mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-03-28 19:21:08 +00:00

Author	SHA1	Message	Date
Ronald Cron	79cdd4156f	tls13: srv: Improve key exchange mode determination For PSK based key exchange modes do not check twice anymore if they can be selected or not. Check it only when looping over the offered PSKs to select one. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	1f63fe4d74	tls13: srv: Fix resume flag in case of cancelled PSK If we prefer ephemeral key exchange mode over the pure PSK one, make sure the resume flag is disabled as eventually we are not going to resume a session even if we aimed to at some point. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	cf284565c5	tls13: srv: Determine best key exchange mode for a PSK Determine best key exchange for for ticket based and external PSKs. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	89089cc69b	tls13: srv: Factorize ciphersuite selection code Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	f7e9916b3d	tls13: srv: Fix MBEDTLS_SSL_SESSION_TICKETS guard position Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	12e72f1664	tls13: srv: Always parse the pre-shared key extension Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	7a30cf5954	tls13: srv: Stop earlier identity check If an identity has been determined as a ticket identity but the ticket is not usable, do not try to check if the identity is that of an external provided PSK. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	fbae94a52f	tls13: srv: Improve ticket identity check return values Improve the values returned by ssl_tls13_offered_psks_check_identity_match_ticket(). Distinguish between the two following cases: 1) the PSK identity is not a valid ticket identity 2) the PSK identity is a valid ticket identity but the ticket cannot be used for session resumption. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	3cdcac5647	tls13: srv: Fix return value Fix the value returned by ssl_tls13_offered_psks_check_identity_match_ticket() when there is no ticket parser function defined or no time. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	6e31127f08	tls13: srv: Define specific return macros for binder check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 08:43:41 +01:00
Ronald Cron	139a4185b1	Merge pull request #8587 from yanrayw/issue/4911/ssl_setup-check-RNG-configuration TLS: check RNG when calling mbedtls_ssl_setup()	2024-03-08 07:38:39 +00:00
Ronald Cron	93795f2639	tls13: Improve comment about cast to uint32_t Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-07 09:57:07 +01:00
tom-daubney-arm	d4c57c0ad2	Merge branch 'development-restricted' into key_agreement_buffer_protection Signed-off-by: tom-daubney-arm <74920390+tom-daubney-arm@users.noreply.github.com>	2024-03-06 16:47:13 +00:00
Dave Rodgman	5ba2b2b8cc	Ensure blocksize is compile-time const when DES not present Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-06 11:38:49 +00:00
David Horstmann	a5175634b0	Merge branch 'development-restricted' into copying-pake Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-06 11:18:28 +00:00
Dave Rodgman	7f86d356b1	Improve PBKDF2 with CMAC perf by ~16% 10x perf in cmac_multiply_by_u; 2% uplift in AES-CMAC benchmarks Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-06 11:17:16 +00:00
Moritz Fischer	967f8cde84	library: psa_crypto: Explicitly initialize shared_secret When building with -Og (specifically Zephyr with CONFIG_DEBUG_OPTIMIZATIONS=y) one observes the following warning: 'shared_secret' may be used uninitialized [-Werror=maybe-uninitialized] Fix this by zero initializing 'shared_secret' similar to the issue addressed in commit 2fab5c960 ("Work around for GCC bug"). Signed-off-by: Moritz Fischer <moritzf@google.com>	2024-03-05 22:32:32 +00:00
Gilles Peskine	71cc260563	Merge pull request #8728 from minosgalanakis/features/add_mbedtls_x509_crt_get_ca_istrue_accesor_6151 [MBEDTLS_PRIVATE] Add mbedtls_x509_crt_get_ca_istrue() accesor	2024-03-05 18:04:06 +00:00
Dave Rodgman	3c4166aef3	Merge pull request #8863 from minosgalanakis/feature/add_ecdh_context_5016 [MBEDTLS_PRIVATE] Add a getter for the ECDH context->grp.id member.	2024-03-05 16:58:13 +00:00
Ryan	0b14d1407d	Document deprecated transaction system as non thread safe Not all of the writes to this field are protected by a mutex. There is no also no protection in place to stop another thread from overwriting the current transaction Signed-off-by: Ryan Everett <ryan.everett@arm.com>	2024-03-05 14:06:02 +00:00
Ronald Cron	2e7dfd5181	tls13: Remove unnecessary cast from size_t to uint32_t Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-05 13:48:11 +01:00
