mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-09 10:01:18 +03:00

Author	SHA1	Message	Date
Harry Ramsey	0f6bc41a22	Update includes for each library file Signed-off-by: Harry Ramsey <harry.ramsey@arm.com>	2024-10-09 11:18:50 +01:00
Waleed Elmelegy	e2a6aa5369	Improve comments explaining legacy_methods_compression handling Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-06-25 18:16:16 +01:00
Waleed Elmelegy	0a9e8a3a18	Correct a small typo in ssl_tls13_parse_client_hello() Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-06-25 10:22:49 +01:00
Waleed Elmelegy	a5842ac20e	Improve handling of legacy_compression_methods in ssl_tls13_parse_client_hello() Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-06-19 15:09:48 +01:00
Waleed Elmelegy	b6e7331739	Fix issue in handling legacy_compression_methods in ssl_tls13_parse_client_hello() Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-06-11 18:45:40 +01:00
Gilles Peskine	a9d4ef0998	Fix uint32_t printed as unsigned int This is ok in practice since we don't support 16-bit platforms, but it makes `arm-none-eabi-gcc-10 -mthumb -Wformat` complain. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-06-03 22:16:23 +02:00
Manuel Pégourié-Gonnard	a4b773d3bb	Merge pull request #6955 from inorick/nofa_no_session_tickets Guard ticket specific TLS 1.3 function with macro	2024-04-08 08:56:17 +00:00
Norbert Fabritius	d60aef0f1b	Unconditionally define session variable Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>	2024-03-27 08:22:53 +01:00
Ronald Cron	1f045f3a0c	tls13: srv: Fix guards of _is_psk_(ephemeral_)available Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-27 08:22:53 +01:00
Norbert Fabritius	96eed725e1	Guard ticket specific TLS 1.3 function with macro Guard ssl_tls13_write_new_session_ticket_coordinate with MBEDTLS_SSL_SESSION_TICKETS macro. Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>	2024-03-27 08:22:53 +01:00
Minos Galanakis	b70f0fd9a9	Merge branch 'development' into 'development-restricted' Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-19 22:24:40 +00:00
Ronald Cron	a5c5c58107	tls13: srv: Fix potential stack buffer overread Fix potential stack buffer overread when checking PSK binders. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-19 14:46:21 +01:00
Waleed Elmelegy	4dfb0e7c90	Add ALPN checking when accepting early data Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-03-15 12:12:15 +00:00
Ronald Cron	6bee910dbd	Merge pull request #8858 from waleed-elmelegy-arm/add_alpn_to_session Add ALPN information in session tickets	2024-03-15 09:50:24 +00:00
Gilles Peskine	7b333f1e88	Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime	2024-03-14 15:59:25 +00:00
Waleed Elmelegy	5bc5263b2c	Add code improvments and refactoring in dealing with ALPN Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-03-13 16:50:01 +00:00
Waleed Elmelegy	883f77cb08	Add mbedtls_ssl_session_set_alpn() function Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-03-13 16:50:01 +00:00
Waleed Elmelegy	2824a209bc	Add ALPN information in session tickets Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-03-13 16:50:01 +00:00
Jerry Yu	ce79488dd5	tls13: srv: Fail connection if ticket lifetime exceed 7 days Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-10 17:42:43 +01:00
Ronald Cron	7e1f9f290f	Merge pull request #8854 from ronald-cron-arm/tls13-srv-max-early-data-size TLS 1.3: Enforce max_early_data_size on server	2024-03-09 00:16:07 +00:00
Janos Follath	080a5171e2	Merge pull request #8861 from ronald-cron-arm/tls13-srv-select-kex TLS 1.3: SRV: Improve key exchange mode selection	2024-03-08 14:58:36 +00:00
Ronald Cron	19521ddc36	tls13: srv: Fix/Improve debug logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	7cab4f885b	tls13: srv: Fix/Improve comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	16cc370423	tls13: srv: Fix initialization value Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	f602f7ba50	tls13: srv: Code improvements Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	3811765c0c	tls13: srv: Add/Improve comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	74a1629231	tls13: srv: Move PSK ciphersuite selection up Move PSK ciphersuite selection up to the main ClientHello parsing function. That way the ciphersuite selection only happens in this function. