mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 21:40:11 +00:00

Author	SHA1	Message	Date
Ronald Cron	90e223364c	tls13: cli: Refine early data status The main purpose of the change is to know from the status, at any point in the handshake, if early data can be sent or not and why. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Ronald Cron	fe59ff794d	tls13: Send dummy CCS only once Fix cases where the client was sending two CCS, no harm but better to send only one. Prevent to send even more CCS when early data are involved without having to add conditional state transitions. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Manuel Pégourié-Gonnard	32c28cebb4	Merge pull request #8715 from valeriosetti/issue7964 Remove all internal functions from public headers	2024-02-05 15:09:15 +00:00
Ronald Cron	78a38f607c	tls13: srv: Do not use early_data_status Due to the scope reduction for mbedtls_ssl_read_early_data(), on server as early data state variable we now only need a flag in the handshake context indicating if the server has accepted early data or not. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 20:10:35 +01:00
Ronald Cron	3b9034544e	Revert "tls13: Introduce early_data_state SSL context field" This reverts commit 0883b8b625a5531f2fc8a61b6b0417f00f76f91e. Due to the scope reduction of mbedtls_ssl_read_early_data() it is not necessary anymore to refine the usage of early_data_status/state rather the opposite. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 20:03:57 +01:00
Ronald Cron	0883b8b625	tls13: Introduce early_data_state SSL context field Introduce early_data_state SSL context field to distinguish better this internal state from the status values defined for the mbedtls_ssl_get_early_data_status() API. Distinguish also between the client and server states. Note that the client state are going to be documented and reworked as part of the implementation of mbedtls_ssl_write_early_data(). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:45:04 +01:00
Ronald Cron	5d0ae9021f	tls13: srv: Refine early data status The main purpose is to know from the status if early data can be received of not and why. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Valerio Setti	25b282ebfe	x509: move internal functions declarations to a private header Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-19 09:07:35 +01:00
Valerio Setti	d929106f36	ssl_ciphersuites: move internal functions declarations to a private header Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-18 15:08:28 +01:00
Tom Cosgrove	f1ba1933cf	Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext TLS1.3: SRV/CLI: add support for sending Record Size Limit extension	2024-01-12 13:39:15 +00:00
Waleed Elmelegy	f0ccf46713	Add minor cosmetic changes to record size limit changelog and comments Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-12 10:52:45 +00:00
Ronald Cron	ae2213c307	Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function Harmonise the names and return values of check functions in TLS code	2024-01-11 13:51:39 +00:00
Waleed Elmelegy	f501790ff2	Improve comments across record size limit changes Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	148dfb6457	Change record size limit writing function Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Yanray Wang	a8b4291836	tls13: add generic function to write Record Size Limit ext Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2024-01-10 16:17:27 +00:00
Tom Cosgrove	3a6059beca	Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit Comply with the received Record Size Limit extension	2024-01-09 15:22:17 +00:00
Waleed-Ziad Maamoun-Elmelegy	e2d3db5cfc	Update mbedtls_ssl_get_output_record_size_limit signature Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Waleed-Ziad Maamoun-Elmelegy <122474370+waleed-elmelegy-arm@users.noreply.github.com>	2024-01-05 14:19:16 +00:00
Pengyu Lv	94a42ccb3e	Add tls13 in ticket flags helper function names ``` sed -i \ "s/$mbedtls_ssl$_$session_\(\w_$\?ticket\)/\1_tls13_\2/g" \ library/.[ch] ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 11:12:46 +08:00
