Ronald Cron
0883b8b625
tls13: Introduce early_data_state SSL context field
...
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:04 +01:00
Ronald Cron
5d0ae9021f
tls13: srv: Refine early data status
...
The main purpose is to know from the status
if early data can be received of not and
why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340
...
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile
...
TLS: remove RSA signature algorithms in `suite B` profile
2024-01-12 14:34:28 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
...
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
Ronald Cron
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
...
Harmonise the names and return values of check functions in TLS code
2024-01-11 13:51:39 +00:00
Waleed Elmelegy
f501790ff2
Improve comments across record size limit changes
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Tom Cosgrove
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
...
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
Valerio Setti
384fbde49a
library/tests: replace md_psa.h with psa_util.h as include file for MD conversion
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 13:27:32 +01:00
Waleed Elmelegy
6a971fd61a
Refactor and improve Record size limit handling
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-28 17:48:16 +00:00
Tom Cosgrove
c6088eceb4
Merge pull request #8384 from paul-elliott-arm/remove_ssl_null_tls12
...
Remove NULLing of ssl context in TLS1.2 transform population
2023-12-21 13:28:09 +00:00
Waleed Elmelegy
65e3046e18
Fix code style in ssl_tls.c
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-20 17:55:10 +00:00
Waleed Elmelegy
049cd302ed
Refactor record size limit extension handling
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-20 17:28:31 +00:00
Manuel Pégourié-Gonnard
a4b38f24fd
Merge pull request #8579 from valeriosetti/issue7995
...
PK: clean up pkwrite
2023-12-20 08:20:10 +00:00
Waleed Elmelegy
26e3698357
Revert back checking on handshake messages length
...
Revert back checking on handshake messages length due to
limitation on our fragmentation support of handshake
messages.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-14 16:23:25 +00:00
Waleed Elmelegy
05d670b711
Revert "Skip checking on maximum fragment length during handshake"
...
This reverts commit 419f841511
.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-14 16:23:10 +00:00
Pengyu Lv
0a1ff2b969
Consistent renaming
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
Waleed Elmelegy
419f841511
Skip checking on maximum fragment length during handshake
...
MbedTLS currently does not support maximum fragment length
during handshake so we skip it for now.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-07 18:33:42 +00:00
Waleed Elmelegy
9aec1c71f2
Add record size checking during handshake
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-06 15:18:15 +00:00
Jan Bruckner
f482dcc6c7
Comply with the received Record Size Limit extension
...
Fixes #7010
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-12-06 15:18:08 +00:00
Ronald Cron
857d29f29a
Merge pull request #8528 from yanrayw/issue/6933/parse-max_early_data_size
...
TLS1.3 EarlyData: client: parse max_early_data_size
2023-12-01 08:27:26 +00:00
Valerio Setti
f9362b7324
pk_internal: small renaming for mbedtls_pk_get_group_id()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-29 08:42:27 +01:00
Dave Rodgman
a3b80386d9
Merge remote-tracking branch 'origin/development' into sign-conversion-part1
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-24 11:27:18 +00:00
Yanray Wang
1136fad126
ssl_tls: improve readability in ssl_*_preset_*_sig_algs
...
- fix wrong comment in #endif
- no semantics changes
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 17:41:52 +08:00
Yanray Wang
69ceb391a0
ssl_tls: remove RSA sig-algs in ssl_tls12_preset_suiteb_sig_algs
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 16:32:55 +08:00
Yanray Wang
b1f60163ba
ssl_tls: remove RSA sig-algs in ssl_preset_suiteb_sig_algs
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 16:28:54 +08:00
Yanray Wang
fd25654311
ssl_tls: remove unnecessary guard
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 10:33:11 +08:00
Yanray Wang
365ee3eaa9
ssl_tls: return correct error code if mbedtls_calloc fails
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 10:33:11 +08:00
Dave Rodgman
c37ad4432b
misc type fixes in ssl
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-21 17:09:46 +00:00
Dave Rodgman
a3d0f61aec
Use MBEDTLS_GET_UINTxx_BE macro
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-21 17:09:46 +00:00
Dave Rodgman
e4a6f5a7ec
Use size_t cast for pointer subtractions
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-21 17:09:46 +00:00
Manuel Pégourié-Gonnard
d4dc354185
Merge pull request #8541 from yanrayw/issue/ssl-fix-missing-guard
...
ssl_tls: add missing macro guard
2023-11-21 14:57:47 +00:00
Jerry Yu
cf9135100e
fix various issues
...
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
342a555eef
rename ticket received
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
25ba4d40ef
rename ticket_creation
to ticket_creation_time
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
ec6d07870d
Replace start
with ticket_creation
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Ronald Cron
97137f91b6
Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field
...
TLS 1.3 EarlyData: add `max_early_data_size` field for ticket
2023-11-20 08:04:57 +00:00
Yanray Wang
19e4dc8df7
tls: fix unused parameter in mbedtls_ssl_cipher_to_psa
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-16 18:05:51 +08:00
Yanray Wang
1a369d68aa
ssl_tls: add missing guard for mbedtls_ssl_cipher_to_psa
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-16 15:17:33 +08:00
Yanray Wang
0751761b49
max_early_data_size: rename configuration function
...
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:34 +08:00
Yanray Wang
d5ed36ff24
early data: rename configuration function
...
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:24 +08:00
Dave Rodgman
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Paul Elliott
4fb1955b31
Remove NULL-ing of passed in SSL context in ssl_populate_transform()
...
Remove a piece of code that was meant to ensure non-usage of the ssl
context under conditions where it should not be used, as this now makes
less sense and also triggers coverity.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-10-18 15:16:45 +01:00
Valerio Setti
e570704f1f
ssl: use MBEDTLS_SSL_HAVE_[CCM/GCM/CHACHAPOLY/AEAD] macros for ssl code
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-12 10:39:37 +02:00
Jerry Yu
02e3a074a3
Add max_early_data_size into ticket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-12 15:00:26 +08:00
Valerio Setti
d4a10cebe4
cipher/tls: use new symbols for guarding AEAD code
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-11 13:10:34 +02:00
Dave Rodgman
2eab462a8c
Fix IAR warnings
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 13:30:37 +01:00
Manuel Pégourié-Gonnard
f07ce3b8ff
Don't extend support for deprecated functions
...
Restore guards from the previous release, instead of the new, more
permissive guards.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-28 08:51:51 +02:00
Valerio Setti
db6b4db7a0
Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
cf29c5d9d5
ssl: don't require MBEDTLS_ECP_DP with TLS1.3
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00