854db28bb7
Set hs_psk,ciphercuit_info and kex mode when writing pre-share key
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:44:00 +00:00
df6f52e2b2
Generate early key and switch outbound key to it after write client hello
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-02-08 05:43:59 +00:00
449bd8303e
Switch to the new code style
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-01-11 14:50:10 +01:00
28d4d43416
Merge pull request #6863 from valeriosetti/issue6830
...
Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)
2023-01-10 10:01:17 +01:00
cd0a565644
Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype
...
TLS 1.3: Upstream misc fix from prototype
2023-01-05 14:35:54 +01:00
18c9fed857
tls: remove dependency from mbedtls_ecp_curve functions
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2023-01-03 13:03:34 +01:00
4064a82802
Merge pull request #5600 from yuhaoth/pr/refactor-cookie-members-of-handshake
...
Refactor cookie members of handshake
2022-12-14 10:55:34 +01:00
141bbe7bee
tls13: Adjust include files
...
- remove duplicate and unused included
- Adjust the order to system, mbedtls global, local.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-09 09:51:20 +08:00
e01304f6d8
fix type conversion issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-05 19:58:46 +08:00
ac5ca5a0ea
Refactor cookie members of handshake struct
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-05 19:58:45 +08:00
1797b05602
Fix typos prior to release
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-12-04 17:19:59 +00:00
97be6a913e
fix various issues
...
- typo error
- replace `ssl->hanshake` with handshake
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-09 22:43:31 +08:00
7de2ff0310
Refactor extension list print
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-08 23:51:39 +08:00
63a459cde5
Refactor client_hello parser and writer
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-06 11:54:21 +08:00
4b8f2f7266
Refactor sent extension message output
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-11-06 11:54:21 +08:00
c4bf5d658e
fix various issues
...
- Signature of
- mbedtls_tls13_set_hs_sent_ext_mask
- check_received_extension and issues
- Also fix comment issue.
- improve readablity.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
0c354a211b
introduce sent/recv extensions field
...
And remove `extensions_present`
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-31 16:41:42 +08:00
744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0
...
Fix unusual macros
2022-10-25 19:55:29 +02:00
7aee0ec0ba
Minor improvements in ssl_client.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2022-10-25 10:38:25 +01:00
e68ab4f55e
Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
...
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-22 14:42:04 +02:00
41a443a68d
tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED
...
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-22 14:42:04 +02:00
49e4184812
Merge pull request #6299 from xkqian/tls13_add_servername_check
...
Add server name check when proposing pre-share key
2022-10-13 16:00:59 +02:00
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
...
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
307a7303fd
Rebase and replace session_negotiate
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-10-12 11:14:32 +00:00
ed3afcd6c3
Fix various typo and macro guards issues
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-10-12 11:06:51 +00:00
ed0620cb13
Refine code base on comments
...
Move code to proper macro guards protection
Fix typo issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-10-12 11:06:51 +00:00
03409290d2
Add MBEDTLS_SSL_SESSION_TICKETS guard to server name check
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-10-12 11:06:51 +00:00
d7adc374d3
Refine the server name compare logic
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-10-12 11:06:51 +00:00
a3b451f950
Adress kinds of comments base on review
...
Rename function name to mbedtls_ssl_session_set_hostname
Add two extra check cases for server name
Fix some coding styles
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-10-12 11:06:51 +00:00
2f9efd3038
Address comments base on review
...
Change function name to ssl_session_set_hostname()
Remove hostname_len
Change hostname to c_string
Update test cases to multi session tickets
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-10-12 11:06:49 +00:00
bc663a0461
Refine code based on commnets
...
Change code layout
Change hostname_len type to size_t
Fix various issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-10-12 11:06:01 +00:00
ecd7528c7f
Address some comments
...
Hostname_len has at least one byte
Change structure serialized_session_tls13
Fix various issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-10-12 11:03:44 +00:00
281fd1bdd8
Add server name check when proposeing pre-share key
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2022-10-12 11:03:41 +00:00
22c18c1432
Add NULL check in prepare hello
...
`session_negotiate` is used directly in `ssl_prepare_client_hello`
without NULL check. Add the check in the beggining to avoid segment
fault.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-11 18:07:19 +08:00
4f77ecf409
disable session resumption when ticket expired
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-10 22:10:08 +08:00
21f9095fa8
Revert "move ciphersuite validation to set_session"
...
This reverts commit 19ae6f62c7jerry.h.yu@arm.com >
2022-10-08 14:35:34 +08:00
379b91a393
add ticket age check
...
Remove ticket if it is expired.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-10-08 10:21:15 +08:00
4a28563e84
Refactor macro-spanning ifs in ssl_client.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2022-10-07 14:08:42 +01:00
945b23c46f
Include platform.h unconditionally: automatic part
...
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.
There should be no change in behavior since just including the header should
not change the behavior of a program.
This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:
```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-09-15 20:33:07 +02:00
3ad67bf4e3
Rename functions and add test messages
...
Change-Id: Iab51b031ae82d7b2d384de708858be64be75f9ed
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-07-21 15:30:04 +02:00
8698195566
Address comments of various issues
...
Improve comments
Change coding style
Rename functions
Change-Id: Ia111aef303932cfeee693431c3d48f90342b32e5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-07-21 15:30:04 +02:00
adab9a6440
Fix transcript issues and add cases against openssl
...
Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-07-21 15:30:04 +02:00
008d2bf80b
Address comments in psk client review
...
Improve comments
Refine cipher suite related code in psk
Refine get_psk_offered()
Change-Id: Ic3b0b5f86eb1e71f11bb499961aa8494284f1840
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-07-21 15:30:04 +02:00
eb69aee6af
Add psk code to tls13 client side
...
Change-Id: I222b2c9d393889448e5e6ad06638536b54edb703
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-07-21 15:30:04 +02:00
a3115dc0e6
Mark static int SSL functions CHECK_RETURN_CRITICAL
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2022-06-20 21:12:52 +02:00
eaf3651e31
Rebase and solve conflicts
...
Change handshake_msg related functions
Share the ssl_write_sig_alg_ext
Change-Id: I3d342baac302aa1d87c6f3ef75d85c7dc030070c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-05-07 01:37:04 +00:00
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
...
Add client hello into server side
2022-04-22 10:26:00 +02:00
75d40ef8cb
Refine code base on review
...
Remove useless hrr code
Share validate_cipher_suit between client and server
Fix test failure when tls13 only in server side
Change-Id: I5d6a7932bd8448ebf542bc86cdcab8862bc28e9b
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-04-20 11:05:24 +00:00
fd8cbda3ec
Remove ECDH code specific to TLS 1.3
...
ECDH operations in TLS 1.3 are now done through PSA.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-04-19 18:31:24 +02:00
cd78df6aa4
handshake->min_minor_ver to ->min_tls_version
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-04-14 15:40:14 -04:00
