Ronald Cron
90915f2a21
ssl_tls12_client.c: Remove some unnecessary checks on TLS minor version
...
ssl_tls12_client.c contains only TLS 1.2 specific
code thus remove some checks on the minor version
version being MBEDTLS_SSL_MINOR_VERSION_3. No aim
for completeness, ssl_parse_server_hello() is not
reworked here for example.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
a25cf58681
ssl_tls.c: Remove one unnecessary minor version check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
c2f13a0568
ssl_tls.c: Modify mbedtls_ssl_set_calc_verify_md()
...
Modify mbedtls_ssl_set_calc_verify_md() taking into
account that it is an TLS 1.2 only function.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
4dcbca952e
ssl_tls.c: Move mbedtls_ssl_set_calc_verify_md() to TLS 1.2 section
...
In ssl_tls.c, move mbedtls_ssl_set_calc_verify_md() under the
"if defined(MBEDTLS_SSL_PROTO_TLS1_2)" pre-processor directive
as it is specific to TLS 1.2.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
81591aa0f3
ssl_tls.c: Remove ssl_set_handshake_prfs unnecessary minor_ver param
...
ssl_set_handshake_prfs() is TLS 1.2 specific and only called
from TLS 1.2 only code thus no need to pass the TLS minor
version of the currebt session.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
f12b81d387
ssl_tls.c: Fix PSA ECDH private key destruction
...
In TLS 1.3, a PSA ECDH private key may be created
even if MBEDTLS_SSL_USA_PSA_CRYPTO is disabled. We
must destroy this key if still referenced by an
handshake context when we free such context.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
5b98ac9c64
TLS 1.3: Move PSA ECDH private key destroy to dedicated function
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
8540cf66ac
ssl_tls.c: Propose PKCS1 v1.5 signatures with SHA_384/512
...
In case of TLS 1.3 and hybrid TLS 1.2/1.3, propose
PKCS1 v1.5 signatures with SHA_384/512 not only
SHA_256. There is no point in not proposing them
if they are available.
In TLS 1.3 those could be useful for certificate
signature verification.
In hybrid TLS 1.2/1.3 this allows to propose for
TLS 1.2 the same set of signature algorithms.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
Ronald Cron
60ff79424e
ssl_tls13_client.c: alpn: Miscellanous minor improvements
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
13d8ea1dd9
ssl_tls13_client.c: alpn: Loop only once over protocol names
...
This has although the benefit of getting rid of a
potential integer overflow (though very unlikely
and probably harmless).
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
a0855a6d13
ssl_tls13_client.c: alpn: Add missing return value assignment
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
de1adee51a
Rename ssl_cli/srv.c
...
Rename ssl_cli.c and ssl_srv.c to reflect the fact
that they are TLS 1.2 specific now. Align there new
names with the TLS 1.3 ones.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:39:49 +02:00
Ronald Cron
63d97ad0bb
Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512
...
Add rsae sha384 sha512
2022-03-29 14:01:51 +02:00
Manuel Pégourié-Gonnard
39f2f73e69
Merge pull request #5630 from ronald-cron-arm/restore-full-compat-testing
...
Restore full TLS compatibility testing
2022-03-28 18:31:17 +02:00
Ronald Cron
e44d8e7eea
Merge pull request #5369 from xkqian/add_2nd_client_hello
...
Add 2nd client hello
2022-03-28 12:18:41 +02:00
Ronald Cron
fb39f15fa1
ssl_tls.c: Use ETM status only in CBC mode case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:50:18 +01:00
Ronald Cron
862902dd57
ssl_srv.c: Mark ETM as disabled if cipher is not CBC
...
Encrypt-Then-Mac (ETM) is supported in Mbed TLS TLS
1.2 server only for the CBC cipher mode thus make it
clear in the SSL context.
