XiaokangQian 
							
						 
					 
					
						
						
							
						
						5e3c947841 
					 
					
						
						
							
							Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie  
						
						... 
						
						
						
						Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-03-25 07:50:56 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						233397ef88 
					 
					
						
						
							
							Update code base on comments  
						
						... 
						
						
						
						Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data
Change code styles and comments
Fix cookie write issues
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-03-25 07:50:56 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						0b64eedba8 
					 
					
						
						
							
							Add cookies write in client hello  
						
						... 
						
						
						
						Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-03-25 07:50:56 +00:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						8d7afc642c 
					 
					
						
						
							
							Merge pull request  #5523  from ronald-cron-arm/one-flush-output-development  
						
						... 
						
						
						
						TLS 1.3: One flush output 
						
						
					 
					
						2022-03-21 08:44:04 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						a8b38879e1 
					 
					
						
						
							
							Move state change from CLIENT_CERTIFICATE_VERIFY to its main handler  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2022-03-10 13:58:17 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						7a94aca81a 
					 
					
						
						
							
							Move state change from CLIENT_CERTIFICATE to its main handler  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2022-03-10 13:58:04 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						5bb8fc830a 
					 
					
						
						
							
							Call Certificate writing generic handler only if necessary  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2022-03-09 07:51:52 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						9f55f6316e 
					 
					
						
						
							
							Move state change from CSS states to their main handler  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2022-03-09 07:51:52 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						3addfa4964 
					 
					
						
						
							
							Move state change from WRITE_CLIENT_HELLO to its main handler  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2022-03-09 07:51:52 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						9df7c80c78 
					 
					
						
						
							
							TLS 1.3: Always go through the CLIENT_CERTIFICATE state  
						
						... 
						
						
						
						Even if certificate authentication is disabled at build
time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state.
It simplifies overall the code for a small code size
cost when certificate authentication is disabled at build
time. Furthermore that way we have only one point in the
code where we switch to the handshake keys for record
encryption.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2022-03-09 07:50:08 +01:00 
						 
				 
			
				
					
						
							
							
								Paul Elliott 
							
						 
					 
					
						
						
							
						
						17f452aec4 
					 
					
						
						
							
							Merge pull request  #5448  from lhuang04/tls13_alpn  
						
						... 
						
						
						
						Port ALPN support for tls13 client from tls13-prototype 
						
						
					 
					
						2022-03-08 17:53:38 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						d815114f93 
					 
					
						
						
							
							Merge pull request  #5524  from mprse/tls_ecdh_2c  
						
						... 
						
						
						
						TLS ECDH 2c: ECHDE in TLS 1.3 (client-side) 
						
						
					 
					
						2022-03-08 11:43:45 +01:00 
						 
				 
			
				
					
						
							
							
								Przemek Stekiel 
							
						 
					 
					
						
						
							
						
						e894c5c4a5 
					 
					
						
						
							
							Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange()  
						
						... 
						
						
						
						Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-03-02 08:45:56 +01:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						ca133a34c5 
					 
					
						
						
							
							Change state machine  
						
						... 
						
						
						
						Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-22 10:17:58 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						90f152dfac 
					 
					
						
						
							
							fix psk only build fail  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-22 10:17:58 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						72637c734b 
					 
					
						
						
							
							fix write certificate fail  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-22 10:17:58 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						8511f125af 
					 
					
						
						
							
							Add certificteVerify  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-22 10:17:58 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						5cc3506c9f 
					 
					
						
						
							
							Add write certificate and client handler  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-22 10:17:58 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						566c781290 
					 
					
						
						
							
							Add dummy state for client_certifiate  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-22 10:17:58 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						cc43c6bee5 
					 
					
						
						
							
							fix coding style issue  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:00 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						fb4b6478ee 
					 
					
						
						
							
							tls13_only: improve guards of files.  
						
						... 
						
