5bc5263b2c
Add code improvments and refactoring in dealing with ALPN
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-03-13 16:50:01 +00:00
883f77cb08
Add mbedtls_ssl_session_set_alpn() function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-03-13 16:50:01 +00:00
fd4c0c8b3d
tls13: cli: Fix comment
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-12 17:48:18 +01:00
aa3593141b
tls13: cli: Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
...
Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
from ssl.h(public) to ssl_misc.h(private) even if
that means we cannot use the enum type for
early_data_state in ssl.h.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-12 17:48:18 +01:00
8571804382
tls13: srv: Enforce maximum size of early data
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-03-01 09:29:09 +01:00
d6d32b9210
tls13: Improve declaration and doc of early data status
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-15 17:19:14 +01:00
b9a9b1f5a5
tls13: Fix/Improve comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-15 17:19:14 +01:00
5fbd27055d
tls13: Use a flag not a counter for CCS and HRR handling
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-15 17:19:02 +01:00
90e223364c
tls13: cli: Refine early data status
...
The main purpose of the change is to
know from the status, at any point in
the handshake, if early data can be
sent or not and why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-06 16:43:33 +01:00
fe59ff794d
tls13: Send dummy CCS only once
...
Fix cases where the client was sending
two CCS, no harm but better to send only one.
Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-06 16:43:33 +01:00
32c28cebb4
Merge pull request #8715 from valeriosetti/issue7964
...
Remove all internal functions from public headers
2024-02-05 15:09:15 +00:00
78a38f607c
tls13: srv: Do not use early_data_status
...
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-01 20:10:35 +01:00
3b9034544e
Revert "tls13: Introduce early_data_state SSL context field"
...
This reverts commit 0883b8b625ronald.cron@arm.com >
2024-02-01 20:03:57 +01:00
0883b8b625
tls13: Introduce early_data_state SSL context field
...
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-01 16:45:04 +01:00
5d0ae9021f
tls13: srv: Refine early data status
...
The main purpose is to know from the status
if early data can be received of not and
why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-01 16:40:47 +01:00
25b282ebfe
x509: move internal functions declarations to a private header
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-01-19 09:07:35 +01:00
d929106f36
ssl_ciphersuites: move internal functions declarations to a private header
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-01-18 15:08:28 +01:00
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
...
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
f0ccf46713
Add minor cosmetic changes to record size limit changelog and comments
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-12 10:52:45 +00:00
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
...
Harmonise the names and return values of check functions in TLS code
2024-01-11 13:51:39 +00:00
f501790ff2
Improve comments across record size limit changes
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
148dfb6457
Change record size limit writing function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:27 +00:00
a8b4291836
tls13: add generic function to write Record Size Limit ext
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2024-01-10 16:17:27 +00:00
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
...
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
e2d3db5cfc
Update mbedtls_ssl_get_output_record_size_limit signature
...
Co-authored-by: Ronald Cron <ronald.cron@arm.com >
Signed-off-by: Waleed-Ziad Maamoun-Elmelegy <122474370+waleed-elmelegy-arm@users.noreply.github.com >
2024-01-05 14:19:16 +00:00
94a42ccb3e
Add tls13 in ticket flags helper function names
...
```
sed -i \
"s/\(mbedtls_ssl\)_\(session_\(\w*_\)\?ticket\)/\1_tls13_\2/g" \
library/*.[ch]
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 11:12:46 +08:00
abd844f379
Fix wrong format in the function doc
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 10:01:58 +08:00
02e72f65da
Reword return value description for mbedtls_ssl_tls13_is_kex_mode_supported
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 10:01:58 +08:00
b2cfafbb9e
Consistent renaming
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 10:01:58 +08:00
2333b826f4
tls13: srv: rename mbedtls_ssl_tls13_check_kex_modes
...
The function is renamed to
`mbedtls_ssl_tls13_is_kex_mode_supported` and
the behaviour is reversed.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 10:01:58 +08:00
0a1ff2b969
Consistent renaming
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 10:01:58 +08:00
4f537f73fa
tls13: rename mbedtls_ssl_session_check_ticket_flags
...
The function is renamed to mbedtls_ssl_session_ticket_has_flags.
Descriptions are added.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 10:01:58 +08:00
fc2cb9632b
tls13: rename mbedtls_ssl_conf_tls13_check_kex_modes
...
The function is renamed to
mbedtls_ssl_conf_tls13_is_kex_mode_enabled.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 10:01:57 +08:00
60a22567e4
tls13: change return value of mbedtls_ssl_conf_tls13_check_kex_modes
...
To keep the convention in TLS code, check functions should return 0
when check is successful.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-12-08 10:01:57 +08:00
9aec1c71f2
Add record size checking during handshake
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-06 15:18:15 +00:00
f482dcc6c7
Comply with the received Record Size Limit extension
...
Fixes #7010
Signed-off-by: Jan Bruckner <jan@janbruckner.de >
2023-12-06 15:18:08 +00:00
c59c586ac4
change prototype of write_early_data_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-06 18:21:15 +08:00
5233539d9f
share write_early_data_ext function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-06 18:18:50 +08:00
4da7c22cd6
add early data flag check function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-06 18:17:44 +08:00
c37ad4432b
misc type fixes in ssl
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-21 17:09:46 +00:00
8e0174ac05
Add maximum ticket lifetime check
...
Also add comments for age cast
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:59:24 +08:00
cf9135100e
fix various issues
...
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
46c7926f74
Add maximum ticket lifetime check
...
Also add comments for age cast
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-11-21 09:58:19 +08:00
5e378d70e6
ssl_misc: remove DES from the list of key types supporting CBC
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-11-15 09:18:14 +01:00
01c4fa3e88
ssl: move MBEDTLS_SSL_HAVE internal symbols to ssl.h
...
This is useful to properly define MBEDTLS_PSK_MAX_LEN when
it is not defined explicitly in mbedtls_config.h
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-11-10 08:12:07 +01:00
7d7ce0e66a
Merge pull request #8495 from lpy4105/issue/6322/driver-only-cipher_aead-tls
...
[G3] Driver-only cipher+aead: TLS: main test suite
2023-11-09 11:10:34 +00:00
2bd56de3f4
ssl: replace MBEDTLS_SSL_HAVE_*_CBC with two seperate macros
...
MBEDTLS_SSL_HAVE_<block_cipher>_CBC equals
MBEDTLS_SSL_HAVE_<block_cipher> and MBEDTLS_SSL_HAVE_CBC.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-11-08 14:21:19 +08:00
65458fa969
ssl: MBEDTLS_SSL_HAVE_* in ssl_misc.h
...
Done by commands:
```
sed -i "300,$ s/MBEDTLS_\(AES\|CAMELLIA\|ARIA\|CHACHAPOLY\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_\(GCM\|CCM\)_C/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
sed -i "300,$ s/MBEDTLS_CIPHER_MODE_\(CBC\)/MBEDTLS_SSL_HAVE_\1/g" ssl_misc.h
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-11-08 12:16:29 +08:00
f1b86b088f
ssl: add macro to indicate CBC mode is available
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-11-08 11:28:42 +08:00
e870cc8c86
ssl: add macro for available key types
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-11-08 11:28:36 +08:00