Gilles Peskine	d06244b813	Merge pull request #8821 from davidhorstmann-arm/fix-config-bitflag Update `SSL_SERIALIZED_SESSION_CONFIG_BITFLAG` with new flags	2024-03-05 09:59:42 +00:00
Gilles Peskine	8462146d01	Merge pull request #8867 from gilles-peskine-arm/psa_key_attributes-remove_core Merge psa_core_key_attributes_t back into psa_key_attributes_t	2024-03-05 09:59:24 +00:00
Dave Rodgman	a38fad9dad	Adjust defaults Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-04 18:27:32 +00:00
Gabor Mezei	1b5b58d4d9	Fix merge Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2024-03-04 17:15:08 +01:00
Gilles Peskine	48230e84cb	In library, with make, only require the framework for generated files This way, `make lib` will work in the absence of the framework, as long as generated files are present. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-04 17:12:59 +01:00
Gilles Peskine	f9bbe0de4c	Show guidance if the framework is not found Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-04 17:12:59 +01:00
Gilles Peskine	1c13aa78c2	Framework submodule: fix the libtestdriver1 build `make -C tests libtestdriver1` copies `library/Makefile` to `tests/libtestdriver1/library/Makefile`, where `../framework` does not point to the framework submodule. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-03-04 17:12:59 +01:00
Gábor Mezei	716cf2d4e0	Merge branch 'development-restricted' into buffer_protection_for_cipher Signed-off-by: Gábor Mezei <63054694+gabor-mezei-arm@users.noreply.github.com>	2024-03-04 15:38:05 +00:00
Gilles Peskine	fad79fcdd9	Merge remote-tracking branch 'development' into ecp-write-ext-3.6 Conflicts: * library/pk.c: mbedtls_pk_wrap_as_opaque() changed in the feature branch and was removed in the target branch.	2024-03-04 08:52:08 +01:00
Minos Galanakis	2abbac74dc	x509: Added `mbedtls_x509_crt_get_ca_istrue()` API accessor. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2024-03-04 02:22:01 +00:00
Manuel Pégourié-Gonnard	e33b349c90	Merge pull request #8864 from valeriosetti/issue8848 Deprecate or remove mbedtls_pk_wrap_as_opaque	2024-03-01 15:54:32 +00:00
Dave Rodgman	8a4df2293a	Adjust default unroll settings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2024-03-01 15:12:59 +00:00
Ronald Cron	5dbfcceb81	tls13: cli: Fix error code not checked Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:15:30 +01:00
Ronald Cron	de9b03dcba	tls13: Rename early_data_count to total_early_data_size Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:14:17 +01:00
Ronald Cron	62f971aa60	tls13: cli: Enforce maximum size of early data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:10:22 +01:00
Ronald Cron	a4f0a71a01	ssl: Add early_data_count field Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 15:10:22 +01:00
David Horstmann	71fa1a94e7	Fix code style Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-01 12:32:18 +00:00
David Horstmann	76ba26a542	Fixup: add peer_cert_digest_type to comment Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-01 12:03:35 +00:00
David Horstmann	f686f1dc17	Fix naming inconsistencies in config bits Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-03-01 11:20:32 +00:00
Ronald Cron	19bfe0a631	tls13: Rename early_data_count to total_early_data_size Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	70eab45ba6	tls13: generic: Fix log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	01d273d31f	Enforce maximum size of early data in case of HRR Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	919e596c05	Enforce maximum size of early data when rejected Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	8571804382	tls13: srv: Enforce maximum size of early data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:09 +01:00
Ronald Cron	c286519747	tls13: srv: Do not forget to include max_early_data_size in the ticket Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:03:51 +01:00
Ronald Cron	26a9811027	ssl: Add early_data_count field Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:03:51 +01:00
David Horstmann	531aca2810	Fix missing fields in ssl session struct comment The endpoint and version were factorized out into the main session. Update the session struct comment to reflect these new fields, as was previously missed. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 18:14:28 +00:00
David Horstmann	cb01b361e1	Move session descriptions into a single comment Describe the TLS 1.2, TLS 1.3 and full session structs in the same place for ease of reference. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 18:10:13 +00:00
David Horstmann	80a9668762	Add config guards to session struct comments This shows which fields of the session are dependent on which config options. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2024-02-29 18:00:32 +00:00

... 2 3 4 5 6 ...

13327 Commits