mbedtls

mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-06-21 12:49:36 +08:00

Author	SHA1	Message	Date
Max Fillinger	d23579c746	Fix requirements for TLS 1.3 Exporter compat test Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:08:12 +01:00
Max Fillinger	22728dc5e3	Use mbedtls_calloc, not regular calloc Also fix the allocation size. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:08:12 +01:00
Max Fillinger	4e21703bcf	Add fixed compatibility test for TLS 1.3 Exporter When testing TLS 1.3, use O_NEXT_CLI. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:08:12 +01:00
Max Fillinger	7b97712164	Remove exporter compatibility test for TLS 1.3 The openssl version in the docker image doesn't support TLS 1.3, so we can't run the test. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:08:12 +01:00
Max Fillinger	6d53a3a647	Fix openssl s_client invocation Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:08:12 +01:00
Max Fillinger	f8059db4ee	Print names of new tests properly Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:08:12 +01:00
Max Fillinger	144cccecb7	Fix memory leak in example programs Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:08:12 +01:00
Max Fillinger	92b7a7e233	ssl-opt.sh: Add tests for keying material export Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:08:12 +01:00
Max Fillinger	ee467aae69	mbedtls_test_ssl_do_handshake_with_endpoints: Zeroize endpoints Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 17:08:12 +01:00
Max Fillinger	d6e0095478	Exporter tests: Don't use unavailbable constant Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:08:12 +01:00
Max Fillinger	8e0b8c9d9f	Exporter tests: Add missing depends-ons Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:08:10 +01:00
Max Fillinger	c6fd1a24d2	Use one maximum key_len for all exported keys Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:06:48 +01:00
Max Fillinger	a9a9e99a6b	Exporter tests: Reduce key size in long key tests Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:06:48 +01:00
Max Fillinger	9dc7b19a6a	Exporter tests: Free endpoints before PSA_DONE() Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:06:48 +01:00
Max Fillinger	364afea9d3	Exporter tests: Fix possible uninitialized variable use Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 17:06:48 +01:00
Max Fillinger	ea1e777c01	Coding style cleanup Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 17:06:48 +01:00
Max Fillinger	8a2d2adf8c	Exporter tests: Initialize allocated memory Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 17:06:48 +01:00
Max Fillinger	8f12e31223	Exportert tests: Free endpoints and options Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 17:06:48 +01:00
Max Fillinger	3e1291866d	Fix output size check for key material exporter HKDF-Expand can produce at most 255 * hash_size bytes of key material, so this limit applies to the TLS 1.3 key material exporter. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:06:48 +01:00
Max Fillinger	28916ac8fe	Increase allowed output size of HKDF-Expand-Label Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:06:48 +01:00
Max Fillinger	cf007ca8bb	Add more tests for keying material export Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 17:06:47 +01:00
Max Fillinger	a5b63c5e40	Mention MBEDTLS_SSL_KEYING_MATERIAL_EXPORT in change log Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:58 +01:00
Max Fillinger	0747388254	Fix #endif comment Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:58 +01:00
Max Fillinger	51bec543bb	Enable MBEDTLS_SSL_KEYING_MATERIAL_EXPORT by default Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:58 +01:00
Max Fillinger	2fe35f61bf	Create MBEDTLS_SSL_KEYING_MATERIAL_EXPORT option Add the option MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to mbedtls_config.h to control if the function mbedtls_ssl_export_keying_material() should be available. By default, the option is disabled. This is because the exporter for TLS 1.2 requires client_random and server_random need to be stored after the handshake is complete. Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 16:53:58 +01:00
Max Fillinger	281fb79116	Remove TLS 1.2 Exporter if we don't have randbytes The TLS-Exporter in TLS 1.2 requires client_random and server_random. Unless MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined, these aren't stored after the handshake is completed. Therefore, mbedtls_ssl_export_keying_material() exists only if either MBEDTLS_SSL_CONTEXT_SERIALIZATION is defined or MBEDTLS_SSL_PROTO_TLS1_2 is not defined. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:58 +01:00
