Paul Elliott
2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets
...
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
2022-09-23 15:48:33 +01:00
Jerry Yu
f3bdf9dd51
fix various issues
...
- improve document about configuration item.
- format issue
- variable type issue.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 23:47:14 +08:00
Jerry Yu
d0766eca58
fix various issues
...
- Improve comments
- Align count variable name to `new_session_tickets_count`
- move tickets_count init to handshake init
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-22 13:21:29 +08:00
Jerry Yu
1ad7ace6b7
Add conf new session tickets
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:22:21 +08:00
Manuel Pégourié-Gonnard
07018f97d2
Make legacy_or_psa.h public.
...
As a public header, it should no longer include common.h, just use
build_info.h which is what we actually need anyway.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:02:48 +02:00
Ronald Cron
e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation
...
TLS 1.3: SRV: Finalize external PSK negotiation
2022-08-31 17:21:57 +02:00
Manuel Pégourié-Gonnard
bf22a2500b
Merge pull request #6208 from AndrzejKurek/tls-tests-no-md-structured
...
Remove the dependency on MD from TLS 1.2 tests
2022-08-30 12:34:37 +02:00
Dave Rodgman
fac3ea5656
Merge pull request #6184 from leorosen/ssl_tls_curve_group_id_null_protect
...
mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing
2022-08-24 15:16:45 +01:00
Tom Cosgrove
bcc13c943f
Add further missing whitespaces inside parentheses
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-24 15:08:16 +01:00
Tom Cosgrove
20c1137350
Fix coding style
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-24 15:06:13 +01:00
Andrzej Kurek
cccb044804
Style & formatting fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:26:02 -04:00
Andrzej Kurek
8c95ac4500
Add missing dependencies / alternatives
...
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate,
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
25f271557b
Update SHA and MD5 dependencies in the SSL module
...
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO
is defined and respective SHA / MD5 defines are missing.
A new set of macros added in #6065 is used to reflect these dependencies.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
a242e83b21
Rename the sha384 checksum context to reflect its purpose
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:02:04 -04:00
Jerry Yu
9f7f646b11
Revert "remove psk key when ephemeral selected"
...
This reverts commit 5c28e7aa0e
.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:59:17 +08:00
Jerry Yu
24b8c813c4
fix comments and wrong initial value issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:55:45 +08:00
Jerry Yu
5d01c05d93
fix various issues
...
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:55:01 +08:00
Jerry Yu
6cf6b47b5c
fix format and comment issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:54:53 +08:00
Leonid Rozenboim
19e5973566
mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing
...
Avoid the shorthand practice of the form 'x = func(foo)->bar' which
exposes the code to NULL pointer de-referencing when the 'func()'
returns a NULL pointer.
The first chunk is for when the curve group code is not recognized by
the library, and is cleanly rejected if offered.
The second chunk addresses the unlikely case of an internal error:
if 'mbedtls_pk_can_do()' returns TRUE, it should rule out
'mbedtls_pk_ec()' returning a NULL, unless there is a regression.
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-08-19 11:49:22 -07:00
Jerry Yu
e28d9745a1
fix coding style issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-18 15:44:03 +08:00
Jerry Yu
3419107e8d
Add checks for ticket and resumption_key fields
...
From RFC 8446 and the definition of session, we
should check the length.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-18 11:28:41 +08:00
Jerry Yu
e36fdd676c
Change signature of tls13_session_save
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-17 21:50:25 +08:00
Jerry Yu
5c28e7aa0e
remove psk key when ephemeral selected
...
ephemeral is selected, `handshake->psk` must be removed.
Otherwise the encrypt key will be caculate fail.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Jerry Yu
ccc68a466e
change handshake psk key type for tls13
...
PSK key type of TLS1.3 must be HKDF_EXTRACT and the algo is
decided when create binder
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 21:25:35 +08:00
Dave Rodgman
8a9f88899d
Merge pull request #6186 from leorosen/ssl_tls_null_on_invalid_code
...
ssl_tls: avoid the appearance of a potential NULL dereferencing
2022-08-11 10:12:34 +01:00
Leonid Rozenboim
e9d8dcdbf5
ssl_tls: avoid the appearance of a potential NULL dereferencing
...
