744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0
...
Fix unusual macros
2022-10-25 19:55:29 +02:00
3a334c2edc
Minor improvements to ssl_tls12_server.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2022-10-25 10:53:44 +01:00
e0af39a2ef
Refactor macro-spanning ifs in ssl_tls12_server.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2022-10-07 14:08:36 +01:00
945b23c46f
Include platform.h unconditionally: automatic part
...
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.
There should be no change in behavior since just including the header should
not change the behavior of a program.
This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:
```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-09-15 20:33:07 +02:00
5166954d14
Make more use of MBEDTLS_MAX_HASH_SIZE macro
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-13 12:57:05 +02:00
fd6cca4448
CID update to RFC 9146
...
The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content.
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com >
2022-09-07 17:15:05 +02:00
70dfd4c8ac
ssl_tls12_server: fix potential NULL-dereferencing if local certificate was not set.
...
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com >
2022-08-18 14:39:37 -07:00
20f89a9605
Remove uses of SSL compression
...
Remove or modify current uses of session compression.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com >
2022-07-26 16:13:03 +01:00
f518f81d41
Ensure return for mbedtls_ssl_write_alpn_ext() is checked
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2022-07-11 12:37:47 +01:00
ce7d76e2ee
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection
...
Permissions 2a: TLS 1.2 ciphersuite selection
2022-07-04 12:37:02 +02:00
999ef70b27
Add accessors to config DN hints for cert request
...
mbedtls_ssl_conf_dn_hints()
mbedtls_ssl_set_hs_dn_hints()
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-06-28 12:43:59 -04:00
9f1176a793
Move preferred_hash_for_sig_alg() check after ssl_pick_cert() and check if hash alg is supported with mbedtls_pk_can_do_ext()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-06-28 18:12:17 +02:00
9f4606e6d2
Rename mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX in mbedtls_ssl_get_ciphersuite_sig_pk_ext_XXX()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-06-28 18:12:17 +02:00
0c9c10a401
Introduce mbedtls_ssl_get_ciphersuite_sig_pk_ext_alg() and use it in ssl_pick_cert()
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-06-28 18:10:48 +02:00
acb3992251
Add ALPN extension to the server side
...
CustomizedGitHooks: yes
Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-06-22 06:34:58 +00:00
a3115dc0e6
Mark static int SSL functions CHECK_RETURN_CRITICAL
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2022-06-20 21:12:52 +02:00
b64fb62ead
Fix unchecked return value from internal function
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2022-06-20 21:12:29 +02:00
e0469b5908
Merge pull request #931 from AndrzejKurek/clihlo_cookie_pxy_fix
...
Add a client hello cookie_len overflow test
2022-06-20 19:35:54 +02:00
ca3c6a5698
Merge pull request #5817 from xkqian/tls13_add_server_name
...
Tls13 add server name
2022-06-16 08:30:09 +02:00
755ddff25c
Fix print format in a debug message
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-06-15 07:32:02 -04:00
cbe14ec967
Improve variable extracting operations by using MBEDTLS_GET macros
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-06-15 07:17:28 -04:00
b58cf0d172
Split a debug message into two - for clarity
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-06-08 11:53:59 -04:00
364fd8bb71
More SSL debug messages for ClientHello parsing
...
In particular, be verbose when checking the ClientHello cookie in a possible
DTLS reconnection.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-06-06 14:25:41 -04:00
a3344f7bac
Merge pull request #5767 from leorosen/avoid-null-args
...
Avoid potentially passing NULL arguments
2022-05-30 11:40:21 +01:00
9b2b7716b0
Change mbedtls_ssl_parse_server_name_ext base on comments
...
Change-Id: I4ae831925cb1899afafb7dc626bfad9be24a5c8c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-05-30 08:07:16 +00:00
40a3523eb7
Add support of server name extension to server side
...
Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-05-30 08:07:16 +00:00
9edf51d8cd
Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext
...
Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3
CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h.
@RcColes if you eventually want to request some changes, they can be done in a follow-up PR.
2022-05-17 17:01:55 +02:00
114203814a
Better check for NULL pointer
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2022-05-17 15:01:20 +01:00
dd428d3650
Fix incorrect error message
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2022-05-13 17:43:16 +01:00
696956da24
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-13 17:02:19 +02:00
0a4298bbe9
Remove unnecessary duble conversion
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-13 17:02:18 +02:00
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com >
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2022-05-11 21:25:51 +01:00
86acf05b1e
Update signiture algorithm handling
...
Rename local variables and to simplify things use static_assert to
determine if the default signiture algorithms are not fit into the
SSL handshake structure.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-11 14:29:19 +02:00
c1051b62aa
Remove MBEDTLS_SSL_SIG_ALG_SET macro
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-11 14:29:19 +02:00
a3d016ce41
Rename and rewrite mbedtls_ssl_sig_hash_set_find function
...
Rename `mbedtls_ssl_sig_hash_set_find` function to a suitable name
and rewrite to operate TLS signature algorithm identifiers.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-11 14:29:18 +02:00
1226590c88
Explicitly set invalid value for the end of the signiture algorithm set
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-11 14:29:18 +02:00
15b95a6c52
Use common macro for the invalid signiture algorithm botn in TLS 1.2 and 1.3
...
Introduce a new macro MBEDTLS_TLS_SIG_NONE for invalid signiture algorithm.
It is intended to use in common code of TLS 1.2 and 1.3.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-11 14:29:18 +02:00
078e803d2c
Unify parsing of the signature algorithms extension
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-05-11 14:29:08 +02:00
8ecd66884f
Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-05 14:01:49 +02:00
80f6f32495
Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-04 11:08:41 +02:00
cd05f0b9e5
Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-04 11:08:41 +02:00
e952a30d47
Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-04 11:08:41 +02:00
61f237afb7
Remove PSA-only code dealing with non-opaque PSA key
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com >
2022-05-04 11:08:41 +02:00
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx
...
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
2022-04-29 10:47:16 +02:00
8855e36030
Merge pull request #5674 from superna9999/5668-abstract-tls-mode-cleanup
...
Cipher cleanup: abstract TLS mode
2022-04-28 12:33:38 +02:00
99114f3084
Fix build flags for opaque/raw psk checks
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-22 14:54:34 +02:00
cb322eac6b
Enable support for psa opaque DHE-PSK key exchange on the server side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-22 14:54:33 +02:00
14d11b0877
Enable support for psa opaque ECDHE-PSK key exchange on the server side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-22 14:53:55 +02:00
aeb710fec5
Enable support for psa opaque RSA-PSK key exchange on the server side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-04-22 14:52:28 +02:00
