yuzu-mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/yuzu-mirror/mbedtls.git synced 2025-12-06 07:12:32 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity
28009 commits 89 branches 205 tags 114 MiB
Commit graph

604 commits

Author SHA1 Message Date
Yanray Wang d976673dd6 Add build version to the output of ssl_client2 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2022-10-18 10:53:49 +08:00
Xiaokang Qian bc663a0461 Refine code based on commnets 
Change code layout
Change hostname_len type to size_t
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:01 +00:00
Xiaokang Qian adf84a4a8c Remove public api mbedtls_ssl_reset_hostname() 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:05:11 +00:00
Xiaokang Qian fb8ac46add Change the name of servername when re-connect 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:44 +00:00
Xiaokang Qian 281fd1bdd8 Add server name check when proposeing pre-share key 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:41 +00:00
Manuel Pégourié-Gonnard e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2 
Permissions 2b: TLS 1.3 sigalg selection
 2022-09-28 09:50:04 +02:00
Paul Elliott 2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets 
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
 2022-09-23 15:48:33 +01:00
Manuel Pégourié-Gonnard d433cd7d07
Merge pull request #6283 from mpg/driver-only-hashes-wrap-up 
Driver only hashes wrap-up
 2022-09-21 08:29:46 +02:00
Ronald Cron 50969e3af5 ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-20 15:57:57 +02:00
Jerry Yu 7a51305478 Add multi-session tickets test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-19 14:26:07 +08:00
Ronald Cron be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00
Manuel Pégourié-Gonnard e896705c1a Take advantage of legacy_or_psa.h being public 
Opportunities for using the macros were spotted using:

    git grep -E -n -A2 'MBEDTLS_(MD|SHA)[0-9]+_C' | egrep 'PSA_WANT_ALG_(MD|SHA)'

then manually filtering the results.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:03:52 +02:00
Przemek Stekiel 632939df4b ssl_client2: print pk key name when provided using key_opaque_algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Jerry Yu 4746b10c2e fix various issues 
- Format issues
- Possible memory leak
- Improve naming and comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 15:37:46 +08:00
Andrzej Kurek 0bc834b27f Enable signature algorithms in ssl programs with PSA based hashes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:37:46 -04:00
Jerry Yu 0203534c64 Add session save after got new session ticket 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Andrzej Kurek cccb044804 Style & formatting fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-23 05:26:02 -04:00
Andrzej Kurek 8c95ac4500 Add missing dependencies / alternatives 
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate, 
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-22 17:46:50 -04:00
Jerry Yu 2b4f02d7fb Add new_session_ticket err handler 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Jerry Yu 202919c23d refine supported sig alg print 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:18:29 +08:00
Jerry Yu 64f410c246 Add tls13 sig alg parameters 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:09 +08:00
Manuel Pégourié-Gonnard 9bc53a2e84
Merge pull request #5806 from josesimoes/fix-3031 
Remove prompt to exit in all programs
 2022-05-12 10:50:31 +02:00
Shaun Case 8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:51 +01:00
josesimoes 23419560c9 Remove prompt to exit in all programs 
Signed-off-by: José Simões <jose.simoes@eclo.solutions>
 2022-05-06 17:11:22 +01:00
Przemek Stekiel cb20d202d2 Further code optimization 
- key_opaque_set_alg_usage(): set alg/usage in loop
- key_opaque_set_alg_usage(): add key paramteter to set default alg/usage if it is not specified by command line parameters
- unify default alg/usage for client and server
- optimize opaque code on client and server side

