mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-30 15:32:58 +00:00

Author	SHA1	Message	Date
Manuel Pégourié-Gonnard	19dd9f59bc	Merge 1.2 and 1.3 certificate verification Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	843a00dec6	Add support for context f_vrfy callback in 1.3 This was only supported in 1.2 for no good reason. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	fd800c2416	Improve a variable's name Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	5bdadbb1eb	Restrict the scope of a few variables In particular, make sure pointer variables are initialized right after being declared. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Ronald Cron	bfbecf8b34	tls13: Add support for trusted certificate callback Signed-off-by: Ronald Cron <ronald.cron@arm.com> Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	6901504ddb	Allow no authentication of the server in 1.3 See notes about optional two commits ago for why we're doing this. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	58ab9ba0bd	Allow optional authentication of the server in 1.3 This is for compatibility, for people transitioning from 1.2 to 1.3. See https://github.com/Mbed-TLS/mbedtls/issues/9223 "Mandatory server authentication" and reports linked from there. In the future we're likely to make server authentication mandatory in both 1.2 and 1.3. See https://github.com/Mbed-TLS/mbedtls/issues/7080 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	aefc5938b0	Add comments about 1.3 server sending no cert Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	5f9428ac8a	Rm translation code for unused flag We don't check the non-standard nsCertType extension, so this flag can't be set, so checking if it's set is useless. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	7a4aa4d133	Make mbedtls_ssl_check_cert_usage() work for 1.3 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-09-02 12:46:03 +02:00
Manuel Pégourié-Gonnard	4956e32538	Fix 1.3 failure to update flags for (ext)KeyUsage Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-08-16 17:23:47 +01:00
Gilles Peskine	69770aaa7b	Use unsigned long rather than size_t for format string readability Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-06-05 20:54:42 +02:00
Gilles Peskine	a9d4ef0998	Fix uint32_t printed as unsigned int This is ok in practice since we don't support 16-bit platforms, but it makes `arm-none-eabi-gcc-10 -mthumb -Wformat` complain. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2024-06-03 22:16:23 +02:00
Tom Cosgrove	a2c45dc713	Fix compilation of ssl_tls13_generic.c when memcpy() is a function-like macro Fixes #8994 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2024-04-02 14:51:47 +01:00
Ronald Cron	93795f2639	tls13: Improve comment about cast to uint32_t Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-07 09:57:07 +01:00
Ronald Cron	2e7dfd5181	tls13: Remove unnecessary cast from size_t to uint32_t Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-05 13:48:11 +01:00
Ronald Cron	19bfe0a631	tls13: Rename early_data_count to total_early_data_size Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	70eab45ba6	tls13: generic: Fix log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:16 +01:00
Ronald Cron	8571804382	tls13: srv: Enforce maximum size of early data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-01 09:29:09 +01:00
Ronald Cron	9b4e964c2c	Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data TLS 1.3: Add mbedtls_ssl_write_early_data() API	2024-02-29 14:31:55 +00:00
Ronald Cron	5fbd27055d	tls13: Use a flag not a counter for CCS and HRR handling Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-15 17:19:02 +01:00
Ronald Cron	e273f7203d	tls13: client: Improve CCS handling Call unconditionally the CCS writing function when sending a CCS may be necessary in the course of an handshake. Enforce in the writing function and only in the writing function that only one CCS is sent. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-14 10:24:00 +01:00
Manuel Pégourié-Gonnard	e6c80bc6e5	Merge pull request #8755 from ronald-cron-arm/tls13-client-early-data-status TLS 1.3: Refine and test client early data status	2024-02-13 20:36:42 +00:00
Manuel Pégourié-Gonnard	1d7bc1ecdf	Merge pull request #8717 from valeriosetti/issue8030 PSA FFDH: feature macros for parameters	2024-02-07 10:06:03 +00:00
Ronald Cron	fe59ff794d	tls13: Send dummy CCS only once Fix cases where the client was sending two CCS, no harm but better to send only one. Prevent to send even more CCS when early data are involved without having to add conditional state transitions. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-06 16:43:33 +01:00
