mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-12 08:21:54 +03:00

Author	SHA1	Message	Date
Jan Bruckner	151f64283f	Add parsing for Record Size Limit extension in TLS 1.3 Fixes #7007 Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-03-14 08:41:25 +01:00
Paul Elliott	e4622a3436	Merge remote-tracking branch 'development/development' into development-restricted Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2023-03-13 17:49:32 +00:00
Manuel Pégourié-Gonnard	43cc127d3a	Fix code style Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-21 15:39:12 +01:00
Manuel Pégourié-Gonnard	b8b07aa24a	Handle errors from functions that now return int A few functions were changed from returning void to returning int three commits ago. Make sure their callers check the return values. This commits was basically a matter of declaring newly-int-returning functions MBEDTLS_CHECK_RETURN_CRITICAL and then fixing the resulting warnings. A few functions had to be made int in the process; they were applied the same process as well. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-02-21 15:39:12 +01:00
Ronald Cron	d89360b87b	Fix and improve documentation, comments and logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-21 14:57:25 +01:00
Ronald Cron	25e9ec61f0	tls13: server: Select preferred cipher suite Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-20 11:42:19 +01:00
Ronald Cron	fc7ae87ad4	tls13: server: Check ciphersuite list length parity once Check ciphersuite list length parity once, mainly to enable the possibility of getting out of the loop of the ciphersuites whenever we want. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-20 11:42:19 +01:00
Ronald Cron	606671e06e	tls13: server: Check mbedtls_ssl_set_hs_psk returned value Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2023-02-20 11:42:19 +01:00
Pengyu Lv	52ad333040	simplify helper function name Rename ssl_tls13_check_psk_mode_allowed_by_ticket to ssl_tls13_ticket_permission_check Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-14 14:32:37 +08:00
Xiaokang Qian	934ce6f6a9	Rename the finalize_client{server}_hello() Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-02-08 05:47:48 +00:00
Pengyu Lv	306a01da4d	refactor: move ticket_flags check into a function Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-02 16:57:49 +08:00
Pengyu Lv	766796839b	Revert "TLS 1.3: SRV: Validate kex modes when parsing psk" This reverts commit `f8e50a9607`. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-02-02 16:57:42 +08:00
Pengyu Lv	dadeb20383	TLS 1.3: SRV: Don't select ephemeral mode on resumption Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-18 17:42:26 +08:00
Pengyu Lv	f8e50a9607	TLS 1.3: SRV: Validate kex modes when parsing psk On resumption, after the psk identity is matched, we should check if psk and/or psk_ephemeral, which are allowed by session ticket, are valid to be selected. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-18 17:42:12 +08:00
Pengyu Lv	0b740bc85b	TLS 1.3: SRV: Check ticket_flags in kex mode determination When determining the key exchange mode, ticket_flags should be checked so that the server won't select the kex mode that is forbidden from session ticket. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-18 17:37:57 +08:00
Pengyu Lv	e2f1dbf5ae	update docs of ssl_client2 and improve code format Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-16 12:38:12 +08:00
Pengyu Lv	4938a566bf	refine ticket_flags printing helper Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-16 11:28:49 +08:00
Pengyu Lv	3643fdbab9	refine the state setting in tls13_handshake_wrapup Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:06:02 +08:00
Pengyu Lv	189465306d	remove MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE error Return MBEDTLS_ERR_ERROR_GENERIC_ERROR when ticket_flags are not compatible with advertised key exchange mode. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:06:00 +08:00
Pengyu Lv	80270b2151	rename ticket_flags helper functions to generic ones Ticket flags is quite generic and may make sense in the future versions of TLS or even in TLS 1.2 with new extensions. This change remane the ticket_flags helper functions with more generic `mbedtls_ssl_session` prefix instead of `mbedtls_ssl_tls13_session`. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:59 +08:00
Pengyu Lv	a1aa31b8b1	fix review comments Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:58 +08:00
Pengyu Lv	9eacb44a5e	improve code format and readability Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:57 +08:00
