	3c5a68339b	tls13: cli: Rename STATE_NOT_SENT to STATE_NO_IND_SENT Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	0c80dc1ed5	tls13: cli: Rename STATUS_NOT_SENT to STATUS_NO_IND_SENT Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	d2884662c1	tls13: cli: Split early data user status and internal state Do not use the return values of mbedtls_ssl_get_early_data_status() (MBEDTLS_SSL_EARLY_DATA_STATUS_ macros) for the state of the negotiation and transfer of early data during the handshake. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:15 +01:00
Ronald Cron	9422725aba	tls13: cli: Discard ticket with zero lifetime Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-10 17:48:26 +01:00
Ronald Cron	9b4e964c2c	Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data TLS 1.3: Add mbedtls_ssl_write_early_data() API	2024-02-29 14:31:55 +00:00
Ronald Cron	f19989da31	tls13: Improve sanity check in get_early_data_status Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-22 12:22:53 +01:00
Ronald Cron	9f2c3c09df	tls13: cli: Add mbedtls_ssl_get_early_data_status() API Add mbedtls_ssl_get_early_data_status() API and its testing. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-21 17:44:51 +01:00
Ronald Cron	e21c2d2ce1	tls13: cli: Add missing MBEDTLS_SSL_EARLY_DATA guards Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-21 17:44:51 +01:00
Manuel Pégourié-Gonnard	0ecb5fd6f5	Merge pull request #8574 from ronald-cron-arm/ssl-tickets Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3	2024-02-21 09:38:46 +00:00
Ronald Cron	84dfbf488a	tls13: client: Add comment about early data in 2nd ClientHello Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-15 17:19:14 +01:00
Ronald Cron	5fbd27055d	tls13: Use a flag not a counter for CCS and HRR handling Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-15 17:19:02 +01:00
Ronald Cron	e273f7203d	tls13: client: Improve CCS handling Call unconditionally the CCS writing function when sending a CCS may be necessary in the course of an handshake. Enforce in the writing function and only in the writing function that only one CCS is sent. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-14 10:24:00 +01:00
Ronald Cron	90e223364c	tls13: cli: Refine early data status The main purpose of the change is to know from the status, at any point in the handshake, if early data can be sent or not and why. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Ronald Cron	fe59ff794d	tls13: Send dummy CCS only once Fix cases where the client was sending two CCS, no harm but better to send only one. Prevent to send even more CCS when early data are involved without having to add conditional state transitions. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Manuel Pégourié-Gonnard	5c9cc0b30f	Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected TLS 1.3: SRV: Ignore early data when rejected	2024-02-06 13:16:03 +00:00
Manuel Pégourié-Gonnard	32c28cebb4	Merge pull request #8715 from valeriosetti/issue7964 Remove all internal functions from public headers	2024-02-05 15:09:15 +00:00
Ronald Cron	1483dc3bde	tls13: cli: Indicate early data only in first ClientHello Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-02 17:31:20 +01:00
Ronald Cron	297c608915	tls13: cli: Fix setting of early data transform Fix setting of early data transform when we do not send dummy CCS for middlebox compatibility. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-22 09:37:45 +01:00
Valerio Setti	b4f5076270	debug: move internal functions declarations to an internal header file Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-18 15:30:46 +01:00
Gilles Peskine	4d4891e18a	Merge pull request #8666 from valeriosetti/issue8340 Export the mbedtls_md_psa_alg_from_type function	2024-01-18 13:58:55 +00:00
Ronald Cron	17ef8dfddb	ssl_session: Define unconditionally the endpoint field The endpoint field is needed to serialize/deserialize a session in TLS 1.2 the same way it is needed in the TLS 1.3 case: client specific fields that should not be in the serialized version on server side if both TLS client and server are enabled in the TLS library. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-01-15 08:58:19 +01:00
Tom Cosgrove	f1ba1933cf	Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext TLS1.3: SRV/CLI: add support for sending Record Size Limit extension	2024-01-12 13:39:15 +00:00
Ronald Cron	ae2213c307	Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function Harmonise the names and return values of check functions in TLS code	2024-01-11 13:51:39 +00:00
Waleed Elmelegy	148dfb6457	Change record size limit writing function Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Yanray Wang	42017cd4c9	tls13: cli: write Record Size Limit ext in ClientHello - add the support in library - update corresponding test case Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2024-01-10 16:17:27 +00:00
Tom Cosgrove	3a6059beca	Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit Comply with the received Record Size Limit extension	2024-01-09 15:22:17 +00:00
Valerio Setti	384fbde49a	library/tests: replace md_psa.h with psa_util.h as include file for MD conversion Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-02 13:27:32 +01:00
Waleed Elmelegy	6a971fd61a	Refactor and improve Record size limit handling Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-28 17:48:16 +00:00
Waleed Elmelegy	049cd302ed	Refactor record size limit extension handling Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-20 17:28:31 +00:00
Pengyu Lv	94a42ccb3e	Add tls13 in ticket flags helper function names ``` sed -i \ "s/\(mbedtls_ssl\)_\(session_\(\w_\)\?ticket\)/\1_tls13_\2/g" \ library/.[ch] ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 11:12:46 +08:00
Pengyu Lv	0a1ff2b969	Consistent renaming Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	fc2cb9632b	tls13: rename mbedtls_ssl_conf_tls13_check_kex_modes The function is renamed to mbedtls_ssl_conf_tls13_is_kex_mode_enabled. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Pengyu Lv	60a22567e4	tls13: change return value of mbedtls_ssl_conf_tls13_check_kex_modes To keep the convention in TLS code, check functions should return 0 when check is successful. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Jan Bruckner	f482dcc6c7	Comply with the received Record Size Limit extension Fixes #7010 Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-12-06 15:18:08 +00:00
Jerry Yu	c59c586ac4	change prototype of `write_early_data_ext` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:21:15 +08:00
Jerry Yu	5233539d9f	share write_early_data_ext function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:50 +08:00
Jerry Yu	c2b1bc4fb6	replace early data permission check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:17:46 +08:00
Ronald Cron	a1e867c676	Merge pull request #8576 from yanrayw/issue/fix-tls13-session_negotiate-assignment TLS13: CLI: EarlyData: Assign ciphersuite after associated verification in EE	2023-12-05 08:31:24 +00:00
Yanray Wang	744577a429	tls13: early_data: cli: check a PSK has been selected in EE Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-01 23:03:37 +08:00
Yanray Wang	9ae6534c20	tls13: early_data: cli: improve comment This commit improves comment of why we assign the identifier of the ciphersuite in handshake to `ssl->session_negotiate`. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-01 17:46:08 +08:00
Yanray Wang	03a00768c0	tls13: early_data: cli: improve comment This commit improves comment of the check for handshake parameters in Encrypted Extension. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-01 17:40:21 +08:00
Yanray Wang	e72dfff1d6	tls13: early_data: cli: improve comment Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-01 12:05:16 +08:00
Yanray Wang	2bef7fbc8d	tls13: early_data: cli: remove guard to fix failure Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-01 12:02:56 +08:00
Yanray Wang	b3e207d762	tls13: early_data: cli: rename early_data parser in nst Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-30 16:49:51 +08:00
Yanray Wang	0790041dc6	Revert "tls13: early_data: cli: remove nst_ prefix" This reverts commit `3781ab40fb`. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-30 16:44:44 +08:00

1 2 3 4 5 ...

482 Commits