Manuel Pégourié-Gonnard	32c28cebb4	Merge pull request #8715 from valeriosetti/issue7964 Remove all internal functions from public headers	2024-02-05 15:09:15 +00:00
Valerio Setti	b4f5076270	debug: move internal functions declarations to an internal header file Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-18 15:30:46 +01:00
Gilles Peskine	4d4891e18a	Merge pull request #8666 from valeriosetti/issue8340 Export the mbedtls_md_psa_alg_from_type function	2024-01-18 13:58:55 +00:00
Valerio Setti	ecaf7c5690	ssl_tls: add guards for enabled DH key types Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-17 15:56:30 +01:00
Waleed Elmelegy	3ff472441a	Fix warning in ssl_tls13_generic.c Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:28 +00:00
Waleed Elmelegy	e1ac98d888	remove mbedtls_ssl_is_record_size_limit_valid function Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Waleed Elmelegy	148dfb6457	Change record size limit writing function Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2024-01-10 16:17:27 +00:00
Yanray Wang	faf70bdf9d	ssl_tls13_generic: check value of RecordSizeLimit in helper function Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2024-01-10 16:17:27 +00:00
Tom Cosgrove	3a6059beca	Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit Comply with the received Record Size Limit extension	2024-01-09 15:22:17 +00:00
Valerio Setti	384fbde49a	library/tests: replace md_psa.h with psa_util.h as include file for MD conversion Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-01-02 13:27:32 +01:00
Waleed Elmelegy	049cd302ed	Refactor record size limit extension handling Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-20 17:28:31 +00:00
Waleed Elmelegy	26e3698357	Revert back checking on handshake messages length Revert back checking on handshake messages length due to limitation on our fragmentation support of handshake messages. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-14 16:23:25 +00:00
Waleed Elmelegy	9aec1c71f2	Add record size checking during handshake Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-06 15:18:15 +00:00
Jan Bruckner	f482dcc6c7	Comply with the received Record Size Limit extension Fixes #7010 Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-12-06 15:18:08 +00:00
Jerry Yu	c59c586ac4	change prototype of `write_early_data_ext` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:21:15 +08:00
Jerry Yu	ebe1de62f9	fix various issue - rename connection time variable - remove unnecessary comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:20:25 +08:00
Jerry Yu	5233539d9f	share write_early_data_ext function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:50 +08:00
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Dave Rodgman	8e00fe0cd8	Merge pull request #8309 from daverodgman/iar-warnings2 Fix IAR warnings	2023-10-06 13:24:12 +00:00
Dave Rodgman	2eab462a8c	Fix IAR warnings Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-10-05 13:30:37 +01:00
Gilles Peskine	530c423ad2	Improve some debug messages and error codes On a parsing error in TLS, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE, not a crypto error code. On error paths, emit a level-1 debug message. Report the offending sizes. Downgrade an informational message's level to 3. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-02 15:42:11 +02:00
Gilles Peskine	12c5aaae57	Fix buffer overflow in TLS 1.3 ECDH public key parsing Fix a buffer overflow in TLS 1.3 ServerHello and ClientHello parsing. The length of the public key in an ECDH- or FFDH-based key exchange was not validated. This could result in an overflow of handshake->xxdh_psa_peerkey, overwriting further data in the handshake structure or further on the heap. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-02 15:02:10 +02:00
Gilles Peskine	ff2558a470	Fix unused variable in some TLS 1.3 builds Fix unused variable when MBEDTLS_SSL_PROTO_TLS1_3 and MBEDTLS_SSL_SESSION_TICKETS are enabled but not MBEDTLS_DEBUG_C. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-09-05 21:10:39 +02:00
Valerio Setti	711f853b48	ssl_tls13: fix guard for FFDH function Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-08-11 06:33:52 +02:00
Manuel Pégourié-Gonnard	de8f56e936	Merge pull request #7884 from valeriosetti/issue7612 TLS: Clean up (EC)DH dependencies	2023-08-01 07:13:36 +00:00

1 2 3 4 5 ...

346 Commits