1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-10 21:01:41 +03:00
Commit Graph

482 Commits

Author SHA1 Message Date
7ffe7ebe38 ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards
Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will
be necessary when the ClientHello writing code is
made available when MBEDTLS_SSL_PROTO_TLS1_2 is
enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
04fbd2b2ff ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
5b98ac9c64 TLS 1.3: Move PSA ECDH private key destroy to dedicated function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
60ff79424e ssl_tls13_client.c: alpn: Miscellanous minor improvements
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
13d8ea1dd9 ssl_tls13_client.c: alpn: Loop only once over protocol names
This has although the benefit of getting rid of a
potential integer overflow (though very unlikely
and probably harmless).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
a0855a6d13 ssl_tls13_client.c: alpn: Add missing return value assignment
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
c02768a399 Replace ssl->handshake with handshake in write_cookie_ext()
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
9b93c0dd8d Change cookie parameters for dtls and tls 1.3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
25c9c9023c Refine cookie len to fix compile issues
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
9deb90f74e Change parameter names and code style
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
5e3c947841 Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
233397ef88 Update code base on comments
Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data
Change code styles and comments
Fix cookie write issues

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
0b64eedba8 Add cookies write in client hello
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
8d7afc642c Merge pull request #5523 from ronald-cron-arm/one-flush-output-development
TLS 1.3: One flush output
2022-03-21 08:44:04 +01:00
a8b38879e1 Move state change from CLIENT_CERTIFICATE_VERIFY to its main handler
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-10 13:58:17 +01:00
7a94aca81a Move state change from CLIENT_CERTIFICATE to its main handler
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-10 13:58:04 +01:00
5bb8fc830a Call Certificate writing generic handler only if necessary
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:51:52 +01:00
9f55f6316e Move state change from CSS states to their main handler
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:51:52 +01:00
3addfa4964 Move state change from WRITE_CLIENT_HELLO to its main handler
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:51:52 +01:00
9df7c80c78 TLS 1.3: Always go through the CLIENT_CERTIFICATE state
Even if certificate authentication is disabled at build
time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state.
It simplifies overall the code for a small code size
cost when certificate authentication is disabled at build
time. Furthermore that way we have only one point in the
code where we switch to the handshake keys for record
encryption.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:50:08 +01:00
17f452aec4 Merge pull request #5448 from lhuang04/tls13_alpn
Port ALPN support for tls13 client from tls13-prototype
2022-03-08 17:53:38 +00:00
d815114f93 Merge pull request #5524 from mprse/tls_ecdh_2c
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
2022-03-08 11:43:45 +01:00
e894c5c4a5 Fix code style (indentation) in ssl_tls13_generate_and_write_ecdh_key_exchange()
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-02 08:45:56 +01:00
ca133a34c5 Change state machine
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
90f152dfac fix psk only build fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
72637c734b fix write certificate fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
8511f125af Add certificteVerify
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
5cc3506c9f Add write certificate and client handler
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
566c781290 Add dummy state for client_certifiate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
cc43c6bee5 fix coding style issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
fb4b6478ee tls13_only: improve guards of files.
To improve readability of the preprocess guards.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
0f5ecefbe9 Clean up the code
- remove redundant local buffer
- fix code style

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-15 08:53:36 +01:00
169f115bf0 ssl_client2: init psa crypto for TLS 1.3 build
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 17:15:04 +01:00
86cacac91a Port ALPN support for tls13 client from tls13-prototype
Summary:
Port ALPN implementation of tls13 client from
[tls13-prototype](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1124).

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
2022-02-14 08:03:32 -08:00
4f419e55a1 ssl_tls13_write_key_share_ext: initialize key_exchange_len (compiler warning)
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 10:19:53 +01:00
6d6aabdb0d Remove unused function: ssl_tls13_check_ecdh_params()
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 10:13:10 +01:00
9e23ddb09d Change ssl_tls13_read_public_ecdhe_share() to use PSA-specific parsing code.
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 10:13:00 +01:00
ea859c24b7 Change ssl_tls13_generate_and_write_ecdh_key_exchange() to use PSA
Generate ECDH private key using psa_generate_key()
Export the public part of the ECDH private key using psa_export_public_key()

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-11 15:17:05 +01:00
7840f81303 fix client_auth fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-09 19:43:22 +08:00
6ca6faa67e Merge pull request #5080 from xffbai/add-tls13-read-certificate-request
add tls1_3 read certificate request
2022-02-09 09:51:55 +01:00
7c8b6a97b9 Update CertificateRequest skip condition
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-02-08 15:21:13 +00:00
c234ecf695 Update mbedtls_ssl_handshake_free() and address review comments.
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-02-08 10:26:42 +00:00
51f515a503 update based on comments
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-02-08 07:28:04 +00:00
6d42bb430c Update mbedtls_ssl_handshake_free()
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-28 10:05:51 +00:00
82f0a9a1db Rebase and address review comments
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-27 07:53:52 +00:00
a909061c2a Refine HRR parse successfully message in test cases
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 03:48:27 +00:00
34909746df Change cookie free code and some comments
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 02:25:04 +00:00
52da558103 Change code base on comments
Align the alert type in parse_server_hello
Remove MBEDTLS_SSL_COOKIE_C guard
Enable cookie for both DTLS and TLS1.3

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
aec1f3e913 Cookie fields are used only by DTLS 1.3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
b119a35d07 Refine fatal alert in parse_server_hello
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00