ac5ca5a0ea
Refactor cookie members of handshake struct
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-05 19:58:45 +08:00
ffc330fafa
Merge pull request #6264 from hannestschofenig/rfc9146_2
...
CID update to RFC 9146
2022-11-29 09:25:14 +01:00
ef25a99f20
Merge pull request #6533 from valeriosetti/issue5847
...
Use PSA EC-JPAKE in TLS (1.2) - Part 2
2022-11-23 13:27:30 +01:00
819de86895
tls: removed extra white spaces and other minor fix
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 18:05:19 +01:00
6b3dab03b5
tls: psa_pake: use a single function for round one and two in key exchange read/write
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 17:14:54 +01:00
9bed8ec5d8
tls: psa_pake: make round two reading function symmatric to the writing one
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 16:36:19 +01:00
a988364767
tls: psa_pake: fix missing new round one parsing function on tls12 server
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 16:35:02 +01:00
a08b1a40a0
tls: psa_pake: move move key exchange read/write functions to ssl_tls.c
...
Inlined functions might cause the compiled code to have different sizes
depending on the usage and this not acceptable in some cases.
Therefore read/write functions used in the initial key exchange are
moved to a standard C file.
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-17 16:34:59 +01:00
96a0fd951f
Fix signature algorithms list entry getting overwritten by length.
...
Fix bug whereby the supported signature algorithm list sent by the
server in the certificate request would not leave enough space for the
length to be written, and thus the first element would get overwritten,
leaving two random bytes in the last entry.
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2022-11-17 14:58:14 +00:00
6f1b5741ae
tls12: psa_pake: simplify EC info parsing in server's 2nd round
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-16 14:50:13 +01:00
02c25b5f83
tls12: psa_pake: use common code for parsing/writing round one and round two data
...
Share a common parsing code for both server and client for parsing
round one and two.
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-16 13:56:12 +01:00
d384b64dd2
Merge branch 'development' into rfc9146_2
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2022-11-14 17:43:15 +00:00
ca7d506556
Use PSA PAKE API when MBEDTLS_USE_PSA_CRYPTO is selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-08 10:58:45 +01:00
744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0
...
Fix unusual macros
2022-10-25 19:55:29 +02:00
3a334c2edc
Minor improvements to ssl_tls12_server.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2022-10-25 10:53:44 +01:00
e0af39a2ef
Refactor macro-spanning ifs in ssl_tls12_server.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2022-10-07 14:08:36 +01:00
945b23c46f
Include platform.h unconditionally: automatic part
...
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.
There should be no change in behavior since just including the header should
not change the behavior of a program.
This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:
```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-09-15 20:33:07 +02:00
5166954d14
Make more use of MBEDTLS_MAX_HASH_SIZE macro
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-13 12:57:05 +02:00
fd6cca4448
CID update to RFC 9146
...
The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content.
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com >
2022-09-07 17:15:05 +02:00
70dfd4c8ac
ssl_tls12_server: fix potential NULL-dereferencing if local certificate was not set.
...
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com >
2022-08-18 14:39:37 -07:00
20f89a9605
Remove uses of SSL compression
...
Remove or modify current uses of session compression.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2022-07-26 16:13:03 +01:00
f518f81d41
Ensure return for mbedtls_ssl_write_alpn_ext() is checked
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2022-07-11 12:37:47 +01:00
ce7d76e2ee
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection
...
Permissions 2a: TLS 1.2 ciphersuite selection
2022-07-04 12:37:02 +02:00
999ef70b27
Add accessors to config DN hints for cert request
...
mbedtls_ssl_conf_dn_hints()
mbedtls_ssl_set_hs_dn_hints()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-06-28 12:43:59 -04:00
9f1176a793
Move preferred_hash_for_sig_alg() check after ssl_pick_cert() and check if hash alg is supported with mbedtls_pk_can_do_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-06-28 18:12:17 +02:00
9f4606e6d2
Rename mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX in mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-06-28 18:12:17 +02:00
0c9c10a401
Introduce mbedtls_ssl_get_ciphersuite_sig_pk_ext_alg() and use it in ssl_pick_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-06-28 18:10:48 +02:00
acb3992251
Add ALPN extension to the server side
...
CustomizedGitHooks: yes
Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-06-22 06:34:58 +00:00
a3115dc0e6
Mark static int SSL functions CHECK_RETURN_CRITICAL
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2022-06-20 21:12:52 +02:00
b64fb62ead
Fix unchecked return value from internal function
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2022-06-20 21:12:29 +02:00
e0469b5908
Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix
...
Add a client hello cookie_len overflow test
2022-06-20 19:35:54 +02:00
ca3c6a5698
Merge pull request #5817 from xkqian/tls13_add_server_name
...
Tls13 add server name
2022-06-16 08:30:09 +02:00
755ddff25c
Fix print format in a debug message
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-06-15 07:32:02 -04:00
cbe14ec967
Improve variable extracting operations by using MBEDTLS_GET macros
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-06-15 07:17:28 -04:00
b58cf0d172
Split a debug message into two - for clarity
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-06-08 11:53:59 -04:00
364fd8bb71
More SSL debug messages for ClientHello parsing
...
In particular, be verbose when checking the ClientHello cookie in a possible
DTLS reconnection.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-06-06 14:25:41 -04:00
a3344f7bac
Merge pull request #5767 from leorosen/avoid-null-args
...
Avoid potentially passing NULL arguments
2022-05-30 11:40:21 +01:00
9b2b7716b0
Change mbedtls_ssl_parse_server_name_ext base on comments
...
Change-Id: I4ae831925cb1899afafb7dc626bfad9be24a5c8c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-05-30 08:07:16 +00:00
40a3523eb7
Add support of server name extension to server side
...
Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-05-30 08:07:16 +00:00
9edf51d8cd
Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext
...
Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3
CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h.
@RcColes if you eventually want to request some changes, they can be done in a follow-up PR.
2022-05-17 17:01:55 +02:00
114203814a
Better check for NULL pointer
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2022-05-17 15:01:20 +01:00
dd428d3650
Fix incorrect error message
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2022-05-13 17:43:16 +01:00
696956da24
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-13 17:02:19 +02:00
0a4298bbe9
Remove unnecessary duble conversion
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-13 17:02:18 +02:00
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com >
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2022-05-11 21:25:51 +01:00
86acf05b1e
Update signiture algorithm handling
...
Rename local variables and to simplify things use static_assert to
determine if the default signiture algorithms are not fit into the
SSL handshake structure.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-11 14:29:19 +02:00
c1051b62aa
Remove MBEDTLS_SSL_SIG_ALG_SET macro
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-11 14:29:19 +02:00
a3d016ce41
Rename and rewrite mbedtls_ssl_sig_hash_set_find function
...
Rename `mbedtls_ssl_sig_hash_set_find` function to a suitable name
and rewrite to operate TLS signature algorithm identifiers.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-11 14:29:18 +02:00
1226590c88
Explicitly set invalid value for the end of the signiture algorithm set
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-11 14:29:18 +02:00