Pengyu Lv	e6487fe3c2	guard tls13_kex_modes related function calls with macro Handshake parameter field, tls13_kex_mode is only valid when MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED is set. So, any functions / calls should be guarded by this macros. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:55 +08:00
Pengyu Lv	3eb49be6a8	move kex mode check in ticket_flags to psks_check_identity_match_ticket Move the kex mode check in ticket_flags to ssl_tls13_offered_psks_check_identity_match_ticket and add new error 'MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE' to indicate the check failure. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:55 +08:00
Pengyu Lv	c7af2c4f8c	tls13: send new session ticket only when client supports psk Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:54 +08:00
Pengyu Lv	c55eeb682d	tls13: check if the session ticket is compatible with key exchange modes The server check if the ticket_flags is compatible with the advertised key exchange modes in Pre-Shared Key Exchange Modes extension. The incompatible ticket should be mark as not matched. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:53 +08:00
Pengyu Lv	9f92695c8d	tls13: set key exchange mode in ticket_flags on client/server Set the ticket_flags when: - server: preparing NST (new session ticket) message - client: postprocessing NST message Clear the ticket_flags when: - server: preparing NST message - client: parsing NST message Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:53 +08:00
Gilles Peskine	449bd8303e	Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-11 14:50:10 +01:00
Jerry Yu	141bbe7bee	tls13: Adjust include files - remove duplicate and unused included - Adjust the order to system, mbedtls global, local. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-09 09:51:20 +08:00
Tom Cosgrove	1797b05602	Fix typos prior to release Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-04 17:19:59 +00:00
Jerry Yu	a8d3c5048f	Rename new session ticket name for TLS 1.3 NewSessionTicket is different with TLS 1.2. It should not share same state. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-19 20:12:35 +08:00
Jerry Yu	97be6a913e	fix various issues - typo error - replace `ssl->hanshake` with handshake Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-09 22:43:31 +08:00
Jerry Yu	7de2ff0310	Refactor extension list print Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-08 23:51:39 +08:00
Jerry Yu	79aa721ade	Rename ext print function and macro Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-08 23:51:39 +08:00
Jerry Yu	b95dd3683b	Add missing mask set and tls13 unrecognized extension Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-08 23:51:38 +08:00
Jerry Yu	c437ee3bac	fix wrong return value Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-08 21:04:15 +08:00
Jerry Yu	e5991328ff	fix tls13 psk only test fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-08 16:16:29 +08:00
Jerry Yu	50e00e3ac6	Refactor server hello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-06 11:54:22 +08:00
Jerry Yu	edab637b51	Refactor new session ticket Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-06 11:54:22 +08:00
Jerry Yu	63a459cde5	Refactor client_hello parser and writer Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-06 11:54:21 +08:00
Jerry Yu	4b8f2f7266	Refactor sent extension message output Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-11-06 11:54:21 +08:00
Jerry Yu	c4bf5d658e	fix various issues - Signature of - mbedtls_tls13_set_hs_sent_ext_mask - check_received_extension and issues - Also fix comment issue. - improve readablity. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	0c354a211b	introduce sent/recv extensions field And remove `extensions_present` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	e18dc7eb9a	Add forbidden extensions check for ClientHello Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Jerry Yu	471dee5a12	Add debug helpers to track extensions Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-31 16:41:42 +08:00
Ronald Cron	04e2133f45	Merge pull request #6482 from ronald-cron-arm/tls13-misc TLS 1.3: Update documentation for the coming release and misc	2022-10-28 11:09:03 +02:00
Ronald Cron	eac00ad2a6	tls13: server: Note down client not being authenticated in SSL context Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-25 20:02:03 +02:00
Gilles Peskine	744fd37d23	Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0 Fix unusual macros	2022-10-25 19:55:29 +02:00
Ronald Cron	766c0cdb1f	tls13: Add missing kex guards Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	41a443a68d	tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard code specific to one of the TLS 1.3 key exchange mode with PSK. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00

... 3 4 5 6 7 ...

478 Commits