Max Fillinger	c9f2c9adba	Revert "Store randbytes for TLS 1.2 TLS-Exporter" This reverts commit cb01dd1333f8083af469e9a0c59f316f1eb0cfe3. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:58 +01:00
Max Fillinger	dbe864569e	Fix typos in comments Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:58 +01:00
Max Fillinger	155cea0900	Use fewer magic numbers in TLS-Exporter functions Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:58 +01:00
Max Fillinger	f2dda15ce8	Add label length argument to tls_prf_generic() This way, it's not required that the label is null-terminated. This allows us to avoid an allocation in mbedtls_ssl_tls12_export_keying_material(). Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:58 +01:00
Max Fillinger	48150f5dc3	Store randbytes for TLS 1.2 TLS-Exporter Previously, if MBEDTLS_SSL_CONTEXT_SERIALIZATION is not defined, randbytes are not stored after the handshake is done, but they are needed for TLS-Exporter in TLS 1.2. This commit also saves randbytes if MBEDTLS_SSL_PROTO_TLS1_2 is defined. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:58 +01:00
Max Fillinger	e10c9849e2	Fix coding style Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 16:53:58 +01:00
Max Fillinger	29beade80f	Fix build when one of TLS 1.2 or 1.3 is disabled Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 16:53:58 +01:00
Max Fillinger	7b72220d42	Fix coding style Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 16:53:58 +01:00
Max Fillinger	9073e041fc	Fix TLS exporter changelog entry Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 16:53:58 +01:00
Max Fillinger	ae7d66a1d5	Fix doxygen comment parameter name Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 16:53:57 +01:00
Max Fillinger	5561994020	Fix typos in comment Signed-off-by: Max Fillinger <max@max-fillinger.net>	2025-03-28 16:53:57 +01:00
Max Fillinger	9c9989fc6d	Fix mismatches in function declarations Missed some const keywords in function declarations. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:57 +01:00
Max Fillinger	91cff4406b	Fix key_len check in TLS-Exporter The length of the generated key must fit into a uint16_t, so it must not be larger than 0xffff. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:57 +01:00
Max Fillinger	81dfc8830b	Actually set exporter defaults in ssl_client2 Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:57 +01:00
Max Fillinger	334c367052	Simplify mbedtls_ssl_tls13_exporter RFC 8446 made it look like we can't use Derive-Secret for the second step, but actually, Transcript-Hash and Hash are the same thing, so we can. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:57 +01:00
Max Fillinger	c7986427d4	Add test for TLS-Exporter in TLS 1.3 Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:57 +01:00
Max Fillinger	136fe9e4be	Fix commented out function declaration Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:57 +01:00
Max Fillinger	b84cb4b049	Add changelog entry for TLS-Exporter feature Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:57 +01:00
Max Fillinger	b2718e17e6	Add TLS-Exporter options to ssl_client2 Prints out the exported key on the command line for testing purposes. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:57 +01:00
Max Fillinger	32ba7f4a17	Add TLS-Exporter options to ssl_server2 The program prints out the derived symmetric key for testing purposes. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:57 +01:00
Max Fillinger	bd81c9d0f7	Implement TLS-Exporter feature The TLS-Exporter is a function to derive shared symmetric keys for the server and client from the secrets generated during the handshake. It is defined in RFC 8446, Section 7.5 for TLS 1.3 and in RFC 5705 for TLS 1.2. Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>	2025-03-28 16:53:57 +01:00
Manuel Pégourié-Gonnard	064f68ec85	Merge pull request #10032 from valeriosetti/psasim-doc-update psasim: update README file	2025-03-28 09:11:13 +00:00
Manuel Pégourié-Gonnard	e57ea21a1c	Merge pull request #10042 from bjwtaylor/remove-ssl-conf Remove mbedtls_ssl_conf_rng()	2025-03-27 14:05:42 +00:00
David Horstmann	06bdb16719	Merge pull request #10000 from bjwtaylor/remove-sample-programs Delete some sample programs	2025-03-27 09:47:10 +00:00

1 2 3 4 5 ...

33070 Commits