f55886a217
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:13:46 +08:00
6babfee178
remove out of scope codes
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:13:46 +08:00
fb526693c1
Rename sig_alg cert_key check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:13:45 +08:00
a6076aa8b8
Revert temp test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:13:45 +08:00
f0cda410a4
remove default sig_hashes
...
And add pss_rsae_* sig_algs to fix
`Handshake TLS 1.3` test fails, which
is part of `test_suite_ssl`
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:13:45 +08:00
7ab7f2b184
Remove pkcs1 from certificate_verify
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:13:44 +08:00
08524c55f9
remove pkcs1_* support
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:13:44 +08:00
0ebce95785
create tls12/tls13 sig alg support check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:13:43 +08:00
9f4cc5ff65
Add pss_rsae sig algs into test conf
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:13:41 +08:00
f249ef7821
refactor get sig algo from pk
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:13:40 +08:00
7898fd456a
Merge pull request #5970 from gabor-mezei-arm/5229_Send_dummy_change_cipher_spec_records_from_server
...
TLS 1.3 server: Send dummy change_cipher_spec records
The internal CI PR-merge job ran successfully thus good to go.
2022-06-29 09:47:49 +02:00
bd10c4e2af
Test accessors to config DN hints for cert request
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-06-29 02:54:28 -04:00
87a9c86d87
Re-enable five tests disabled because of an old OpenSSL bug
...
Signed-off-by: Zhangsen Wang <zhangsen.wang@arm.com >
2022-06-29 02:23:22 +00:00
d86abf2392
Merge pull request #5861 from wernerlewis/csr_subject_comma
...
Fix output of commas and other special characters in X509 DN values
2022-06-28 21:00:49 +02:00
7d14c19730
Merge pull request #5905 from gilles-peskine-arm/changelog-improvements-20220609-development
...
Changelog improvements before the 3.2 release
2022-06-28 21:00:10 +02:00
999ef70b27
Add accessors to config DN hints for cert request
...
mbedtls_ssl_conf_dn_hints()
mbedtls_ssl_set_hs_dn_hints()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-06-28 12:43:59 -04:00
2407279fa4
Add tests with specific hash for handshake_ciphersuite_select positive tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-06-28 18:12:17 +02:00
9f1176a793
Move preferred_hash_for_sig_alg() check after ssl_pick_cert() and check if hash alg is supported with mbedtls_pk_can_do_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-06-28 18:12:17 +02:00
ed917bf548
Update description for negative key_opaque_algs tests
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-06-28 18:12:17 +02:00
9f4606e6d2
Rename mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX in mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-06-28 18:12:17 +02:00
8c52ed8d1e
Add negative testing of ciphersuite selection using Opaque algs & usage
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-06-28 18:12:17 +02:00
eb4390b27c
Add Cipersuite selection negative testing by using invalid algs for server-side opaque key
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-06-28 18:10:48 +02:00
0c9c10a401
Introduce mbedtls_ssl_get_ciphersuite_sig_pk_ext_alg() and use it in ssl_pick_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-06-28 18:10:48 +02:00
9e4b7bd199
Do not force TLS 1.3 on client side for TLS 1.3 middlebox compatibility tests
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-06-28 16:22:14 +02:00
f7044eaec8
Fix name
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-06-28 16:01:49 +02:00
e99ec7cb6a
Merge pull request #5908 from ronald-cron-arm/tls13-fixes-doc
...
TLS 1.3: Fixes and add documentation
Validated by the internal CI, no need to wait for the Open CI.
2022-06-28 12:16:17 +02:00
9f2596f387
Add MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C
...
MBEDTLS_POLY1305_C and MBEDTLS_CHACHA20_C are needed
when PSA_WANT_ALG_CHACHA20_POLY1305 is defined
Signed-off-by: Summer Qin <summer.qin@arm.com >
2022-06-28 17:56:27 +08:00
96ae926572
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-06-28 11:56:26 +02:00
5471912269
Move switching to handshake transform after sending CCS record
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-06-28 11:56:26 +02:00
05ebf3be74
Revert "Do not encrypt CCS records"
...
This reverts commit 96ec831385gabor.mezei@arm.com >
2022-06-28 11:55:35 +02:00
4dc874453e
ssl_tls13_parse_certificate_verify(): optimize the code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-06-28 11:05:42 +02:00
273453f126
Merge pull request #5983 from gstrauss/inline-mbedtls_x509_dn_get_next
...
Inline mbedtls_x509_dn_get_next() in x509.h
2022-06-28 10:13:58 +02:00
6b14c69277
Improve documentation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:21:13 +02:00
11b5332ffc
tls13: Fix certificate extension size write
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:21:13 +02:00
139d0aa9d3
Fix typo in documentation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:21:13 +02:00
81a334fc02
tls13: Fix buffer overread checks in ssl_tls13_parse_alpn_ext()
...
Some coding style alignement as well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:21:13 +02:00
585cd70d04
tests: ssl: Fix coverity deadcode issue
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:21:13 +02:00
7b8404608a
tls13: Rename ssl_tls13_write_hello_retry_request_coordinate
...
Rename ssl_tls13_write_hello_retry_request_coordinate to
ssl_tls13_prepare_hello_retry_request as it is more
aligned with what the function does.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:21:13 +02:00
fb508b8f21
tls13: Move state changes up to state main handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:21:13 +02:00
63dc463ed6
tls13: Simplify switch to the inbound handshake keys on server side
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:21:13 +02:00
5afb904022
tls13: Move out of place handshake field reset
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:18:42 +02:00
828aff6ead
tls13: Rename server_hello_coordinate to preprocess_server_hello
...
Rename server_hello_coordinate to preprocess_server_hello
as it is more aligned with what the function does.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:18:42 +02:00
db5dfa1f1c
tls13: Move ServerHello fetch to the ServerHello top handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:18:42 +02:00
44b23b10e1
tls13: Document TLS 1.3 handshake implementation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:18:42 +02:00
9d6a545714
tls13: Re-organize EncryptedExtensions message parsing code
...
Align the organization of the EncryptedExtensions
message parsing code with the organization of the
other message parsing codes.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:18:42 +02:00
154d1b68d6
tls13: Fix wrong usage of MBEDTLS_SSL_CHK_BUF(_READ)_PTR macros
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:18:42 +02:00
c80835943c
tls13: Fix pointer calculation before space check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:18:42 +02:00
2827106199
tls13: Add missing buffer overread check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-28 09:18:42 +02:00
b94854f8e3
Merge pull request #5973 from ronald-cron-arm/tls13-misc-tests
...
TLS 1.3: Enable and add tests
2022-06-28 09:15:17 +02:00
5969a4b5e0
Don't call memcpy(NULL, 0) which has undefined behavior
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-06-27 23:59:53 +02:00