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-06 09:34:30 +02:00
Przemek Stekiel 1d25e076f3 ssl_client2: fix default key opaque algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 11:05:10 +02:00
Przemek Stekiel 488efa05b6 Fix compiler warnings: initialize local variables: psa_alg, psa_alg2, psa_usage 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel 092128324f ssl_client2/ss_server2: optimize code for opaque key 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel 89132a6ab0 Fix call to mbedtls_pk_wrap_as_opaque(): use usage variable instead PSA_KEY_USAGE_SIGN_HASH 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel a17b5c6ba2 ssl_client: use key opaque algs given from command line 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel 77fc9ab1ba Fix typos and code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel f1822febc4 ssl client: add key_opaque_algs command line option 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Manuel Pégourié-Gonnard 068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque 
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
 2022-05-02 09:06:49 +02:00
Neil Armstrong 94e371af91 Update mbedtls_pk_wrap_as_opaque() usage in SSL client2 & server2 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-28 13:27:59 +02:00
Przemek Stekiel b293aaa61b Enable support for psa opaque DHE-PSK key exchange on the client side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00
Przemek Stekiel 19b80f8151 Enable support for psa opaque ECDHE-PSK key exchange on the client side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel fc72e428ed ssl_client2: Enable support for TLS 1.2 RSA-PSK opaque ciphersuite 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Glenn Strauss e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version 
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss 60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version 
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:12 -04:00
Jerry Yu 3a58b462b6 add pss_rsae_sha{384,512} 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Przemek Stekiel 3f076dfb6d Fix comments for conditional compilation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-04 09:36:46 +01:00
Przemyslaw Stekiel 169f115bf0 ssl_client2: init psa crypto for TLS 1.3 build 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 17:15:04 +01:00
Manuel Pégourié-Gonnard 6f20595b6e
Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity 
Clarify key types message from ssl_client2 and ssl_server2
 2022-02-03 11:33:03 +01:00
Manuel Pégourié-Gonnard 1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs 
Resolve problems with reduced configs using USE_PSA_CRYPTO
 2022-02-02 10:20:26 +01:00
Gilles Peskine 05bf89da34 Clarify key types message from ssl_client2 and ssl_server2 
If no key is loaded in a slot, say "none", not "invalid PK".

When listing two key types, use punctuation that's visibly a sequence
separator (",").

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 17:50:25 +01:00
Jerry Yu 11f0a9c2c4 fix deprecated-declarations error 
replace sig_hashes with sig_alg

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Manuel Pégourié-Gonnard fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite 
Add accessors for ciphersuite info
 2022-01-24 11:13:31 +01:00
Glenn Strauss 6eef56392a Add tests for accessors for ciphersuite info 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-01-23 08:37:02 -05:00
Andrzej Kurek 7a58d5283b Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED 
Fix dependencies across test ssl programs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:34:02 -05:00
Andrzej Kurek 03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO 
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-03 12:53:24 +01:00
Ronald Cron 6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:47:55 +01:00
Xiaofei Bai d25fab6f79 Update based on comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-12-02 06:36:27 +00:00
Xiaofei Bai 6dc90da740 Rebased on 74217ee and add fixes 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:12:43 +00:00
Xiaofei Bai 9539501120 Rebase and add fixes 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:09:26 +00:00
Xiaofei Bai 746f9481ea Fix 1_3/13 usages in macros and function names 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
XiaokangQian 4d2329fd8a Change code based on reviews 
Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-25 02:21:16 +00:00
XiaokangQian 25476a48b9 Change code based on review 
Remove useless component in all.sh
Remove use server logs in ssh-opt.sh
Remove useless guards in ssl_client2.c

