0ecb5fd6f5
Merge pull request #8574 from ronald-cron-arm/ssl-tickets
...
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
2024-02-21 09:38:46 +00:00
e6c80bc6e5
Merge pull request #8755 from ronald-cron-arm/tls13-client-early-data-status
...
TLS 1.3: Refine and test client early data status
2024-02-13 20:36:42 +00:00
a93e25e749
tls12: Fix documentation of TLS 1.2 session serialized data
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-09 10:01:30 +01:00
c8de362202
Merge pull request #8665 from ivq/reduce_static_mem
...
Reduce many unnecessary static memory consumption
2024-02-07 23:26:27 +00:00
90e223364c
tls13: cli: Refine early data status
...
The main purpose of the change is to
know from the status, at any point in
the handshake, if early data can be
sent or not and why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-06 16:43:33 +01:00
5c9cc0b30f
Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected
...
TLS 1.3: SRV: Ignore early data when rejected
2024-02-06 13:16:03 +00:00
4e9683e818
Reduce many unnecessary static memory consumption
...
.data section of ssl_client1 becomes 320 bytes smaller on AMD64.
Signed-off-by: Chien Wong <m@xv97.com >
2024-02-06 17:50:44 +08:00
32c28cebb4
Merge pull request #8715 from valeriosetti/issue7964
...
Remove all internal functions from public headers
2024-02-05 15:09:15 +00:00
4caf3ca08c
tls13: srv: Add discard_early_data_record SSL field
...
Add discard_early_data_record in SSL context for
the record layer to know if it has to discard
some potential early data record and how.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-02 17:31:20 +01:00
78a38f607c
tls13: srv: Do not use early_data_status
...
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-01 20:10:35 +01:00
3b9034544e
Revert "tls13: Introduce early_data_state SSL context field"
...
This reverts commit 0883b8b625ronald.cron@arm.com >
2024-02-01 20:03:57 +01:00
0883b8b625
tls13: Introduce early_data_state SSL context field
...
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-01 16:45:04 +01:00
5d0ae9021f
tls13: srv: Refine early data status
...
The main purpose is to know from the status
if early data can be received of not and
why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-01 16:40:47 +01:00
b4f5076270
debug: move internal functions declarations to an internal header file
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-01-18 15:30:46 +01:00
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340
...
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
40a4ab0e0c
ssl_tls.c: Factorize save/load of endpoint and ciphersuite
...
Move the save/load of session endpoint and
ciphersuite that are common to TLS 1.2 and
TLS 1.3 serialized data from the
specialized ssl_{tls12,tls13}_session_{save,load}
functions to ssl__session_{save,load}.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-01-15 10:29:58 +01:00
c57f86e132
Add ticket creation time to TLS 1.2 session serialization
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-01-15 08:58:19 +01:00
feb577a949
Fix TLS 1.2 session serialization on server side
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-01-15 08:58:19 +01:00
7b1921ac57
Add endpoint in TLS 1.2 session serialization data
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-01-15 08:58:19 +01:00
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile
...
TLS: remove RSA signature algorithms in `suite B` profile
2024-01-12 14:34:28 +00:00
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
...
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
...
Harmonise the names and return values of check functions in TLS code
2024-01-11 13:51:39 +00:00
f501790ff2
Improve comments across record size limit changes
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
...
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
384fbde49a
library/tests: replace md_psa.h with psa_util.h as include file for MD conversion
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-01-02 13:27:32 +01:00
6a971fd61a
Refactor and improve Record size limit handling
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-28 17:48:16 +00:00
c6088eceb4
Merge pull request #8384 from paul-elliott-arm/remove_ssl_null_tls12
...
Remove NULLing of ssl context in TLS1.2 transform population
2023-12-21 13:28:09 +00:00
65e3046e18
Fix code style in ssl_tls.c
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-20 17:55:10 +00:00
049cd302ed
Refactor record size limit extension handling
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-20 17:28:31 +00:00
a4b38f24fd
Merge pull request #8579 from valeriosetti/issue7995
...
PK: clean up pkwrite
2023-12-20 08:20:10 +00:00
26e3698357
Revert back checking on handshake messages length
...
Revert back checking on handshake messages length due to
limitation on our fragmentation support of handshake
messages.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-14 16:23:25 +00:00
05d670b711
Revert "Skip checking on maximum fragment length during handshake"
...
This reverts commit 419f841511waleed.elmelegy@arm.com >
2023-12-14 16:23:10 +00:00
0a1ff2b969
Consistent renaming
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 10:01:58 +08:00
419f841511
Skip checking on maximum fragment length during handshake
...
MbedTLS currently does not support maximum fragment length
during handshake so we skip it for now.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-07 18:33:42 +00:00
9aec1c71f2
Add record size checking during handshake
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-06 15:18:15 +00:00
f482dcc6c7
Comply with the received Record Size Limit extension
...
Fixes #7010
Signed-off-by: Jan Bruckner <jan@janbruckner.de >
2023-12-06 15:18:08 +00:00
857d29f29a
Merge pull request #8528 from yanrayw/issue/6933/parse-max_early_data_size
...
TLS1.3 EarlyData: client: parse max_early_data_size
2023-12-01 08:27:26 +00:00
f9362b7324
pk_internal: small renaming for mbedtls_pk_get_group_id()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-11-29 08:42:27 +01:00
a3b80386d9
Merge remote-tracking branch 'origin/development' into sign-conversion-part1
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-24 11:27:18 +00:00
1136fad126
ssl_tls: improve readability in ssl_*_preset_*_sig_algs
...
- fix wrong comment in #endif
- no semantics changes
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-11-22 17:41:52 +08:00
69ceb391a0
ssl_tls: remove RSA sig-algs in ssl_tls12_preset_suiteb_sig_algs
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-11-22 16:32:55 +08:00
b1f60163ba
ssl_tls: remove RSA sig-algs in ssl_preset_suiteb_sig_algs
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-11-22 16:28:54 +08:00
fd25654311
ssl_tls: remove unnecessary guard
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-11-22 10:33:11 +08:00
365ee3eaa9
ssl_tls: return correct error code if mbedtls_calloc fails
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2023-11-22 10:33:11 +08:00
c37ad4432b
misc type fixes in ssl
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-21 17:09:46 +00:00
a3d0f61aec
Use MBEDTLS_GET_UINTxx_BE macro
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-21 17:09:46 +00:00
e4a6f5a7ec
Use size_t cast for pointer subtractions
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-21 17:09:46 +00:00
d4dc354185
Merge pull request #8541 from yanrayw/issue/ssl-fix-missing-guard
...
ssl_tls: add missing macro guard
2023-11-21 14:57:47 +00:00
cf9135100e
fix various issues
...
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
342a555eef
rename ticket received
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
