mbedtls

mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-06-17 09:53:06 +08:00

Author	SHA1	Message	Date
Max Fillinger	2fe35f61bf	Create MBEDTLS_SSL_KEYING_MATERIAL_EXPORT option Add the option MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to mbedtls_config.h to control if the function mbedtls_ssl_export_keying_material() should be available. By default, the option is disabled. This is because the exporter for TLS 1.2 requires client_random and server_random need to be stored after the handshake is complete. Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 16:53:58 +01:00
Max Fillinger	281fb79116	Remove TLS 1.2 Exporter if we don't have randbytes The TLS-Exporter in TLS 1.2 requires client_random and server_random. Unless MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined, these aren't stored after the handshake is completed. Therefore, mbedtls_ssl_export_keying_material() exists only if either MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined or MBEDTLS_SSL_PROTO_TLS1_2 is not defined. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:58 +01:00
Max Fillinger	dbe864569e	Fix typos in comments Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:58 +01:00
Max Fillinger	7b72220d42	Fix coding style Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 16:53:58 +01:00
Max Fillinger	81dfc8830b	Actually set exporter defaults in ssl_client2 Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:57 +01:00
Max Fillinger	b2718e17e6	Add TLS-Exporter options to ssl_client2 Prints out the exported key on the command line for testing purposes. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:57 +01:00
Ben Taylor	47111a1cb1	initial remove of mbedtls_ssl_conf_rng Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-03-26 13:32:10 +00:00
Ben Taylor	440cb2aac2	Remove RNG from x509 and PK remove the f_rng and p_rng parameter from x509 and PK. Signed-off-by: Ben Taylor <ben.taylor@linaro.org>	2025-03-26 08:17:38 +00:00
Gabor Mezei	e99e591179	Remove key exchange based on encryption/decryption Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2025-03-20 17:53:07 +01:00
Minos Galanakis	7134e52dec	programs -> ssl_client2.c: Added option renego_delay to set record buffer depth. Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>	2025-03-13 11:06:43 +00:00
Valerio Setti	73cd415c0b	programs: remove DHM_C from ssl_client2 and ssl_server2 MBEDTLS_DHM_C is being removed so all its occurencies should be removed as well. Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2025-03-05 10:11:22 +01:00
Bence Szépkúti	cd0fb1d178	Merge pull request #9105 from jetm/ssl-client2-get-req-host ssl_client2: Add Host to HTTP GET request	2024-10-31 11:32:49 +00:00
Gilles Peskine	99b57bd35a	Merge pull request #1272 from eleuzi01/forward-1263 Fix 1.3 cli-auth optional reporting of (ext)KeyUsage issues	2024-08-28 19:38:36 +02:00
Manuel Pégourié-Gonnard	92a391e0fe	Always print detailed cert errors in test programs Previously the client was only printing them on handshake success, and the server was printing them on success and some but not all failures. This makes ssl-opt.sh more consistent as we can always check for the presence of the expected message in the output, regardless of whether the failure is hard or soft. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2024-08-16 17:24:05 +01:00
Gilles Peskine	0858fdca38	Merge pull request #9189 from misch7/fix-v3.6-issues-9186-and-9188 Fix build of v3.6 (issues #9186 and #9188)	2024-08-12 09:34:17 +00:00
Michael Schuster	0420093795	Adjust spacing in sample programs Signed-off-by: Michael Schuster <michael@schuster.ms>	2024-08-09 10:29:58 +01:00
Michael Schuster	8db8d6182f	Fix missing-prototype errors in sample programs Signed-off-by: Michael Schuster <michael@schuster.ms>	2024-08-09 10:29:58 +01:00
Elena Uziunaite	8dde3b3dec	Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-08-05 15:41:58 +01:00
Elena Uziunaite	b476d4bf21	Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384 Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>	2024-07-03 10:20:41 +01:00
Javier Tia	1aef649dde	ssl_client2: Add Host to HTTP GET request If an IP address shares multiple domain names with different SSL certificates and makes a GET request without the remote server name (host), it will fail with a 421 Misdirect Request. Signed-off-by: Javier Tia <javier.tia@linaro.org>	2024-05-06 14:39:33 -06:00
Ronald Cron	7201bc6b05	ssl_client2: Fix early data log Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-03-08 16:03:09 +01:00
Manuel Pégourié-Gonnard	e33b349c90	Merge pull request #8864 from valeriosetti/issue8848 Deprecate or remove mbedtls_pk_wrap_as_opaque	2024-03-01 15:54:32 +00:00
Ronald Cron	9b4e964c2c	Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data TLS 1.3: Add mbedtls_ssl_write_early_data() API	2024-02-29 14:31:55 +00:00
