mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-22 22:20:52 +00:00

Author	SHA1	Message	Date
Ronald Cron	3e47eec431	tls13: srv: Simplify resumption detection Avoid marking we resume and then cancelling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	e8c162d7ba	tls13: srv: Simplify kex availability checks Regarding the possibility of selecting a key exchange mode, the check of the ticket flags is now separated from the check of the ClientHello content and server configuration. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	79cdd4156f	tls13: srv: Improve key exchange mode determination For PSK based key exchange modes do not check twice anymore if they can be selected or not. Check it only when looping over the offered PSKs to select one. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	1f63fe4d74	tls13: srv: Fix resume flag in case of cancelled PSK If we prefer ephemeral key exchange mode over the pure PSK one, make sure the resume flag is disabled as eventually we are not going to resume a session even if we aimed to at some point. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	cf284565c5	tls13: srv: Determine best key exchange mode for a PSK Determine best key exchange for for ticket based and external PSKs. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	89089cc69b	tls13: srv: Factorize ciphersuite selection code Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	f7e9916b3d	tls13: srv: Fix MBEDTLS_SSL_SESSION_TICKETS guard position Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	12e72f1664	tls13: srv: Always parse the pre-shared key extension Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	7a30cf5954	tls13: srv: Stop earlier identity check If an identity has been determined as a ticket identity but the ticket is not usable, do not try to check if the identity is that of an external provided PSK. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	fbae94a52f	tls13: srv: Improve ticket identity check return values Improve the values returned by ssl_tls13_offered_psks_check_identity_match_ticket(). Distinguish between the two following cases: 1) the PSK identity is not a valid ticket identity 2) the PSK identity is a valid ticket identity but the ticket cannot be used for session resumption. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	3cdcac5647	tls13: srv: Fix return value Fix the value returned by ssl_tls13_offered_psks_check_identity_match_ticket() when there is no ticket parser function defined or no time. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	6e31127f08	tls13: srv: Define specific return macros for binder check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	139a4185b1	Merge pull request #8587 from yanrayw/issue/4911/ssl_setup-check-RNG-configuration TLS: check RNG when calling mbedtls_ssl_setup()	2024-03-08 07:38:39 +00:00
Ronald Cron	93795f2639	tls13: Improve comment about cast to uint32_t Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-07 09:57:07 +01:00
Paul Elliott	8a2062c538	Merge pull request #8892 from paul-elliott-arm/add_threading_to_drivers Ensure drivers have threading enabled if required	2024-03-06 14:35:49 +00:00
Moritz Fischer	967f8cde84	library: psa_crypto: Explicitly initialize shared_secret When building with -Og (specifically Zephyr with CONFIG_DEBUG_OPTIMIZATIONS=y) one observes the following warning: 'shared_secret' may be used uninitialized [-Werror=maybe-uninitialized] Fix this by zero initializing 'shared_secret' similar to the issue addressed in commit 2fab5c960 ("Work around for GCC bug"). Signed-off-by: Moritz Fischer <moritzf@google.com>	2024-03-05 22:32:32 +00:00
Gilles Peskine	31403a4ca8	Merge pull request #8678 from daverodgman/quietbuild Make builds less verbose	2024-03-05 18:04:16 +00:00
Gilles Peskine	71cc260563	Merge pull request #8728 from minosgalanakis/features/add_mbedtls_x509_crt_get_ca_istrue_accesor_6151 [MBEDTLS_PRIVATE] Add mbedtls_x509_crt_get_ca_istrue() accesor	2024-03-05 18:04:06 +00:00
Dave Rodgman	3c4166aef3	Merge pull request #8863 from minosgalanakis/feature/add_ecdh_context_5016 [MBEDTLS_PRIVATE] Add a getter for the ECDH context->grp.id member.	2024-03-05 16:58:13 +00:00
Minos Galanakis	581e63637a	test_suite_x509parse: Added test-case for legacy certificate Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-05 14:39:23 +00:00
Paul Elliott	053b7886e5	Ensure drivers have threading enabled if required Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2024-03-05 14:27:23 +00:00
Ronald Cron	2e7dfd5181	tls13: Remove unnecessary cast from size_t to uint32_t Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-05 13:48:11 +01:00
