mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-31 00:32:50 +00:00

Author	SHA1	Message	Date
Waleed Elmelegy	26e3698357	Revert back checking on handshake messages length Revert back checking on handshake messages length due to limitation on our fragmentation support of handshake messages. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-14 16:23:25 +00:00
Waleed Elmelegy	05d670b711	Revert "Skip checking on maximum fragment length during handshake" This reverts commit 419f841511e0e26e846b6d512094fd935b03ef2d. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-14 16:23:10 +00:00
Wenxing Hou	3b9de38208	Make clienthello comment clear Signed-off-by: Wenxing Hou <wenxing.hou@intel.com>	2023-12-14 22:44:08 +08:00
Joakim Andersson	b349108b99	library: Move mbedtls_ecc helper functions to psa_util Move the mbedtls_ecc helper functions from psa_core to psa_util. These files are not implemented as part of the PSA API and should not be part of the PSA crypto implementation. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>	2023-12-14 13:55:11 +01:00
Dave Rodgman	69928dbe86	Fix compile warning from IAR Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-12-14 12:09:18 +00:00
Dave Rodgman	650674bb41	Add MBEDTLS_BSWAPxx intrinsics for IAR Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-12-14 12:08:57 +00:00
Dave Rodgman	f3c04f3f47	Better definition of MBEDTLS_IS_BIG_ENDIAN for IAR Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-12-14 12:08:57 +00:00
Manuel Pégourié-Gonnard	1f67363d6a	Merge pull request #8616 from lpy4105/issue/8553/test-driver-only-rsa Add test for driver-only RSA (crypto only)	2023-12-14 11:05:55 +00:00
Manuel Pégourié-Gonnard	001fb73131	Merge pull request #8612 from valeriosetti/issue8601 Quit using enrollment in pkparse	2023-12-13 14:55:34 +00:00
Manuel Pégourié-Gonnard	ea6b3c030d	Merge pull request #8605 from valeriosetti/issue8600 Quit using enrollment alg in for ECDSA in PK	2023-12-12 16:53:15 +00:00
Joakim Andersson	c5b7285da9	library: Remove unused psa_crypto_core.h include Remove unused psa_crypto_core.h include. The PSA util file provides helper functions when using the PSA API. It should not rely on PSA internal headers, and instead only use public headers. Signed-off-by: Joakim Andersson <joakim.andersson@nordicsemi.no>	2023-12-11 21:25:44 +01:00
Tom Cosgrove	656d4b3c74	Avoid use of `ip_len` as it clashes with a macro in AIX system headers Fixes #8624 Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2023-12-08 21:51:15 +00:00
Pengyu Lv	f75893bb36	Update comments Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 17:40:00 +08:00
Pengyu Lv	e9efbc2aa5	Error out when get domain_parameters is not supported From time being, domain_parameters could not be extracted from driver. We need to return error to indicate this situation. This is temporary and would be fixed after #6494. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 17:30:26 +08:00
Pengyu Lv	94a42ccb3e	Add tls13 in ticket flags helper function names ``` sed -i \ "s/\(mbedtls_ssl\)_\(session_\(\w_\)\?ticket\)/\1_tls13_\2/g" \ library/.[ch] ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 11:12:46 +08:00
Yanray Wang	90acdc65e5	tl13: srv: improve comment Improve comment when received version 1.2 of the protocol while TLS 1.2 is disabled on server side. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-08 11:00:38 +08:00
Yanray Wang	2bef917a3c	tls13: srv: return BAD_PROTOCOL_VERSION if chosen unsupported version Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-08 11:00:35 +08:00
Yanray Wang	177e49ad7a	tls13: srv: improve DEBUG_MSG in case of TLS 1.2 disabled Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-08 11:00:33 +08:00
Yanray Wang	408ba6f7b8	tls13: srv: replace with internal API to check is_tls12_enabled Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-12-08 11:00:30 +08:00
Pengyu Lv	abd844f379	Fix wrong format in the function doc Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	02e72f65da	Reword return value description for mbedtls_ssl_tls13_is_kex_mode_supported Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	bc4aab7673	Add "_is_" to functions ssl_tls13_key_exchange_._available Done by command: ``` sed -i \ "s/ssl_tls13_key_exchange_\(.\)_available/ssl_tls13_key_exchange_is_\1_available/g" \ library/*.[ch] ``` Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	b2cfafbb9e	Consistent renaming Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	2333b826f4	tls13: srv: rename mbedtls_ssl_tls13_check_kex_modes The function is renamed to `mbedtls_ssl_tls13_is_kex_mode_supported` and the behaviour is reversed. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	0a1ff2b969	Consistent renaming Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	4f537f73fa	tls13: rename mbedtls_ssl_session_check_ticket_flags The function is renamed to mbedtls_ssl_session_ticket_has_flags. Descriptions are added. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:58 +08:00