Valerio Setti	7541ebea52	programs: remove usage of mbedtls_pk_wrap_as_opaque() from tests This is replaced with: mbedtls_pk_get_psa_attributes() + mbedtls_pk_import_into_psa() + mbedtls_pk_setup_opaque(). Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>	2024-02-27 10:44:33 +01:00
Ronald Cron	0aead12706	ssl_client2: Improve loop writing early data Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-21 17:37:33 +01:00
Ronald Cron	b4fd47e897	ssl_client2: Default to library default for early data enablement Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-21 17:37:33 +01:00
Ronald Cron	a5561893e7	ssl_client2: Add support for early data writing Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-07 08:06:46 +01:00
Ronald Cron	2fe0ec8c31	ssl_client2: Add buffer overflow check Add buffer overflow check to build_http_request(). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-07 08:06:46 +01:00
Ronald Cron	ccfaefa361	ssl_client2: Switch from int to size_t Switch from int to size_t for some data lengths and counter local variables. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-07 08:06:46 +01:00
Ronald Cron	4e1bd470fb	ssl_client2: Move code to build http request Move code to build http request into a dedicated function. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-07 08:06:46 +01:00
Ronald Cron	54a3829453	ssl_client2: Simplify early_data option No need to define specific early data, the idea is rather to just send the usual request data as early data instead of standard application data. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2024-02-07 08:06:46 +01:00
Benson Liou	6d0a093582	use mbedtls_ssl_session_init() to init session variable Use mbedtls_ssl_session_init() to init variable just like session-family APIs described Signed-off-by: Benson Liou <benson.liou@sony.com>	2023-12-27 22:03:24 +08:00
Xiaokang Qian	a9581d2d5f	Fix CI failure of uninitialized fp Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-11 01:50:34 +00:00
Xiaokang Qian	aedfc0932b	Revert to ae952174a7 and addressing some comments Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-08 10:43:24 +00:00
Xiaokang Qian	963468035d	Add the test framework of early data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-07 09:19:43 +00:00
Xiaokang Qian	daddfb520d	Open the file once read in the file path Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-07 08:14:30 +00:00
Xiaokang Qian	35c026c09e	Read early data file Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-07 06:10:34 +00:00
Xiaokang Qian	2a8035b495	Add read early data code Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-07 03:54:40 +00:00
Xiaokang Qian	57db590586	Rework to revert the early_data enabled flag We have two options for early data. early_data to indicate early data enable or not. early_data_file to provide path file to read early data from Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-07 03:29:22 +00:00
Xiaokang Qian	ae952174a7	Enable early data depend on whether the early data file exist Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-06 10:27:27 +00:00
Xiaokang Qian	611c717c02	Sync the early_data option with internal parameters in ssl_client2 Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-06 09:24:58 +00:00
Xiaokang Qian	f8fe11d14d	Remove the generic file read functions and simply the early data read Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-06 07:40:50 +00:00
Xiaokang Qian	eaebedb30b	Refine the detect code to enable early data or not Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-06 02:55:16 +00:00
Xiaokang Qian	b1db72923e	Rename the generic read functions to ssl_read_file_text Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-06 02:33:38 +00:00
Xiaokang Qian	6c678d7543	Improve the comments of early data input Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-06 02:20:51 +00:00
Xiaokang Qian	70fbdcf904	Change early data flag to input file Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2023-12-05 05:50:08 +00:00
Yanray Wang	d5ed36ff24	early data: rename configuration function Rename mbedtls_ssl_tls13_conf_early_data as mbedtls_ssl_conf_early_data since in the future this may not be specific to TLS 1.3. Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2023-11-07 11:49:24 +08:00
Dave Rodgman	16799db69a	update headers Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-11-02 19:47:20 +00:00
Paul Elliott	afc6a992c5	Merge pull request #8381 from gilles-peskine-arm/20231017-misc-cleanup Cleanups in test code	2023-10-30 18:08:01 +00:00
Gilles Peskine	a0e810de4b	Convey that it's ok for mbedtls_ssl_session_save to fail mbedtls_ssl_session_save() always outputs the output length, even on error. Here, we're only calling it to get the needed output length, so it's ok to ignore the return value. Convey this to linters. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-10-17 16:04:27 +02:00

1 2 3 4 5 ...

651 Commits