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	3e47eec431	tls13: srv: Simplify resumption detection Avoid marking we resume and then cancelling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	e8c162d7ba	tls13: srv: Simplify kex availability checks Regarding the possibility of selecting a key exchange mode, the check of the ticket flags is now separated from the check of the ClientHello content and server configuration. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	79cdd4156f	tls13: srv: Improve key exchange mode determination For PSK based key exchange modes do not check twice anymore if they can be selected or not. Check it only when looping over the offered PSKs to select one. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	1f63fe4d74	tls13: srv: Fix resume flag in case of cancelled PSK If we prefer ephemeral key exchange mode over the pure PSK one, make sure the resume flag is disabled as eventually we are not going to resume a session even if we aimed to at some point. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	cf284565c5	tls13: srv: Determine best key exchange mode for a PSK Determine best key exchange for for ticket based and external PSKs. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	89089cc69b	tls13: srv: Factorize ciphersuite selection code Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	f7e9916b3d	tls13: srv: Fix MBEDTLS_SSL_SESSION_TICKETS guard position Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	12e72f1664	tls13: srv: Always parse the pre-shared key extension Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	7a30cf5954	tls13: srv: Stop earlier identity check If an identity has been determined as a ticket identity but the ticket is not usable, do not try to check if the identity is that of an external provided PSK. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	fbae94a52f	tls13: srv: Improve ticket identity check return values Improve the values returned by ssl_tls13_offered_psks_check_identity_match_ticket(). Distinguish between the two following cases: 1) the PSK identity is not a valid ticket identity 2) the PSK identity is a valid ticket identity but the ticket cannot be used for session resumption. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	3cdcac5647	tls13: srv: Fix return value Fix the value returned by ssl_tls13_offered_psks_check_identity_match_ticket() when there is no ticket parser function defined or no time. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	6e31127f08	tls13: srv: Define specific return macros for binder check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	139a4185b1	Merge pull request #8587 from yanrayw/issue/4911/ssl_setup-check-RNG-configuration TLS: check RNG when calling mbedtls_ssl_setup()	2024-03-08 07:38:39 +00:00
Ronald Cron	8571804382	tls13: srv: Enforce maximum size of early data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:09 +01:00
Ronald Cron	c286519747	tls13: srv: Do not forget to include max_early_data_size in the ticket Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:03:51 +01:00
Ronald Cron	9b4e964c2c	Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data TLS 1.3: Add mbedtls_ssl_write_early_data() API	2024-02-29 14:31:55 +00:00
Manuel Pégourié-Gonnard	0ecb5fd6f5	Merge pull request #8574 from ronald-cron-arm/ssl-tickets Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3	2024-02-21 09:38:46 +00:00
Ronald Cron	5fbd27055d	tls13: Use a flag not a counter for CCS and HRR handling Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-15 17:19:02 +01:00
Ronald Cron	e273f7203d	tls13: client: Improve CCS handling Call unconditionally the CCS writing function when sending a CCS may be necessary in the course of an handshake. Enforce in the writing function and only in the writing function that only one CCS is sent. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-14 10:24:00 +01:00
Ronald Cron	fe59ff794d	tls13: Send dummy CCS only once Fix cases where the client was sending two CCS, no harm but better to send only one. Prevent to send even more CCS when early data are involved without having to add conditional state transitions. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Manuel Pégourié-Gonnard	5c9cc0b30f	Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected TLS 1.3: SRV: Ignore early data when rejected	2024-02-06 13:16:03 +00:00
Ronald Cron	31e2d83eee	tls13: srv: Improve coding Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-05 16:45:57 +01:00
Manuel Pégourié-Gonnard	32c28cebb4	Merge pull request #8715 from valeriosetti/issue7964 Remove all internal functions from public headers	2024-02-05 15:09:15 +00:00

1 2 3 4 5 ...

478 Commits