Minos Galanakis	87b4f6d86c	x509: Reworded documentation bits. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-05 11:05:51 +00:00
Gilles Peskine	d06244b813	Merge pull request #8821 from davidhorstmann-arm/fix-config-bitflag Update `SSL_SERIALIZED_SESSION_CONFIG_BITFLAG` with new flags	2024-03-05 09:59:42 +00:00
Gilles Peskine	8462146d01	Merge pull request #8867 from gilles-peskine-arm/psa_key_attributes-remove_core Merge psa_core_key_attributes_t back into psa_key_attributes_t	2024-03-05 09:59:24 +00:00
Paul Elliott	634f4d6d7d	Merge pull request #8846 from gilles-peskine-arm/ecp-write-ext-3.6 Introduce mbedtls_ecp_write_key_ext	2024-03-04 14:56:55 +00:00
Ronald Cron	987cf898db	ssl_helpers: Restore rng_seed incrementation Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-04 10:24:27 +01:00
Gilles Peskine	fad79fcdd9	Merge remote-tracking branch 'development' into ecp-write-ext-3.6 Conflicts: * library/pk.c: mbedtls_pk_wrap_as_opaque() changed in the feature branch and was removed in the target branch.	2024-03-04 08:52:08 +01:00
Minos Galanakis	79ee110446	Added changelog Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-04 02:22:01 +00:00
Minos Galanakis	a83ada4eba	tests: Added test for `mbedtls_x509_crt_get_ca_istrue()` Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-04 02:22:01 +00:00
Minos Galanakis	2abbac74dc	x509: Added `mbedtls_x509_crt_get_ca_istrue()` API accessor. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-04 02:22:01 +00:00
Minos Galanakis	3cfdd73dfa	Changelog: Added changelog for `mbedtls_ecdh_get_grp_id`. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-02 09:14:13 +00:00
Ronald Cron	e93cd1b580	tests: ssl: Free write/read test buffers Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 19:30:00 +01:00
Valerio Setti	ada2ec3482	psa_crypto_stubs/changelog: fix typos Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-03-01 18:04:14 +01:00
Ronald Cron	aab4a546bf	tests: Set the default conf then customize Set the default conf then customize, not the other way around. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 17:09:22 +01:00
Ronald Cron	10b040fa6f	tests: ssl_helpers: Rename rng_get to mbedtls_test_random mbedtls_test_ as the prefix for test APIs _random like in mbedtls_ctr/hmac_drbg_random Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 17:00:38 +01:00
Manuel Pégourié-Gonnard	e33b349c90	Merge pull request #8864 from valeriosetti/issue8848 Deprecate or remove mbedtls_pk_wrap_as_opaque	2024-03-01 15:54:32 +00:00
David Horstmann	71fa1a94e7	Fix code style Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-01 12:32:18 +00:00
David Horstmann	76ba26a542	Fixup: add peer_cert_digest_type to comment Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-01 12:03:35 +00:00
David Horstmann	7335082ef6	Add ChangeLog entry for ssl serialization bitflags Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-01 11:31:03 +00:00
David Horstmann	f686f1dc17	Fix naming inconsistencies in config bits Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-01 11:20:32 +00:00
Ronald Cron	fcbf776d06	tests: ssl: Restore write_early_data test function For negative testing of early data (tests related to max_early_data_size in this PR), restore the test function to write early data that was first introduced to be able to test the reading of early data with the writing part and was removed (as not used anymore) by the PR 8760. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 10:00:47 +01:00
Ronald Cron	25ad10a920	tests: ssl: Improve tls13_srv_max_early_data_size() Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	19bfe0a631	tls13: Rename early_data_count to total_early_data_size Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	70eab45ba6	tls13: generic: Fix log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	dc81b7343f	tests: srv max early data size: Add reach_max test arg Add the reach_max flag argument for the test13_srv_max_early_data_size test function. Non zero value only valid in case of TEST_EARLY_DATA_ACCEPTED scenario. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	01d273d31f	Enforce maximum size of early data in case of HRR Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	919e596c05	Enforce maximum size of early data when rejected Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	2160bfe4e2	tests: ssl: Test enforcement of maximum early data size Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	8571804382	tls13: srv: Enforce maximum size of early data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:09 +01:00

1 2 3 4 5 ...

29935 Commits