						
						
						To improve readability of the preprocess guards.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:00 +08:00 
						 
				 
			
				
					
						
							
							
								Przemyslaw Stekiel 
							
						 
					 
					
						
						
							
						
						0f5ecefbe9 
					 
					
						
						
							
							Clean up the code  
						
						... 
						
						
						
						- remove redundant local buffer
- fix code style
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-02-15 08:53:36 +01:00 
						 
				 
			
				
					
						
							
							
								Przemyslaw Stekiel 
							
						 
					 
					
						
						
							
						
						169f115bf0 
					 
					
						
						
							
							ssl_client2: init psa crypto for TLS 1.3 build  
						
						... 
						
						
						
						Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-02-14 17:15:04 +01:00 
						 
				 
			
				
					
						
							
							
								lhuang04 
							
						 
					 
					
						
						
							
						
						86cacac91a 
					 
					
						
						
							
							Port ALPN support for tls13 client from tls13-prototype  
						
						... 
						
						
						
						Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124 ).
Test Plan:
Reviewers:
Subscribers:
Tasks:
Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com > 
						
						
					 
					
						2022-02-14 08:03:32 -08:00 
						 
				 
			
				
					
						
							
							
								Przemyslaw Stekiel 
							
						 
					 
					
						
						
							
						
						4f419e55a1 
					 
					
						
						
							
							ssl_tls13_write_key_share_ext: initialize key_exchange_len (compiler warning)  
						
						... 
						
						
						
						Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-02-14 10:19:53 +01:00 
						 
				 
			
				
					
						
							
							
								Przemyslaw Stekiel 
							
						 
					 
					
						
						
							
						
						6d6aabdb0d 
					 
					
						
						
							
							Remove unused function: ssl_tls13_check_ecdh_params()  
						
						... 
						
						
						
						Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-02-14 10:13:10 +01:00 
						 
				 
			
				
					
						
							
							
								Przemyslaw Stekiel 
							
						 
					 
					
						
						
							
						
						9e23ddb09d 
					 
					
						
						
							
							Change ssl_tls13_read_public_ecdhe_share() to use PSA-specific parsing code.  
						
						... 
						
						
						
						Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-02-14 10:13:00 +01:00 
						 
				 
			
				
					
						
							
							
								Przemyslaw Stekiel 
							
						 
					 
					
						
						
							
						
						ea859c24b7 
					 
					
						
						
							
							Change ssl_tls13_generate_and_write_ecdh_key_exchange() to use PSA  
						
						... 
						
						
						
						Generate ECDH private key using psa_generate_key()
Export the public part of the ECDH private key using psa_export_public_key()
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com > 
						
						
					 
					
						2022-02-11 15:17:05 +01:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						7840f81303 
					 
					
						
						
							
							fix client_auth fail  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-09 19:43:22 +08:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						6ca6faa67e 
					 
					
						
						
							
							Merge pull request  #5080  from xffbai/add-tls13-read-certificate-request  
						
						... 
						
						
						
						add tls1_3 read certificate request 
						
						
					 
					
						2022-02-09 09:51:55 +01:00 
						 
				 
			
				
					
						
							
							
								Xiaofei Bai 
							
						 
					 
					
						
						
							
						
						7c8b6a97b9 
					 
					
						
						
							
							Update CertificateRequest skip condition  
						
						... 
						
						
						
						Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com > 
						
						
					 
					
						2022-02-08 15:21:13 +00:00 
						 
				 
			
				
					
						
							
							
								Xiaofei Bai 
							
						 
					 
					
						
						
							
						
						c234ecf695 
					 
					
						
						
							
							Update mbedtls_ssl_handshake_free() and address review comments.  
						
						... 
						
						
						
						Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com > 
						
						
					 
					
						2022-02-08 10:26:42 +00:00 
						 
				 
			
				
					
						
							
							
								Xiaofei Bai 
							
						 
					 
					
						
						
							
						
						51f515a503 
					 
					
						
						
							
							update based on comments  
						
						... 
						
