Commit graph

1958 commits

Author SHA1 Message Date
Ronald Cron
0883b8b625 tls13: Introduce early_data_state SSL context field
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:04 +01:00
Ronald Cron
5d0ae9021f tls13: srv: Refine early data status
The main purpose is to know from the status
if early data can be received of not and
why.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Gilles Peskine
4d4891e18a
Merge pull request #8666 from valeriosetti/issue8340
Export the mbedtls_md_psa_alg_from_type function
2024-01-18 13:58:55 +00:00
Tom Cosgrove
bc5d9165ae
Merge pull request #8554 from yanrayw/issue/8221/fix-tls-suiteB-profile
TLS: remove RSA signature algorithms in `suite B` profile
2024-01-12 14:34:28 +00:00
Tom Cosgrove
f1ba1933cf
Merge pull request #8526 from yanrayw/issue/7011/send_record_size_limit_ext
TLS1.3: SRV/CLI: add support for sending Record Size Limit extension
2024-01-12 13:39:15 +00:00
Ronald Cron
ae2213c307
Merge pull request #8414 from lpy4105/issue/uniform-ssl-check-function
Harmonise the names and return values of check functions in TLS code
2024-01-11 13:51:39 +00:00
Waleed Elmelegy
f501790ff2 Improve comments across record size limit changes
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2024-01-10 16:17:28 +00:00
Tom Cosgrove
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
Valerio Setti
384fbde49a library/tests: replace md_psa.h with psa_util.h as include file for MD conversion
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-01-02 13:27:32 +01:00
Waleed Elmelegy
6a971fd61a Refactor and improve Record size limit handling
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-28 17:48:16 +00:00
Tom Cosgrove
c6088eceb4
Merge pull request #8384 from paul-elliott-arm/remove_ssl_null_tls12
Remove NULLing of ssl context in TLS1.2 transform population
2023-12-21 13:28:09 +00:00
Waleed Elmelegy
65e3046e18 Fix code style in ssl_tls.c
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-20 17:55:10 +00:00
Waleed Elmelegy
049cd302ed Refactor record size limit extension handling
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-20 17:28:31 +00:00
Manuel Pégourié-Gonnard
a4b38f24fd
Merge pull request #8579 from valeriosetti/issue7995
PK: clean up pkwrite
2023-12-20 08:20:10 +00:00
Waleed Elmelegy
26e3698357 Revert back checking on handshake messages length
Revert back checking on handshake messages length due to
limitation on our fragmentation support of handshake
messages.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-14 16:23:25 +00:00
Waleed Elmelegy
05d670b711 Revert "Skip checking on maximum fragment length during handshake"
This reverts commit 419f841511.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-14 16:23:10 +00:00
Pengyu Lv
0a1ff2b969 Consistent renaming
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-12-08 10:01:58 +08:00
Waleed Elmelegy
419f841511 Skip checking on maximum fragment length during handshake
MbedTLS currently does not support maximum fragment length
during handshake so we skip it for now.

Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-07 18:33:42 +00:00
Waleed Elmelegy
9aec1c71f2 Add record size checking during handshake
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-12-06 15:18:15 +00:00
Jan Bruckner
f482dcc6c7 Comply with the received Record Size Limit extension
Fixes #7010

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-12-06 15:18:08 +00:00
Ronald Cron
857d29f29a
Merge pull request #8528 from yanrayw/issue/6933/parse-max_early_data_size
TLS1.3 EarlyData: client: parse max_early_data_size
2023-12-01 08:27:26 +00:00
Valerio Setti
f9362b7324 pk_internal: small renaming for mbedtls_pk_get_group_id()
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-29 08:42:27 +01:00
Dave Rodgman
a3b80386d9 Merge remote-tracking branch 'origin/development' into sign-conversion-part1
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-24 11:27:18 +00:00
Yanray Wang
1136fad126 ssl_tls: improve readability in ssl_*_preset_*_sig_algs
- fix wrong comment in #endif
- no semantics changes

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 17:41:52 +08:00
Yanray Wang
69ceb391a0 ssl_tls: remove RSA sig-algs in ssl_tls12_preset_suiteb_sig_algs
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 16:32:55 +08:00
Yanray Wang
b1f60163ba ssl_tls: remove RSA sig-algs in ssl_preset_suiteb_sig_algs
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 16:28:54 +08:00
Yanray Wang
fd25654311 ssl_tls: remove unnecessary guard
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 10:33:11 +08:00
Yanray Wang
365ee3eaa9 ssl_tls: return correct error code if mbedtls_calloc fails
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-22 10:33:11 +08:00
Dave Rodgman
c37ad4432b misc type fixes in ssl
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-21 17:09:46 +00:00
Dave Rodgman
a3d0f61aec Use MBEDTLS_GET_UINTxx_BE macro
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-21 17:09:46 +00:00
Dave Rodgman
e4a6f5a7ec Use size_t cast for pointer subtractions
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-21 17:09:46 +00:00
Manuel Pégourié-Gonnard
d4dc354185
Merge pull request #8541 from yanrayw/issue/ssl-fix-missing-guard
ssl_tls: add missing macro guard
2023-11-21 14:57:47 +00:00
Jerry Yu
cf9135100e fix various issues
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
342a555eef rename ticket received
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
25ba4d40ef rename ticket_creation to ticket_creation_time
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
ec6d07870d Replace start with ticket_creation
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Ronald Cron
97137f91b6
Merge pull request #7071 from yuhaoth/pr/tls13-ticket-add-max_early_data_size-field
TLS 1.3 EarlyData: add `max_early_data_size` field for ticket
2023-11-20 08:04:57 +00:00
Yanray Wang
19e4dc8df7 tls: fix unused parameter in mbedtls_ssl_cipher_to_psa
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-16 18:05:51 +08:00
Yanray Wang
1a369d68aa ssl_tls: add missing guard for mbedtls_ssl_cipher_to_psa
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-16 15:17:33 +08:00
Yanray Wang
0751761b49 max_early_data_size: rename configuration function
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:34 +08:00
Yanray Wang
d5ed36ff24 early data: rename configuration function
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:24 +08:00
Dave Rodgman
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Paul Elliott
4fb1955b31 Remove NULL-ing of passed in SSL context in ssl_populate_transform()
Remove a piece of code that was meant to ensure non-usage of the ssl
context under conditions where it should not be used, as this now makes
less sense and also triggers coverity.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-10-18 15:16:45 +01:00
Valerio Setti
e570704f1f ssl: use MBEDTLS_SSL_HAVE_[CCM/GCM/CHACHAPOLY/AEAD] macros for ssl code
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-12 10:39:37 +02:00
Jerry Yu
02e3a074a3 Add max_early_data_size into ticket
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-10-12 15:00:26 +08:00
Valerio Setti
d4a10cebe4 cipher/tls: use new symbols for guarding AEAD code
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-11 13:10:34 +02:00
Dave Rodgman
2eab462a8c Fix IAR warnings
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-10-05 13:30:37 +01:00
Manuel Pégourié-Gonnard
f07ce3b8ff Don't extend support for deprecated functions
Restore guards from the previous release, instead of the new, more
permissive guards.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-09-28 08:51:51 +02:00
Valerio Setti
db6b4db7a0 Renaming all MBEDTLS_HAVE for curves to MBEDTLS_ECP_HAVE
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00
Valerio Setti
cf29c5d9d5 ssl: don't require MBEDTLS_ECP_DP with TLS1.3
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-09-25 17:39:41 +02:00