lhuang04
lhuang04
Legacy mbedtls crypto API uses [explicit context](https://mbed-tls.readthedocs.io/en/latest/kb/development/thread-safety-and-multi-threading/), this removes the global variable and makes the thread-safety easily guaranteed . We use mbedtls 2.x for Family of Apps in Meta Platforms....
### Suggested enhancement I found one issue when we tested the following early data fallback 1-RTT test case: * Client completes the initial full handshake with the server and receives...
### Suggested enhancement [ssl_tls13_parse_new_session_ticket_exts](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L3132) no longer parses the early data extension from new session ticket message. We need the following patch to restore it back. Do we have any on-going...
Summary: `CLIENT RANDOM` -> `CLIENT_RANDOM`. This appears a typo as it is [CLIENT_RANDOM](https://github.com/ARMmbed/mbedtls/blob/development/programs/ssl/ssl_test_common_source.c#L72) in upstream and in the [document](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format). Test Plan: `tests/ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: Notes: * Pull requests...
Notes: Add non-PSA crypto support for the client when it uses TLS 1.3. * Update include/mbedtls/check_config.h to allow MBEDTLS_SSL_PROTO_TLS1_3 without MBEDTLS_PSA_CRYPTO_C * Add non-PSA crypto support in TLS 1.3 implementation....
Within the M-profile of the Arm architecture, some instructions admit both a 16-bit and a 32-bit encoding. For those instructions, some assemblers support the use of the .n (narrow) and...
Summary: Courtesy to Bill Warshaw. Fix the calcuation of `obfuscated_ticket_age`, it is [milliseconds](https://datatracker.ietf.org/doc/html/rfc8446#section-4.2.11.1). Test Plan: ``` tests/ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: Notes: * Pull requests cannot be accepted until...
Summary: Courtesy to Bill Warshaw. We found two issues related to early data in client and server, it happens on existing early data API and when MPS is not used....
### Suggested enhancement Should we consider the callback style API to report a new session ticket is received by the client? ### Justification OpenSSL uses [SSL_CTX_sess_set_new_cb](https://github.com/openssl/openssl/blob/master/ssl/ssl_sess.c#L1276) to report a new...
Summary: When the `MBEDTLS_DEBUG_C` is undefined, we saw the following compiler warnining/error. ``` /upstream/library/ssl_tls13_keys.c: In function ‘mbedtls_ssl_tls1_3_generate_resumption_master_secret’: /upstream/library/ssl_tls13_keys.c:890:12: error: variable ‘md_size’ set but not used [-Werror=unused-but-set-variable] size_t md_size; ``` ```...