mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-13 19:21:32 +03:00

Author	SHA1	Message	Date
Ronald Cron	66dbf9118e	TLS 1.3: Do not send handshake data in handshake step handlers Send data (call to mbedtls_ssl_flush_output()) only from the loop over the handshake steps. That way, we do not have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE error code) on the network in handshake step handlers. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:51:52 +01:00
Ronald Cron	9df7c80c78	TLS 1.3: Always go through the CLIENT_CERTIFICATE state Even if certificate authentication is disabled at build time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state. It simplifies overall the code for a small code size cost when certificate authentication is disabled at build time. Furthermore that way we have only one point in the code where we switch to the handshake keys for record encryption. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-09 07:50:08 +01:00
Manuel Pégourié-Gonnard	d815114f93	Merge pull request #5524 from mprse/tls_ecdh_2c TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)	2022-03-08 11:43:45 +01:00
Jerry Yu	71f36f1d2e	change alert message type Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-23 17:34:29 +08:00
Jerry Yu	0b7b101b3b	fix warnings Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-23 12:26:48 +08:00
Jerry Yu	2ff6ba1df0	Remove rsa_pss_rsae_sha256 support. Sign rsa is not thread safe. Remove it from current code. And a thread-safe version should be re-introduce in future. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-23 10:38:25 +08:00
Jerry Yu	782720787f	Refactor write_certificate_verify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:28:13 +08:00
Jerry Yu	2124d05e06	Add sha384 and sha512 case Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	d66409ae92	Add non support sig alg check and test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	c8d8d4e01a	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	7db5b8f68c	add rsa_pss_rsae_sha256 write support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	3391ac00d3	fix various issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	ca133a34c5	Change state machine Skip CertificateVerfiy if empty certificate or no CertificateRequest received. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	537530d57a	Add certificate request echo Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	3e536442f5	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	7399d0d806	refactor write certificate Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	32e0c2d526	fix server only build fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	90f152dfac	fix psk only build fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	8511f125af	Add certificteVerify Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	5cc3506c9f	Add write certificate and client handler Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	566c781290	Add dummy state for client_certifiate Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-22 10:17:58 +08:00
Jerry Yu	fb4b6478ee	tls13_only: improve guards of files. To improve readability of the preprocess guards. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-02-21 09:06:00 +08:00
Przemyslaw Stekiel	4b3fff43a8	Destroy ecdh_psa_privkey on HRR Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-15 08:53:26 +01:00
Ronald Cron	6ca6faa67e	Merge pull request #5080 from xffbai/add-tls13-read-certificate-request add tls1_3 read certificate request	2022-02-09 09:51:55 +01:00
Xiaofei Bai	c234ecf695	Update mbedtls_ssl_handshake_free() and address review comments. Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-02-08 10:26:42 +00:00
Xiaofei Bai	51f515a503	update based on comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-02-08 07:28:04 +00:00
Xiaofei Bai	f5b4d25cfa	Add received_sig_algs member to struct mbedtls_ssl_handshake_params Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-28 06:37:15 +00:00
Xiaofei Bai	82f0a9a1db	Rebase and address review comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-27 07:53:52 +00:00
XiaokangQian	0ece998287	Refine code in mbedtls_ssl_reset_transcript_for_hrr Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	355e09ae9d	Change code base on comments Change functions name Change some comments Improve hrr test case for gnutls Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	78b1fa7e81	Update code base on comments Move reset transcript for hrr to generic Reset SHA256 or SHA384 other than both Rename message layer reset Add check log for hrr parse successfully Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:53:15 +00:00
XiaokangQian	0b56a8f85c	Replace curve_list with group_list and add update test scripts Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-01-26 10:51:13 +00:00
Xiaofei Bai	69fcd39774	Update CertificateRequest tests and the parsing function Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:32:29 +00:00
Xiaofei Bai	a0ab777cfc	update based on comments. Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:54 +00:00
Xiaofei Bai	e1e344213a	Add TLS1.3 process certificate request Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2022-01-26 09:31:52 +00:00
Jerry Yu	24811fb2e0	replace check_sig_hash with is_offered Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	6106fdc085	fix build fail without TLS13 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	f017ee4203	merge write sig_alg of tls12 and tls13 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> # Conflicts: # library/ssl_misc.h	2022-01-25 12:46:17 +08:00
Jerry Yu	2d0bd32982	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Jerry Yu	08e2ceae18	Remove directly access for tls13_sig_algs Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:16 +08:00
Jerry Yu	f46b016058	skip some extensions if ephemeral not enabled Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-11 16:28:00 +08:00
Ronald Cron	6f135e1148	Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:47:55 +01:00
Manuel Pégourié-Gonnard	4525cce691	Merge pull request #5256 from yuhaoth/pr/clean-up-secrets-after-done TLS1.3 MVP: Erase secrets when they are not necessary anymore.	2021-12-10 12:48:25 +01:00
Jerry Yu	4a2fa5d0aa	Move erase handshake secrets Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:37:14 +08:00
Jerry Yu	27224f58be	fix coding style issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	7ca3054795	move zerioize tls13_hs_secrets Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	2c70a39d97	move zeroize randbytes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Jerry Yu	d103bdb01d	Clean randbytes Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-12-10 10:33:27 +08:00
Ronald Cron	d4c64027a5	tls13: Move state transition after sending CCS to ssl_tls13_client.c Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00
Ronald Cron	49ad6197ca	Add injection of dummy's ChangeCipherSpec for middlebox compatibility Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-09 13:40:22 +01:00

... 3 4 5 6 7

321 Commits