Looking at the bigger picture it is clear that if `ssl->session` is NULL,
there will be a failure much earlier, and that is well protected from,
however, the practice of dereferencing a pointer which has not been
verified in prior for validity goes against secure coding practices.
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-08-09 12:34:30 -07:00
Dave Rodgman
f421d45869
Merge pull request #6139 from AdityaHPatwardhan/fix/build_error_due_to_missing_prototype
...
Fix build error due to missing prototype warning when `MBEDTLS_DEPRECATED_REMOVED` is enabled
2022-08-09 11:27:42 +01:00
Aditya Patwardhan
3096f331ee
Fix missing prototype warning when MBEDTLS_DEPRECATED_REMOVED
is
...
enabled
Added the changelog.d entry
Signed-off-by: Aditya Patwardhan <aditya.patwardhan@espressif.com>
2022-08-02 11:15:18 +05:30
Jerry Yu
09a99fcf8a
Add rsa_pss_rsae_* sig algos for tls12 default
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Jerry Yu
379b1ff3a5
remove useless comment
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Jerry Yu
693a47ab1d
add rsa_pss_rsae_* support in tls12
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-28 23:08:00 +08:00
Dave Rodgman
aba26d0099
Merge pull request #5963 from tom-daubney-arm/remove_ssl_compression_new
...
Remove use of SSL session compression
2022-07-28 10:28:23 +01:00
Manuel Pégourié-Gonnard
f6b8c3297a
Merge pull request #6065 from mpg/explore2
...
Driver-only hashes: RSA 1.5 and PK + strategy doc
2022-07-28 10:43:38 +02:00
Thomas Daubney
54e38ea9cd
Remove remaining references to compression in docs
...
Some references to compression exist in the docs.
This commit removes those instances.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-07-26 16:13:23 +01:00
Thomas Daubney
20f89a9605
Remove uses of SSL compression
...
Remove or modify current uses of session compression.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-07-26 16:13:03 +01:00
Ronald Cron
e579ece305
Merge pull request #6087 from yuhaoth/pr/add-tls13-serialize_session_save_load
...
TLS 1.3: Add serialize session save load
I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696 and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403 are addressed in #6123 . Thus I am ok to merge it as it is.
2022-07-23 08:57:11 +02:00
Ronald Cron
340c559cb3
Merge pull request #6079 from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks
...
TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side.
2022-07-23 08:50:45 +02:00
Jerry Yu
bc7c1a4260
fix typo/format/name issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:09:40 +08:00
Jerry Yu
438ddd835b
Add tls13 session save/load
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 23:08:43 +08:00
Jerry Yu
568ec2502a
fix format/name issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-22 21:27:34 +08:00
Ronald Cron
4beb870fa8
Merge pull request #6064 from xkqian/tls13_add_psk
...
Add psk code to tls13 client side
2022-07-22 11:35:05 +02:00
XiaokangQian
adab9a6440
Fix transcript issues and add cases against openssl
...
Change-Id: I496674bdb79f074368f11beaa604ce17a3062bc3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-07-21 15:30:04 +02:00
Jerry Yu
1c105560b4
add offered psks parser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
6dcd18d55b
export hdr checksum function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 16:19:50 +08:00
Jerry Yu
fca4d579a4
fix various issues
...
- unnecessary comments
- format issue
- improve readability
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-21 10:37:48 +08:00
Jerry Yu
251a12e942
Add dummy session save
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 22:40:59 +08:00
Manuel Pégourié-Gonnard
abac037a7b
Migrate from old inline to new actual function.
...
This is mostly:
sed -i 's/mbedtls_psa_translate_md/mbedtls_hash_info_psa_from_md/' \
library/*.c tests/suites/*.function
This should be good for code size as the old inline function was used
from 10 translation units inside the library, so we have 10 copies at
least.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-18 21:28:38 +02:00
Ronald Cron
ce7d76e2ee
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
Manuel Pégourié-Gonnard
4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection
...
Permissions 2a: TLS 1.2 ciphersuite selection
2022-07-04 12:37:02 +02:00
Ronald Cron
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk
...
Refactor signature algorithm chooser
2022-07-04 09:10:08 +02:00