Ronald Cron 
							
						 
					 
					
						
						
							
						
						8540cf66ac 
					 
					
						
						
							
							ssl_tls.c: Propose PKCS1 v1.5 signatures with SHA_384/512  
						
						... 
						
						
						
						In case of TLS 1.3 and hybrid TLS 1.2/1.3, propose
PKCS1 v1.5 signatures with SHA_384/512 not only
SHA_256. There is no point in not proposing them
if they are available.
In TLS 1.3 those could be useful for certificate
signature verification.
In hybrid TLS 1.2/1.3 this allows to propose for
TLS 1.2 the same set of signature algorithms.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2022-03-29 14:42:17 +02:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						39f2f73e69 
					 
					
						
						
							
							Merge pull request  #5630  from ronald-cron-arm/restore-full-compat-testing  
						
						... 
						
						
						
						Restore full TLS compatibility testing 
						
						
					 
					
						2022-03-28 18:31:17 +02:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						fb39f15fa1 
					 
					
						
						
							
							ssl_tls.c: Use ETM status only in CBC mode case  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2022-03-25 16:50:18 +01:00 
						 
				 
			
				
					
						
							
							
								XiaokangQian 
							
						 
					 
					
						
						
							
						
						9b93c0dd8d 
					 
					
						
						
							
							Change cookie parameters for dtls and tls 1.3  
						
						... 
						
						
						
						Signed-off-by: XiaokangQian <xiaokang.qian@arm.com > 
						
						
					 
					
						2022-03-25 07:50:56 +00:00 
						 
				 
			
				
					
						
							
							
								Paul Elliott 
							
						 
					 
					
						
						
							
						
						27b0d94e25 
					 
					
						
						
							
							Use mbedtls_ssl_is_handshake_over()  
						
						... 
						
						
						
						Switch over to using the new function both internally and in tests.
Signed-off-by: Paul Elliott <paul.elliott@arm.com > 
						
						
					 
					
						2022-03-24 14:43:52 +00:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
						
						f4042f076b 
					 
					
						
						
							
							Merge pull request  #5573  from superna9999/5176-5177-5178-5179-tsl-record-hmac  
						
						... 
						
						
						
						TLS record HMAC 
						
						
					 
					
						2022-03-21 11:36:44 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						8d7afc642c 
					 
					
						
						
							
							Merge pull request  #5523  from ronald-cron-arm/one-flush-output-development  
						
						... 
						
						
						
						TLS 1.3: One flush output 
						
						
					 
					
						2022-03-21 08:44:04 +01:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						29c0c040fc 
					 
					
						
						
							
							Only make PSA HMAC key exportable when NULL or CBC & not EtM in ssl_tls12_populate_transform()  
						
						... 
						
						
						
						This requires moving the HMAC init after CIPHER init.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-03-18 11:10:09 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						3f20b77517 
					 
					
						
						
							
							Improve comment  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2022-03-09 07:51:52 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
						
						66dbf9118e 
					 
					
						
						
							
							TLS 1.3: Do not send handshake data in handshake step handlers  
						
						... 
						
						
						
						Send data (call to mbedtls_ssl_flush_output()) only from
the loop over the handshake steps. That way, we do not
have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE
error code) on the network in handshake step handlers.
Signed-off-by: Ronald Cron <ronald.cron@arm.com > 
						
						
					 
					
						2022-03-09 07:51:52 +01:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						6828d8fdc4 
					 
					
						
						
							
							Return MBEDTLS_ERR_SSL_BAD_INPUT_DATA if MAC algorithm isn't supported in ssl_tls.c  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-03-02 15:37:11 +01:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						321116c755 
					 
					
						
						
							
							Remove spurious debug in ssl_tls12_populate_transform()  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-03-02 15:06:15 +01:00 
						 
				 
			
				
					
						
							
							
								Glenn Strauss 
							
						 
					 
					
						
						
							
						
						6989407261 
					 
					
						
						
							
							Add accessor to retrieve SNI during handshake  
						
						... 
						
						
						
						Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com > 
						
						
					 
					
						2022-02-25 19:55:53 -05:00 
						 
				 
			
				
					
						
							
							
								Glenn Strauss 
							
						 
					 
					
						
						
							
						
						36872dbd0b 
					 
					
						
						
							
							Provide means to reset handshake cert list  
						
						... 
						
						
						
						Extend mbedtls_ssl_set_hs_own_cert() to reset handshake cert list
if cert provided is null.  Previously, mbedtls_ssl_set_hs_own_cert()
only provided a way to append to the handshake certificate list,
without providing a way to replace the handshake certificate list.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com > 
						
						
					 
					
						2022-02-25 19:55:48 -05:00 
						 
				 
			
				
					
						
							
							
								Glenn Strauss 
							
						 
					 
					
						
						
							
						
						2ed95279c0 
					 
					
						
						
							
							Add server certificate selection callback  
						
						... 
						
