fe59ff794d
tls13: Send dummy CCS only once
...
Fix cases where the client was sending
two CCS, no harm but better to send only one.
Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2024-02-06 16:43:33 +01:00
32c28cebb4
Merge pull request #8715 from valeriosetti/issue7964
...
Remove all internal functions from public headers
2024-02-05 15:09:15 +00:00
b4f5076270
debug: move internal functions declarations to an internal header file
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-01-18 15:30:46 +01:00
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340
...
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
3ff472441a
Fix warning in ssl_tls13_generic.c
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:28 +00:00
e1ac98d888
remove mbedtls_ssl_is_record_size_limit_valid function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:27 +00:00
148dfb6457
Change record size limit writing function
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2024-01-10 16:17:27 +00:00
faf70bdf9d
ssl_tls13_generic: check value of RecordSizeLimit in helper function
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2024-01-10 16:17:27 +00:00
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
...
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
384fbde49a
library/tests: replace md_psa.h with psa_util.h as include file for MD conversion
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2024-01-02 13:27:32 +01:00
049cd302ed
Refactor record size limit extension handling
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-20 17:28:31 +00:00
26e3698357
Revert back checking on handshake messages length
...
Revert back checking on handshake messages length due to
limitation on our fragmentation support of handshake
messages.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-14 16:23:25 +00:00
9aec1c71f2
Add record size checking during handshake
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com >
2023-12-06 15:18:15 +00:00
f482dcc6c7
Comply with the received Record Size Limit extension
...
Fixes #7010
Signed-off-by: Jan Bruckner <jan@janbruckner.de >
2023-12-06 15:18:08 +00:00
c59c586ac4
change prototype of write_early_data_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-06 18:21:15 +08:00
ebe1de62f9
fix various issue
...
- rename connection time variable
- remove unnecessary comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-06 18:20:25 +08:00
5233539d9f
share write_early_data_ext function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2023-12-06 18:18:50 +08:00
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-11-02 19:47:20 +00:00
8e00fe0cd8
Merge pull request #8309 from daverodgman/iar-warnings2
...
Fix IAR warnings
2023-10-06 13:24:12 +00:00
2eab462a8c
Fix IAR warnings
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-10-05 13:30:37 +01:00
530c423ad2
Improve some debug messages and error codes
...
On a parsing error in TLS, return MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE, not a
crypto error code.
On error paths, emit a level-1 debug message. Report the offending sizes.
Downgrade an informational message's level to 3.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-02 15:42:11 +02:00
12c5aaae57
Fix buffer overflow in TLS 1.3 ECDH public key parsing
...
Fix a buffer overflow in TLS 1.3 ServerHello and ClientHello parsing. The
length of the public key in an ECDH- or FFDH-based key exchange was not
validated. This could result in an overflow of handshake->xxdh_psa_peerkey,
overwriting further data in the handshake structure or further on the heap.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-10-02 15:02:10 +02:00
ff2558a470
Fix unused variable in some TLS 1.3 builds
...
Fix unused variable when MBEDTLS_SSL_PROTO_TLS1_3 and
MBEDTLS_SSL_SESSION_TICKETS are enabled but not MBEDTLS_DEBUG_C.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-09-05 21:10:39 +02:00
711f853b48
ssl_tls13: fix guard for FFDH function
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-08-11 06:33:52 +02:00
de8f56e936
Merge pull request #7884 from valeriosetti/issue7612
...
TLS: Clean up (EC)DH dependencies
2023-08-01 07:13:36 +00:00
c9ae862225
tls: use TLS 1.3 guards in ssl_tls13 modules
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-25 11:23:50 +02:00
ea59c43499
tls: fix a comment a rename a variable/symbol
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-25 11:14:03 +02:00
6aca2c9613
Merge pull request #7716 from mpg/psa-util-internal
...
Split psa_util.h between internal and public
2023-07-10 18:33:23 +02:00
3d237b5ff1
ssl_misc: fix guards for PSA data used in XXDH key exchanges
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-07 19:02:16 +02:00
2be8c63af7
Create psa_util_internal.h
...
Most functions in psa_util.h are going to end up there (except those
that can be static in one file), but I wanted to have separate commits
for file creation and moving code around, so for now the new file's
pretty empty but that will change in the next few commits.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-07-06 12:42:33 +02:00
408569f91a
Adapt function name: mbedtls_ssl_tls13_generate_and_write_dh_key_exchange
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-07-06 12:16:44 +02:00
7ac93bea8c
Adapt names: dh -> xxdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-07-05 09:26:26 +02:00
d5f79e7297
Adapt functions names for ffdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-07-05 09:26:26 +02:00
6f199859b6
Adapt handshake fields to ffdh
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-07-05 09:25:00 +02:00
dbd01cb677
tls13: fix guards for PSA error translating function
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-04 09:18:52 +02:00
56b159a12a
Merge pull request #7627 from mprse/ffdh_tls13_v2
...
Make use of FFDH keys in TLS 1.3 v.2
2023-07-03 10:12:33 +02:00
a6033ac431
Add missing guards in tls 1.3
...
Error translation is only used with these
defines on.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-06-13 05:46:47 -04:00
1e4a030b00
Fix wrong array size calculation in error translation code
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-06-13 05:46:47 -04:00
0064484a70
Optimize error translation code size
...
Introducing an intermediate function
saves code size that's otherwise taken by excessive,
repeated arguments in each place that
was translating errors.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2023-06-13 05:46:46 -04:00
75a5a9c205
Code cleanup
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-13 09:57:23 +02:00
ff9fcbcace
ssl_client2, ssl_server2: code optimization + guards adaptation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:53:40 +02:00
da4fba64b8
Further code optimizations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:09 +02:00
29c219c285
Combine mbedtls_ssl_tls13_generate_and_write_ecdh/ffdh_key_exchange functions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:09 +02:00
e7db09bede
Move FFDH helper functions and macros to more suitable locations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:08 +02:00
63706628d0
Adapt guards for FFDH
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:08 +02:00
947ff56c45
Replace deprecated functions
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:08 +02:00
c89f3ea9f2
Add support for FFDH in TLS 1.3
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:08 +02:00
02b10d8266
Add missing include
...
Fix build failures with config full
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
2d6d993662
Use MD<->PSA functions from MD light
...
As usual, just a search-and-replace plus:
1. Removing things from hash_info.[ch]
2. Adding new auto-enable MD_LIGHT in build-info.h
3. Including md_psa.h where needed
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-06-06 10:33:54 +02:00
7343738695
Wrap lines which exceed 80 chars in ssl_tls13_generic.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com >
2023-04-10 08:27:51 +00:00