1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-10 21:01:41 +03:00
Commit Graph

347 Commits

Author SHA1 Message Date
cfd925f3e8 Fix comments and remove hrr related code
Change-Id: Iab1fc5415b3b7f7b5bcb0a41a01f4234cc3497d6
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:45:50 +00:00
9b5d04b078 Share parse_key_share() between client and server
Change-Id: I3fd2604296dc0e1e8380f5405429a6b0feb6e981
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
8840888fbc Fix some CI issues
Change-Id: I68ee024f29b7b8dd586f2c45e91950657e76bad8
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
c5763b5efd Change some code style
Change-Id: I67bb642e81693489345867ca87d7e9daa22f83ea
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
3207a32b1e Fix unused parameter issue and not defined cookie issue
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
7807f9f5c9 Add client hello into server side
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
8f6d39a81d Make some handshake TLS 1.3 utility routines available for TLS 1.2
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
5b98ac9c64 TLS 1.3: Move PSA ECDH private key destroy to dedicated function
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
63d97ad0bb Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512
Add rsae sha384 sha512
2022-03-29 14:01:51 +02:00
6c6f10265d fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-25 11:09:50 +08:00
f8aa9a44aa fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 20:54:38 +08:00
8c3388620d create sig_alg decode function
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 13:34:04 +08:00
0c23fc39c3 fix various guards issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 12:20:01 +08:00
cef3f33012 Guard rsa sig algs with rsa_c and pkcs1_v{15,21}
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 23:16:42 +08:00
e91a51a539 Refactor get_sig_alg_from pk
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 21:42:50 +08:00
3616533d26 tls13:remove ec check from validate certification
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 19:46:05 +08:00
dddf5a0e18 Refactor get_sig_alg_from_pk
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:47:19 +08:00
406cf27cb5 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:14:53 +08:00
8beb9e173d Change prototype of pk_sign_ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
67eced0132 replace pk_sign with pk_sign_ext
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
3a58b462b6 add pss_rsae_sha{384,512}
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
919130c035 Add rsa_pss_rsae_sha256 support
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:33 +08:00
a8b38879e1 Move state change from CLIENT_CERTIFICATE_VERIFY to its main handler
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-10 13:58:17 +01:00
7a94aca81a Move state change from CLIENT_CERTIFICATE to its main handler
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-10 13:58:04 +01:00
5bb8fc830a Call Certificate writing generic handler only if necessary
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:51:52 +01:00
9f55f6316e Move state change from CSS states to their main handler
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:51:52 +01:00
66dbf9118e TLS 1.3: Do not send handshake data in handshake step handlers
Send data (call to mbedtls_ssl_flush_output()) only from
the loop over the handshake steps. That way, we do not
have to take care of the partial writings (MBEDTLS_ERR_SSL_WANT_WRITE
error code) on the network in handshake step handlers.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:51:52 +01:00
9df7c80c78 TLS 1.3: Always go through the CLIENT_CERTIFICATE state
Even if certificate authentication is disabled at build
time, go through the MBEDTLS_SSL_CLIENT_CERTIFICATE state.
It simplifies overall the code for a small code size
cost when certificate authentication is disabled at build
time. Furthermore that way we have only one point in the
code where we switch to the handshake keys for record
encryption.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-09 07:50:08 +01:00
d815114f93 Merge pull request #5524 from mprse/tls_ecdh_2c
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
2022-03-08 11:43:45 +01:00
71f36f1d2e change alert message type
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 17:34:29 +08:00
0b7b101b3b fix warnings
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 12:26:48 +08:00
2ff6ba1df0 Remove rsa_pss_rsae_sha256 support.
Sign rsa is not thread safe. Remove it from current code.
And a thread-safe version should be re-introduce in future.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-23 10:38:25 +08:00
782720787f Refactor write_certificate_verify
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:28:13 +08:00
2124d05e06 Add sha384 and sha512 case
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
d66409ae92 Add non support sig alg check and test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
c8d8d4e01a fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
7db5b8f68c add rsa_pss_rsae_sha256 write support
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
3391ac00d3 fix various issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
ca133a34c5 Change state machine
Skip CertificateVerfiy if empty certificate or no
CertificateRequest received.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
537530d57a Add certificate request echo
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
3e536442f5 fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
7399d0d806 refactor write certificate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
32e0c2d526 fix server only build fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
90f152dfac fix psk only build fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
8511f125af Add certificteVerify
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
5cc3506c9f Add write certificate and client handler
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
566c781290 Add dummy state for client_certifiate
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-22 10:17:58 +08:00
fb4b6478ee tls13_only: improve guards of files.
To improve readability of the preprocess guards.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
4b3fff43a8 Destroy ecdh_psa_privkey on HRR
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-15 08:53:26 +01:00
6ca6faa67e Merge pull request #5080 from xffbai/add-tls13-read-certificate-request
add tls1_3 read certificate request
2022-02-09 09:51:55 +01:00