						
						
						https://github.com/ARMmbed/mbedtls/issues/5430 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com > 
					
						2022-02-25 17:31:49 -05:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						e858996413 
					 
					
						
						
							
							Use PSA version of mbedtls_ct_hmac() in mbedtls_ssl_decrypt_buf()  
						
						... 
						
						
						
						Due to mbedtls_ct_hmac() implementation the decryption MAC key
must be exportable.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-02-25 15:17:50 +01:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						cf8841a076 
					 
					
						
						
							
							Remove non-PSA MAC keys in mbedtls_ssl_transform when MBEDTLS_USE_PSA_CRYPTO is defined  
						
						... 
						
						
						
						Also remove last usage of non-PSA MAC keys in ssl_decrypt_non_etm_cbc() SSL test.
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-02-25 15:16:49 +01:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						0760ade761 
					 
					
						
						
							
							Setup & Import HMAC keys in ssl_tls12_populate_transform()  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-02-25 15:16:49 +01:00 
						 
				 
			
				
					
						
							
							
								Neil Armstrong 
							
						 
					 
					
						
						
							
						
						39b8e7dde4 
					 
					
						
						
							
							Add, Initialize & Free HMAC keys in mbedtls_ssl_transform  
						
						... 
						
						
						
						Signed-off-by: Neil Armstrong <narmstrong@baylibre.com > 
						
						
					 
					
						2022-02-23 09:24:57 +01:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						c63a1e0e15 
					 
					
						
						
							
							Fix mbedtls_ssl_get_version() for TLSv1.3  
						
						... 
						
						
						
						Test it in ssl-opt.sh.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2022-02-21 15:14:01 +01:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
						
						e1a0c25f71 
					 
					
						
						
							
							New function to access the TLS version from a context as an enum  
						
						... 
						
						
						
						Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com > 
						
						
					 
					
						2022-02-21 15:14:01 +01:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						f1b23caa4e 
					 
					
						
						
							
							move wrong comments  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						18621dfd23 
					 
					
						
						
							
							remove extra empty line  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						50f2f703a7 
					 
					
						
						
							
							remove extra guards  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						840fbb2817 
					 
					
						
						
							
							guards populate_transform reference  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						4f9e3efbeb 
					 
					
						
						
							
							move session_save/load_tls12  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						d9d91da7c7 
					 
					
						
						
							
							move sig_hash_*  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						ee40f9d4b3 
					 
					
						
						
							
							move get_key_exchange_md_tls12  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						9bccc4c63f 
					 
					
						
						
							
							move populate_transform  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						e93ffcd2c7 
					 
					
						
						
							
							move tls_prf_get_type  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						392112c058 
					 
					
						
						
							
							move tls12prf_from_cs  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						0b3d7c1ea1 
					 
					
						
						
							
							move parse_finished  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						3c8e47bbbf 
					 
					
						
						
							
							move write_finished  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						2a9fff571d 
					 
					
						
						
							
							move wrapup  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						aef0015ba0 
					 
					
						
						
							
							move wrapup_free_hs_transform  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						b7ba49ef74 
					 
					
						
						
							
							move calc_finished_tls_sha384  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						615bd6f5b9 
					 
					
						
						
							
							move calc_finished_tls_sha256  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						d952669ad8 
					 
					
						
						
							
							move write_certificate  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						c2c673da59 
					 
					
						
						
							
							move resend_hello_request  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						ce3dca4175 
					 
					
						
						
							
							move psk_derive_premaster  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						c1cb384708 
					 
					
						
						
							
							move calc_verify_tls_sha384  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						8392e0dae4 
					 
					
						
						
							
							move calc_verify_tls_sha256  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						d62f87e151 
					 
					
						
						
							
							move derive_keys  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						2a7b5ac791 
					 
					
						
						
							
							move compute_master  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						d6ab235972 
					 
					
						
						
							
							move use_opaque_psk  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						f009d86186 
					 
					
						
						
							
							move set_handshake_prfs  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						dc7bd17d11 
					 
					
						
						
							
							move tls_prf_sha256/384  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						ed14c93008 
					 
					
						
						
							
							add static prototypes  
						
						... 
						
						
						
						prepare for moving functions
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:01 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						53d23e2c95 
					 
					
						
						
							
							Guards tls_prf functions with TLS1_2  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com > 
						
						
					 
					
						2022-02-21 09:06:00 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
							
						
						c73c618094 
					 
					
						
						
							
							Wrap function not used by test_tls13_only  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
# Conflicts:
#	library/ssl_tls13_generic.c 
						
						
					 
					
						2022-02-21 09:06:00 +08:00