mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-30 06:33:06 +00:00

Author	SHA1	Message	Date
Waleed Elmelegy	5bc5263b2c	Add code improvments and refactoring in dealing with ALPN Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-03-13 16:50:01 +00:00
Waleed Elmelegy	883f77cb08	Add mbedtls_ssl_session_set_alpn() function Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-03-13 16:50:01 +00:00
Ronald Cron	fd4c0c8b3d	tls13: cli: Fix comment Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	aa3593141b	tls13: cli: Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz from ssl.h(public) to ssl_misc.h(private) even if that means we cannot use the enum type for early_data_state in ssl.h. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-12 17:48:18 +01:00
Ronald Cron	8571804382	tls13: srv: Enforce maximum size of early data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:09 +01:00
Ronald Cron	d6d32b9210	tls13: Improve declaration and doc of early data status Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-15 17:19:14 +01:00
Ronald Cron	b9a9b1f5a5	tls13: Fix/Improve comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-15 17:19:14 +01:00
Ronald Cron	5fbd27055d	tls13: Use a flag not a counter for CCS and HRR handling Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-15 17:19:02 +01:00
Ronald Cron	90e223364c	tls13: cli: Refine early data status The main purpose of the change is to know from the status, at any point in the handshake, if early data can be sent or not and why. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Ronald Cron	fe59ff794d	tls13: Send dummy CCS only once Fix cases where the client was sending two CCS, no harm but better to send only one. Prevent to send even more CCS when early data are involved without having to add conditional state transitions. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Manuel Pégourié-Gonnard	32c28cebb4	Merge pull request #8715 from valeriosetti/issue7964 Remove all internal functions from public headers	2024-02-05 15:09:15 +00:00
Ronald Cron	78a38f607c	tls13: srv: Do not use early_data_status Due to the scope reduction for mbedtls_ssl_read_early_data(), on server as early data state variable we now only need a flag in the handshake context indicating if the server has accepted early data or not. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 20:10:35 +01:00
Ronald Cron	3b9034544e	Revert "tls13: Introduce early_data_state SSL context field" This reverts commit 0883b8b625a5531f2fc8a61b6b0417f00f76f91e. Due to the scope reduction of mbedtls_ssl_read_early_data() it is not necessary anymore to refine the usage of early_data_status/state rather the opposite. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 20:03:57 +01:00
Ronald Cron	0883b8b625	tls13: Introduce early_data_state SSL context field Introduce early_data_state SSL context field to distinguish better this internal state from the status values defined for the mbedtls_ssl_get_early_data_status() API. Distinguish also between the client and server states. Note that the client state are going to be documented and reworked as part of the implementation of mbedtls_ssl_write_early_data(). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:45:04 +01:00
Ronald Cron	5d0ae9021f	tls13: srv: Refine early data status The main purpose is to know from the status if early data can be received of not and why. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-01 16:40:47 +01:00
Valerio Setti	25b282ebfe	x509: move internal functions declarations to a private header Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-19 09:07:35 +01:00
Valerio Setti	d929106f36	ssl_ciphersuites: move internal functions declarations to a private header Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-18 15:08:28 +01:00
Tom Cosgrove	f1ba1933cf	Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext TLS1.3: SRV/CLI: add support for sending Record Size Limit extension	2024-01-12 13:39:15 +00:00
Waleed Elmelegy	f0ccf46713	Add minor cosmetic changes to record size limit changelog and comments Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-12 10:52:45 +00:00
Ronald Cron	ae2213c307	Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function Harmonise the names and return values of check functions in TLS code	2024-01-11 13:51:39 +00:00
Waleed Elmelegy	f501790ff2	Improve comments across record size limit changes Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	148dfb6457	Change record size limit writing function Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Yanray Wang	a8b4291836	tls13: add generic function to write Record Size Limit ext Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2024-01-10 16:17:27 +00:00