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-23 14:01:21 +00:00
XiaokangQian ff5f6c8bb0 Refine test code and test scripts 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-23 08:49:51 +00:00
XiaokangQian f977e9af6d Add componet test and rsa signature options 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-23 07:19:23 +00:00
XiaokangQian bdf26de384 Fix test failure and remove useless code 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 09:52:56 +00:00
XiaokangQian 4b82ca1b70 Refine test code and test scripts 
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 05:50:12 +00:00
paul-elliott-arm 61f797adfd
Merge pull request #5111 from mprse/aps_mem_leak 
ssl_client2, ssl_server2: add check for psa memory leaks
 2021-11-17 11:54:44 +00:00
Przemyslaw Stekiel d6914e3196 ssl_client2/ssl_server2: Rework ordering of cleanup 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-10 10:46:11 +01:00
Przemyslaw Stekiel 505712338e ssl_client2: move memory leak check before rng_free() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-03 14:19:52 +01:00
Przemyslaw Stekiel 53de2622f3 Move psa_crypto_slot_management.h out from psa_crypto_helpers.h 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-03 09:35:35 +01:00
Przemyslaw Stekiel bbb22bbd9e ssl_client2/ssl_server2: Move is_psa_leaking() before mbedtls_psa_crypto_free() (and rng_free()) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-03 09:06:09 +01:00
Manuel Pégourié-Gonnard 0dbe1dfa1c
Merge pull request #4859 from brett-warren-arm/supported_groups 
Add mbedtls_ssl_conf_groups to API
 2021-11-02 10:49:09 +01:00
Brett Warren 25386b7652 Refactor ssl_{server2,client2} for NamedGroup IDs 
Signed-off-by: Brett Warren <brett.warren@arm.com>
 2021-10-29 14:07:46 +01:00
Przemyslaw Stekiel fed825a9aa ssl_client2, ssl_server2: add check for psa memory leaks 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-10-29 12:32:26 +02:00
Manuel Pégourié-Gonnard 9317e09d15
Merge pull request #5007 from mprse/pk_opaque 
Add key_opaque option to ssl_server2.c + test
 2021-10-27 10:52:13 +02:00
Przemyslaw Stekiel c2d2f217fb ssl_client2/ssl_server_2: use PSA_ALG_ANY_HASH as algorithm for opaque key 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-10-26 12:24:34 +02:00
Andrzej Kurek 5902cd64e2 Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on 
This option only gated an ability to set a callback,
but was deemed unnecessary as it was yet another define to
remember when writing tests, or test configurations. Fixes #4653.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2021-09-29 10:15:42 -04:00
Manuel Pégourié-Gonnard e45ee40f7e
Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api 
Add TLS 1.3 ciphersuite and key exchange identifiers and API
 2021-08-30 09:47:46 +02:00
Jerry Yu 31c01d303e Rename available values for tls13_kex_modes 
Rename `psk_pure` to `psk` and `ephemeral_pure` to `ephemeral`

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-08-25 18:13:53 +08:00
Jerry Yu 447a3bee17 fix wrong typo and format issues 
Change-Id: I99a4c7d28c26bfcc43bc8947485d1dfafb6974dc
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-08-18 09:55:36 +08:00
Jerry Yu 7276f13c93 fix comments for sig_algs parser 
Change-Id: I68bd691c4b67fb18ff9d55ead34f5517b1b981de
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-08-17 18:25:57 +08:00
Hanno Becker cfa4d4b3f5 ssl_client2: Adjust usage string to recognized cmd line parameter 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-12 06:31:14 +01:00
Hanno Becker 2c0f697fbc Support TLS 1.3 key exchange config in ssl_client2/ssl_server2 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-12 06:31:14 +01:00
Hanno Becker 11ceadd382 Add cmdline param for TLS 1.3 sig alg config to ssl_{client,server}2 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-08-10 13:55:46 +01:00
Jerry Yu 2a572cf376 Move socket setup behind ssl structure setup. 
If socket setup fail, ssl structure setup won't be called.
And the order of them do not affect final result, but it
will break ssl setup negative tests.

Change the order can fix that.

issue: #4844

Change-Id: I2488ed5f74773421eb1eac0cfd7f1ce4fbb0b32d
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-08-09 18:57:24 +08:00
Jerry Yu b1dc59a125 Add tls1.3 parameters to ssl_{client,server2} 
To support tls1.3 relative tests, add `tls1_3`
parameter for `{min,max}_version` and `force_version`

issues: #4844

Change-Id: I1b22a076582374b8aabc733086562e9d03a94a2a
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-08-09 18:57:24 +08:00
Gilles Peskine e9bc857327
Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export 
Implement modified key export API for Mbed TLS 3.0
 2021-06-22 18:52:37 +02:00
Manuel Pégourié-Gonnard 508d3a5824
Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext 
Remove truncated HMAC extension
 2021-06-22 11:53:10 +02:00
Hanno Becker 7e6c178b6d Make key export callback and context connection-specific 
Fixes #2188

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Hanno Becker c4c38caca5 Adjust example programs to new key export API 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Hanno Becker 2d6e6f8fec Remove '_ext' suffix from SSL key exporter API 
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard 9a32d45819
Merge pull request #4517 from hanno-arm/ticket_api_3_0 
Implement 3.0-API for SSL session resumption
 2021-06-18 18:34:45 +02:00
Manuel Pégourié-Gonnard 84dea01f36 Add RNG params to private key parsing 
This is necessary for the case where the public part of an EC keypair
needs to be computed from the private part - either because it was not
included (it's an optional component) or because it was compressed (a
format we can't parse).