Pengyu Lv	abd844f379	Fix wrong format in the function doc Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	02e72f65da	Reword return value description for mbedtls_ssl_tls13_is_kex_mode_supported Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	b2cfafbb9e	Consistent renaming Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	2333b826f4	tls13: srv: rename mbedtls_ssl_tls13_check_kex_modes The function is renamed to `mbedtls_ssl_tls13_is_kex_mode_supported` and the behaviour is reversed. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	0a1ff2b969	Consistent renaming Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	4f537f73fa	tls13: rename mbedtls_ssl_session_check_ticket_flags The function is renamed to mbedtls_ssl_session_ticket_has_flags. Descriptions are added. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	fc2cb9632b	tls13: rename mbedtls_ssl_conf_tls13_check_kex_modes The function is renamed to mbedtls_ssl_conf_tls13_is_kex_mode_enabled. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Pengyu Lv	60a22567e4	tls13: change return value of mbedtls_ssl_conf_tls13_check_kex_modes To keep the convention in TLS code, check functions should return 0 when check is successful. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Waleed Elmelegy	9aec1c71f2	Add record size checking during handshake Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-06 15:18:15 +00:00
Jan Bruckner	f482dcc6c7	Comply with the received Record Size Limit extension Fixes #7010 Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-12-06 15:18:08 +00:00
Jerry Yu	c59c586ac4	change prototype of `write_early_data_ext` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:21:15 +08:00
Jerry Yu	5233539d9f	share write_early_data_ext function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:50 +08:00
Jerry Yu	4da7c22cd6	add early data flag check function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:17:44 +08:00
Dave Rodgman	c37ad4432b	misc type fixes in ssl Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-21 17:09:46 +00:00
Jerry Yu	8e0174ac05	Add maximum ticket lifetime check Also add comments for age cast Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:59:24 +08:00
Jerry Yu	cf9135100e	fix various issues - fix CI failure due to wrong usage of ticket_lifetime - Improve document and comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	46c7926f74	Add maximum ticket lifetime check Also add comments for age cast Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Valerio Setti	5e378d70e6	ssl_misc: remove DES from the list of key types supporting CBC Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-15 09:18:14 +01:00
Valerio Setti	01c4fa3e88	ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h This is useful to properly define MBEDTLS_PSK_MAX_LEN when it is not defined explicitly in mbedtls_config.h Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-10 08:12:07 +01:00
Manuel Pégourié-Gonnard	7d7ce0e66a	Merge pull request #8495 from lpy4105/issue/6322/driver-only-cipher_aead-tls [G3] Driver-only cipher+aead: TLS: main test suite	2023-11-09 11:10:34 +00:00
Pengyu Lv	2bd56de3f4	ssl: replace MBEDTLS_SSL_HAVE_*_CBC with two seperate macros MBEDTLS_SSL_HAVE_<block_cipher>_CBC equals MBEDTLS_SSL_HAVE_<block_cipher> and MBEDTLS_SSL_HAVE_CBC. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 14:21:19 +08:00
Pengyu Lv	65458fa969	ssl: MBEDTLS_SSL_HAVE_* in ssl_misc.h Done by commands: ``` sed -i "300,$ s/MBEDTLS_$AES\\|CAMELLIA\\|ARIA\\|CHACHAPOLY$_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h sed -i "300,$ s/MBEDTLS_$GCM\\|CCM$_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h sed -i "300,$ s/MBEDTLS_CIPHER_MODE_$CBC$/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 12:16:29 +08:00
Pengyu Lv	f1b86b088f	ssl: add macro to indicate CBC mode is available Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 11:28:42 +08:00
Pengyu Lv	e870cc8c86	ssl: add macro for available key types Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 11:28:36 +08:00
Tom Cosgrove	4122c16abd	Merge pull request #6945 from lpy4105/issue/6935/ticket_flags-kex-mode-determination TLS 1.3: SRV: Check ticket_flags on kex mode determination when resumption	2023-11-07 09:26:21 +00:00
Gilles Peskine	8b6b41f6cd	Merge pull request #8434 from valeriosetti/issue8407 [G2] Make TLS work without Cipher	2023-11-04 15:05:00 +00:00
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Pengyu Lv	dbd1e0d986	tls13: add helpers to check if psk[_ephemeral] allowed by ticket Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-10-31 10:17:17 +08:00
Valerio Setti	467271dede	ssl_misc: ignore ALG_CBC_PKCS7 for MBEDTLS_SSL_HAVE_xxx_CBC Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-30 11:40:32 +01:00
Valerio Setti	1ebb6cd68d	ssl_misc: add internal MBEDTLS_SSL_HAVE_[AES/ARIA/CAMELLIA]_CBC symbols These are used in tests to determine whether there is support for one of those keys for CBC mode. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-10-30 11:36:32 +01:00
Pengyu Lv	7b711710b2	Add check_ticket_flags helper function Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-10-24 17:07:14 +08:00
Jerry Yu	1eb0bd557d	Add not-received status Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-10-12 15:02:01 +08:00

1 2 3 4 5 ...

513 Commits