Add the option MBEDTLS_SSL_KEYING_MATERIAL_EXPORT to mbedtls_config.h
to control if the function mbedtls_ssl_export_keying_material() should
be available. By default, the option is disabled.
This is because the exporter for TLS 1.2 requires client_random and
server_random need to be stored after the handshake is complete.
Signed-off-by: Max Fillinger <max@max-fillinger.net>
Previously, if MBEDTLS_SSL_CONTEXT_SERIALIZATION is not defined,
randbytes are not stored after the handshake is done, but they are
needed for TLS-Exporter in TLS 1.2.
This commit also saves randbytes if MBEDTLS_SSL_PROTO_TLS1_2 is defined.
Signed-off-by: Max Fillinger <maximilian.fillinger@foxcrypto.com>
New abstractions to access ssl->hostname:
mbedtls_ssl_has_set_hostname_been_called() (only implemented approximatively
for now), mbedtls_ssl_get_hostname_pointer(), mbedtls_ssl_free_hostname().
Only access ssl->hostname directly in these functions and in
mbedtls_ssl_set_hostname().
Use these abstractions to access the hostname with the opportunity for
extra checks in mbedtls_ssl_verify_certificate().
No behavior change except for a new log message.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Needed after b81cd1af6418823a2b5ffbd3710ceac9b0e0afa4 (#9671)
since generate_ssl_debug_helpers.py was moved to the framework
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
For backward compatibility with Mbed TLS <=3.5.x, applications must be able
to make a TLS connection with a peer that supports both TLS 1.2 and TLS 1.3,
regardless of whether they call psa_crypto_init(). Since Mbed TLS 3.6.0,
we enable TLS 1.3 in the default configuration, so we must take care of
calling psa_crypto_init() if needed. This is a change from TLS 1.3 in
previous versions, where enabling MBEDTLS_SSL_PROTO_TLS1_3 was a user
choice and could have additional requirement.
This commit makes the library call psa_crypto_init() when it needs PSA
crypto in a situation where the application might not have called it,
namely, when starting a TLS 1.3 connection.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
from ssl.h(public) to ssl_misc.h(private) even if
that means we cannot use the enum type for
early_data_state in ssl.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The main purpose of the change is to
know from the status, at any point in
the handshake, if early data can be
sent or not and why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Fix cases where the client was sending
two CCS, no harm but better to send only one.
Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This reverts commit 0883b8b625a5531f2fc8a61b6b0417f00f76f91e.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