This changes the API of two public functions: mbedtls_pk_parse_key() and
mbedtls_pk_parse_keyfile().

Tests and programs have been adapted. Some programs use a non-secure RNG
(from the test library) just to get things to compile and run; in a
future commit this should be improved in order to demonstrate best
practice.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2021-06-17 09:38:38 +02:00
Thomas Daubney 22989d027a Removes MBEDTLS_SSL_TRUNCATED_HMAC code from ssl programs 
Commit removes code dependent on
MBEDTLS_SSL_TRUNCATED_HMAC from SSL
client and sever example programs.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2021-06-16 16:19:53 +01:00
Ronald Cron c4c761e35e Merge remote-tracking branch 'mbedtls/development' into mbedtls_private_with_python 
Conflicts:
    include/mbedtls/ssl.h
    include/psa/crypto_struct.h

Conflicts fixed by using the code from development branch
and manually re-applying the MBEDTLS_PRIVATE wrapping.
 2021-06-14 16:17:32 +02:00
Manuel Pégourié-Gonnard 16fdab79a5
Merge pull request #4382 from hanno-arm/max_record_payload_api 
Remove MFL query API and add API for maximum plaintext size of incoming records
 2021-06-08 11:07:27 +02:00
Hanno Becker 59d3670fa5 Fix ssl-opt.sh test cases grepping for MFL configuration output 
Use and grep for the new max in/out record payload length API instead.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-06-08 05:35:29 +01:00
Mateusz Starzyk e7dce558c9 Merge branch 'development' into mbedtls_private_with_python 
Conflicts:
	include/mbedtls/ssl.h

Conflicts resolved by using code from development branch and
manually re-applying MBEDTLS_PRIVATE wrapping.
 2021-05-27 16:02:46 +02:00
TRodziewicz 4ca18aae38 Corrections after the code review 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 13:38:00 +02:00
TRodziewicz 6370dbeb1d Remove the _SSL_FALLBACK_ parts 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:49:59 +02:00
TRodziewicz 55bd84bebc Correction to the ssl client/server usage comment. 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:48:40 +02:00
TRodziewicz 28126050f2 Removal of constants and functions and a new ChangeLog file 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:48:12 +02:00
TRodziewicz 0f82ec6740 Remove the TLS 1.0 and 1.1 support 
Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>
 2021-05-24 12:45:20 +02:00
Hanno Becker 9752aadd85 Make query API for state of MFL extension internal 
This commit makes the API

- mbedtls_ssl_get_output_max_frag_len()
- mbedtls_ssl_get_input_max_frag_len()
- mbedtls_ssl_get__max_frag_len()

for querying the state of the Maximum Fragment Length
extension internal.

Rationale: The value those APIs provide to the user is in
upper bounds for the size of incoming and outgoing records,
which can be used to size application data buffers apporpriately
before passing them to mbedtls_ssl_{read,write}(). However,
there are other factors which influence such upper bounds,
such as the MTU or other extensions (specifically, the
record_size_limit extension which is still to be implemented)
which should be taken into account.

There should be more general APIs for querying the maximum
size of incoming and outgoing records.

For the maximum size of outgoing records, we already have such,
namely mbedtls_ssl_get_max_out_record_payload().

For the maximum size of incoming records, a new API will be
added in a subsequent commit.

Signed-off-by: Hanno Becker <hanno.becker@arm.com>
 2021-05-23 06:03:55 +01:00
Mateusz Starzyk 6c2e9b6048 Add MBEDTLS_ALLOW_PRIVATE_ACCESS to test programs 
Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>
 2021-05-21 18:10:44 +02:00