Tom Cosgrove	3a6059beca	Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit Comply with the received Record Size Limit extension	2024-01-09 15:22:17 +00:00
Waleed-Ziad Maamoun-Elmelegy	e2d3db5cfc	Update mbedtls_ssl_get_output_record_size_limit signature Co-authored-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Waleed-Ziad Maamoun-Elmelegy <122474370+waleed-elmelegy-arm@users.noreply.github.com>	2024-01-05 14:19:16 +00:00
Pengyu Lv	94a42ccb3e	Add tls13 in ticket flags helper function names ``` sed -i \ "s/$mbedtls_ssl$_$session_\(\w_$\?ticket\)/\1_tls13_\2/g" \ library/.[ch] ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 11:12:46 +08:00
Pengyu Lv	abd844f379	Fix wrong format in the function doc Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	02e72f65da	Reword return value description for mbedtls_ssl_tls13_is_kex_mode_supported Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	b2cfafbb9e	Consistent renaming Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	2333b826f4	tls13: srv: rename mbedtls_ssl_tls13_check_kex_modes The function is renamed to `mbedtls_ssl_tls13_is_kex_mode_supported` and the behaviour is reversed. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	0a1ff2b969	Consistent renaming Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	4f537f73fa	tls13: rename mbedtls_ssl_session_check_ticket_flags The function is renamed to mbedtls_ssl_session_ticket_has_flags. Descriptions are added. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	fc2cb9632b	tls13: rename mbedtls_ssl_conf_tls13_check_kex_modes The function is renamed to mbedtls_ssl_conf_tls13_is_kex_mode_enabled. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Pengyu Lv	60a22567e4	tls13: change return value of mbedtls_ssl_conf_tls13_check_kex_modes To keep the convention in TLS code, check functions should return 0 when check is successful. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Waleed Elmelegy	9aec1c71f2	Add record size checking during handshake Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-06 15:18:15 +00:00
Jan Bruckner	f482dcc6c7	Comply with the received Record Size Limit extension Fixes #7010 Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-12-06 15:18:08 +00:00
Jerry Yu	c59c586ac4	change prototype of `write_early_data_ext` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:21:15 +08:00
Jerry Yu	5233539d9f	share write_early_data_ext function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:50 +08:00
Jerry Yu	4da7c22cd6	add early data flag check function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:17:44 +08:00
Dave Rodgman	c37ad4432b	misc type fixes in ssl Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-21 17:09:46 +00:00
Jerry Yu	8e0174ac05	Add maximum ticket lifetime check Also add comments for age cast Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:59:24 +08:00
Jerry Yu	cf9135100e	fix various issues - fix CI failure due to wrong usage of ticket_lifetime - Improve document and comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Jerry Yu	46c7926f74	Add maximum ticket lifetime check Also add comments for age cast Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-11-21 09:58:19 +08:00
Valerio Setti	5e378d70e6	ssl_misc: remove DES from the list of key types supporting CBC Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-15 09:18:14 +01:00
Valerio Setti	01c4fa3e88	ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h This is useful to properly define MBEDTLS_PSK_MAX_LEN when it is not defined explicitly in mbedtls_config.h Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-11-10 08:12:07 +01:00
Manuel Pégourié-Gonnard	7d7ce0e66a	Merge pull request #8495 from lpy4105/issue/6322/driver-only-cipher_aead-tls [G3] Driver-only cipher+aead: TLS: main test suite	2023-11-09 11:10:34 +00:00
Pengyu Lv	2bd56de3f4	ssl: replace MBEDTLS_SSL_HAVE_*_CBC with two seperate macros MBEDTLS_SSL_HAVE_<block_cipher>_CBC equals MBEDTLS_SSL_HAVE_<block_cipher> and MBEDTLS_SSL_HAVE_CBC. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 14:21:19 +08:00
Pengyu Lv	65458fa969	ssl: MBEDTLS_SSL_HAVE_* in ssl_misc.h Done by commands: ``` sed -i "300,$ s/MBEDTLS_$AES\\|CAMELLIA\\|ARIA\\|CHACHAPOLY$_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h sed -i "300,$ s/MBEDTLS_$GCM\\|CCM$_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h sed -i "300,$ s/MBEDTLS_CIPHER_MODE_$CBC$/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 12:16:29 +08:00
Pengyu Lv	f1b86b088f	ssl: add macro to indicate CBC mode is available Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 11:28:42 +08:00
Pengyu Lv	e870cc8c86	ssl: add macro for available key types Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-11-08 11:28:36 +08:00

1 2 3 4 5 ...

521 Commits