The previous code was ok as long as the check of
the ETM status was done only in the case of the CBC
cipher mode but fragile as #5573 revealed.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-25 16:50:18 +01:00
Manuel Pégourié-Gonnard
cefa904759
Merge pull request #5622 from paul-elliott-arm/timing_delay_accessor
...
Accessor for mbedtls_timing_delay_context final delay
2022-03-25 09:14:41 +01:00
XiaokangQian
20438976f9
Change comments and styles base on review
...
Change-Id: Idde76114aba0a47b61355677dd33ea9de7deee9d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 08:09:29 +00:00
XiaokangQian
c02768a399
Replace ssl->handshake with handshake in write_cookie_ext()
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
9b93c0dd8d
Change cookie parameters for dtls and tls 1.3
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
25c9c9023c
Refine cookie len to fix compile issues
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
9deb90f74e
Change parameter names and code style
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
5e3c947841
Fix right-shift data loss issue with MBEDTLS_PUT_UINT16_BE in cookie
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
233397ef88
Update code base on comments
...
Remove state MBEDTLS_SSL_CLIENT_CCS_AFTER_CLIENT_HELLO cause no early data
Change code styles and comments
Fix cookie write issues
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
XiaokangQian
0b64eedba8
Add cookies write in client hello
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-03-25 07:50:56 +00:00
Ronald Cron
90045241e7
Merge pull request #5659 from yuhaoth/pr/fix-wrong-check-certificate-verify
...
TLS1.3: Fix incorrect check for certificate verify
2022-03-25 08:35:41 +01:00
Jerry Yu
6c6f10265d
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-25 11:09:50 +08:00
Jerry Yu
bd1b3278b1
Remove useless code
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-24 13:07:28 +08:00
Jerry Yu
e26acee896
Refactor guards for sig algs
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 21:01:33 +08:00
Jerry Yu
f8aa9a44aa
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 20:54:38 +08:00
Manuel Pégourié-Gonnard
5e4bf95d09
Merge pull request #5602 from superna9999/5174-md-hmac-dtls-cookies
...
MD: HMAC in DTLS cookies
2022-03-23 13:05:24 +01:00
Jerry Yu
8c3388620d
create sig_alg decode function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 13:34:04 +08:00
Jerry Yu
0c23fc39c3
fix various guards issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 12:20:01 +08:00
Jerry Yu
7533982f68
guard pk_error_from_psa_ecdsa with USE_PSA_CRYPTO
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 12:06:31 +08:00
Jerry Yu
e010de4be3
Rename ctx to rsa_ctx
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 11:45:55 +08:00
Jerry Yu
fb0621d841
fix pk_sign_ext issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-23 11:42:06 +08:00
Jerry Yu
cef3f33012
Guard rsa sig algs with rsa_c and pkcs1_v{15,21}
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 23:16:42 +08:00
Jerry Yu
e91a51a539
Refactor get_sig_alg_from pk
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 21:42:50 +08:00
Jerry Yu
bf455e7516
rename pk_psa_rsa_sign_ext param
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 21:39:41 +08:00
Jerry Yu
3616533d26
tls13:remove ec check from validate certification
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 19:46:05 +08:00
Neil Armstrong
488a40eecb
Rename psa_hmac to psa_hmac_key in mbedtls_ssl_cookie_ctx
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-22 10:41:38 +01:00
Jerry Yu
dddf5a0e18
Refactor get_sig_alg_from_pk
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:47:19 +08:00
Jerry Yu
89107d1bc2
fix ci fail without RSA_C
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:14:53 +08:00
Jerry Yu
406cf27cb5
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:14:53 +08:00
Jerry Yu
848ecce990
fix wrong typo in function name
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:14:52 +08:00
Jerry Yu
07869e804c
fix psa crypto test fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:35 +08:00
Jerry Yu
b02ee18e64
replace use_psa_crypto with psa_crypto_c
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:35 +08:00
Jerry Yu
b6875bc17a
change rsa_pss salt type
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:35 +08:00
Jerry Yu
704cfd2a86
fix comments and style issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:35 +08:00