						
						
						Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com > 
						
						
					 
					
						2022-02-08 07:28:04 +00:00 
						 
				 
			
				
					
						
							
							
								Xiaofei Bai 
							
						 
					 
					
						
						
							
						
						6d42bb430c 
					 
					
						
						
							
							Update mbedtls_ssl_handshake_free()  
						
						... 
						
						
						
						Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com > 
						
						
					 
					
						2022-01-28 10:05:51 +00:00 
						 
				 
			
				
					
						
							
							
								Xiaofei Bai 
							
						 
					 
					
						
						
							
						
						82f0a9a1db 
					 
					
						
						
							
							Rebase and address review comments  
						
						... 
						
						
						
						Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com > 
						
						
					 
					
						2022-01-27 07:53:52 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						a909061c2a 
					 
					
						
						
							
							Refine HRR parse successfully message in test cases  
						
						... 
						
						
						
						Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-01-27 03:48:27 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						34909746df 
					 
					
						
						
							
							Change cookie free code and some comments  
						
						... 
						
						
						
						Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-01-27 02:25:04 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						52da558103 
					 
					
						
						
							
							Change code base on comments  
						
						... 
						
						
						
						Align the alert type in parse_server_hello
Remove MBEDTLS_SSL_COOKIE_C guard
Enable cookie for both DTLS and TLS1.3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-01-26 10:53:15 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						aec1f3e913 
					 
					
						
						
							
							Cookie fields are used only by DTLS 1.3  
						
						... 
						
						
						
						Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-01-26 10:53:15 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						b119a35d07 
					 
					
						
						
							
							Refine fatal alert in parse_server_hello  
						
						... 
						
						
						
						Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-01-26 10:53:15 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						d59be77ce7 
					 
					
						
						
							
							Refine code based on comments  
						
						... 
						
						
						
						Add comments for parse hrr key share and cookie
Change variable names based on RFC8466
Refine fatal allerts in parse server hello and hrr
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-01-26 10:53:15 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						43550bd761 
					 
					
						
						
							
							Prepare function to parse hrr cookie extension  
						
						... 
						
						
						
						Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-01-26 10:53:15 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						2b01dc30cb 
					 
					
						
						
							
							Add hrr no change check and allign mbedtls_ssl_session_reset_msg_layer  
						
						... 
						
						
						
						Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-01-26 10:53:15 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						355e09ae9d 
					 
					
						
						
							
							Change code base on comments  
						
						... 
						
						
						
						Change functions name
Change some comments
Improve hrr test case for gnutls
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-01-26 10:53:15 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						78b1fa7e81 
					 
					
						
						
							
							Update code base on comments  
						
						... 
						
						
						
						Move reset transcript for hrr to generic
Reset SHA256 or SHA384 other than both
Rename message layer reset
Add check log for hrr parse successfully
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-01-26 10:53:15 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						53f20b71c5 
					 
					
						
						
							
							Improve ssl_tls13_parse_server_hello  
						
						... 
						
						
						
						Avoid coping random bytes in hrr
Send illegal parameter alert when cipher suite mismatch
Send illegal parameter alert when supported_version not exist
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-01-26 10:51:13 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						d9e068e10b 
					 
					
						
						
							
							Change code based on comments  
						
						... 
						
						
						
						Align coding styles
Add hrr parameter for ssl_tls13_parse_server_hello
Add reset steps for SHA384 in HRR
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-01-26 10:51:13 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						8945db36ab 
					 
					
						
						
							
							Reduce paramter hrr from ssl_tls13_parse_server_hello  
						
						... 
						
						
						
						Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-01-26 10:51:13 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						b48894eca4 
					 
					
						
						
							
							Add buffer check for named group  
						
						... 
						
						
						
						Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-01-26 10:51:13 +00:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						16acd4b3e4 
					 
					
						
						
							
							Reject the second HRR earlier and align naming styles  
						
						... 
						
						
						
						Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-01-26 10:51:13 +00:00