Pengyu Lv	d72e858fd1	tls13: srv: rename ssl_tls13_ticket_permission_check The function is renamed to ssl_tls13_ticket_is_kex_mode_permitted Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Pengyu Lv	fc2cb9632b	tls13: rename mbedtls_ssl_conf_tls13_check_kex_modes The function is renamed to mbedtls_ssl_conf_tls13_is_kex_mode_enabled. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Pengyu Lv	60a22567e4	tls13: change return value of mbedtls_ssl_conf_tls13_check_kex_modes To keep the convention in TLS code, check functions should return 0 when check is successful. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Pengyu Lv	981ec14744	tls13: rename ssl_tls13_check_*_key_exchange functions Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-12-08 10:01:57 +08:00
Waleed Elmelegy	419f841511	Skip checking on maximum fragment length during handshake MbedTLS currently does not support maximum fragment length during handshake so we skip it for now. Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-07 18:33:42 +00:00
Ronald Cron	90d07118ad	Merge pull request #6721 from yuhaoth/pr/tls13-early-data-extension-of-nst TLS 1.3: EarlyData SRV: Write `early_data` extension of NewSessionTicket	2023-12-07 09:25:35 +00:00
Gilles Peskine	f3ccfddb45	Merge pull request #8615 from davidhorstmann-arm/fix-cast-potential-overflow Fix possible integer overflows	2023-12-07 00:42:10 +00:00
Gilles Peskine	57e401b39f	Merge pull request #8521 from valeriosetti/issue8441 [G4] Make CTR-DRBG fall back on PSA when AES not built in	2023-12-06 18:25:44 +00:00
David Horstmann	4749007f64	Fix possible integer overflows before widening When calculating a result to go into an mbedtls_ms_time_t, make sure that arithmetic is performed at the final size to prevent overflow. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-12-06 17:22:53 +00:00
Valerio Setti	202bb71dcd	ssl_tls12_server: do not export/import opaque keys Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-06 17:05:24 +01:00
Waleed Elmelegy	9aec1c71f2	Add record size checking during handshake Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>	2023-12-06 15:18:15 +00:00
Jan Bruckner	f482dcc6c7	Comply with the received Record Size Limit extension Fixes #7010 Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2023-12-06 15:18:08 +00:00
Manuel Pégourié-Gonnard	ad4f0ada37	Merge pull request #8514 from mschulz-at-hilscher/fixes/uninitialized-variable-in-ssl_msg Fix uninitialized variable warnings in ssl_msg.c	2023-12-06 11:06:03 +00:00
Valerio Setti	2bd53667d6	pk: guard key enrollment function with PSA_CRYPTO_CLIENT Use key enrollment function only when MBEDTLS_PSA_CRYPTO_CLIENT is enabled, i.e. when the Mbed TLS implementation of PSA Crypto is being used. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2023-12-06 11:24:50 +01:00
Jerry Yu	95648b0134	Some minor improvement - move early data check to `prepare` - avoid `((void) output_len) - replace check with `session_ticket_allow` in 2nd place Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:21:16 +08:00
Jerry Yu	c59c586ac4	change prototype of `write_early_data_ext` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:21:15 +08:00
Jerry Yu	163e12f7ff	remove assignment for `session->max_early_data_size` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:21:09 +08:00
Jerry Yu	ebe1de62f9	fix various issue - rename connection time variable - remove unnecessary comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:20:25 +08:00
Jerry Yu	9e7f9bc253	Add missing debug message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:20:22 +08:00
Jerry Yu	db97163ac7	add ticket max_early_data_size check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:20:13 +08:00
Jerry Yu	5233539d9f	share write_early_data_ext function Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:50 +08:00
Jerry Yu	0069abc141	improve comments of new session ticket Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:46 +08:00
Jerry Yu	1a160703f8	set max_early_data_size of ticket to keep consistent Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:43 +08:00
Jerry Yu	f135bac89c	Add max_early_data_size check Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-12-06 18:18:39 +08:00

... 3 4 5 6 7 ...

12757 Commits