Commit graph

72 commits

Author SHA1 Message Date
XiaokangQian
acb3992251 Add ALPN extension to the server side
CustomizedGitHooks: yes
Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-22 06:34:58 +00:00
Ronald Cron
ca3c6a5698
Merge pull request #5817 from xkqian/tls13_add_server_name
Tls13 add server name
2022-06-16 08:30:09 +02:00
Dave Rodgman
a3344f7bac
Merge pull request #5767 from leorosen/avoid-null-args
Avoid potentially passing NULL arguments
2022-05-30 11:40:21 +01:00
XiaokangQian
9b2b7716b0 Change mbedtls_ssl_parse_server_name_ext base on comments
Change-Id: I4ae831925cb1899afafb7dc626bfad9be24a5c8c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-30 08:07:16 +00:00
XiaokangQian
40a3523eb7 Add support of server name extension to server side
Change-Id: Iccf5017e306ba6ead2e1026a29f397ead084cc4d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-30 08:07:16 +00:00
Ronald Cron
9edf51d8cd
Merge pull request #5785 from gabor-mezei-arm/5460_unify_parsing_sig_alg_ext
Unify parsing of the signature algorithms extension in TLS 1.2 and TLS 1.3
CI ABI API check job failure is expected as the PR do some changes in ssl_misc.h.
@RcColes if you eventually want to request some changes, they can be done in a follow-up PR.
2022-05-17 17:01:55 +02:00
Paul Elliott
114203814a Better check for NULL pointer
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-05-17 15:01:20 +01:00
Paul Elliott
dd428d3650 Fix incorrect error message
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-05-13 17:43:16 +01:00
Gabor Mezei
696956da24
Typo
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-13 17:02:19 +02:00
Gabor Mezei
0a4298bbe9
Remove unnecessary duble conversion
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-13 17:02:18 +02:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Gabor Mezei
86acf05b1e
Update signiture algorithm handling
Rename local variables and to simplify things use static_assert to
determine if the default signiture algorithms are not fit into the
SSL handshake structure.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:19 +02:00
Gabor Mezei
c1051b62aa
Remove MBEDTLS_SSL_SIG_ALG_SET macro
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:19 +02:00
Gabor Mezei
a3d016ce41
Rename and rewrite mbedtls_ssl_sig_hash_set_find function
Rename `mbedtls_ssl_sig_hash_set_find` function to a suitable name
and rewrite to operate TLS signature algorithm identifiers.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:18 +02:00
Gabor Mezei
1226590c88
Explicitly set invalid value for the end of the signiture algorithm set
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:18 +02:00
Gabor Mezei
15b95a6c52
Use common macro for the invalid signiture algorithm botn in TLS 1.2 and 1.3
Introduce a new macro MBEDTLS_TLS_SIG_NONE for invalid signiture algorithm.
It is intended to use in common code of TLS 1.2 and 1.3.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:18 +02:00
Gabor Mezei
078e803d2c
Unify parsing of the signature algorithms extension
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:08 +02:00
Neil Armstrong
8ecd66884f Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-05 14:01:49 +02:00
Neil Armstrong
80f6f32495 Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
cd05f0b9e5 Drop skip PMS generation for opaque XXX-PSK now Opaque PSA key is always present when MBEDTLS_USE_PSA_CRYPTO selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
e952a30d47 Remove RAW PSK when MBEDTLS_USE_PSA_CRYPTO is selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
61f237afb7 Remove PSA-only code dealing with non-opaque PSA key
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Manuel Pégourié-Gonnard
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
2022-04-29 10:47:16 +02:00
Gilles Peskine
8855e36030
Merge pull request #5674 from superna9999/5668-abstract-tls-mode-cleanup
Cipher cleanup: abstract TLS mode
2022-04-28 12:33:38 +02:00
Przemek Stekiel
99114f3084 Fix build flags for opaque/raw psk checks
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:34 +02:00
Przemek Stekiel
cb322eac6b Enable support for psa opaque DHE-PSK key exchange on the server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
14d11b0877 Enable support for psa opaque ECDHE-PSK key exchange on the server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:53:55 +02:00
Przemek Stekiel
aeb710fec5 Enable support for psa opaque RSA-PSK key exchange on the server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Manuel Pégourié-Gonnard
55132c6a9a
Merge pull request #5703 from superna9999/5322-ecdh-remove-legacy-context
TLS ECDH 4: remove legacy context
2022-04-22 14:27:06 +02:00
Neil Armstrong
76b7407bd7 Use MBEDTLS_SSL_SOME_SUITES_USE_CBC_ETM to enable ssl_write_encrypt_then_mac_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
ab555e0a6c Rename mbedtls_get_mode_from_XXX to mbedtls_ssl_get_mode_from_XXX
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Neil Armstrong
fe635e42c9 Use mbedtls_get_mode_from_ciphersuite() in server-side ssl_write_encrypt_then_mac_ext()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-22 14:25:59 +02:00
Leonid Rozenboim
287527042b Avoid potentially passing NULL arguments
Several call sites flagged by Coverity that may potentially cause
a pointer argument to be NULL.

In two cases the issue is using a function call as a parameter to
a second function, where the first function may return NULL, while
the second function does not check for the NULL argument value.

Remaining case is when static configuration is mixed with run-time
decision, that could result in a data buffer argument being NULL.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-04-21 18:00:52 -07:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Glenn Strauss
8315811ea7 Remove restrictive proto ver negotiation checks
Overly restrictive protocol version negotiation checks might be
"version intolerant".  TLS 1.3 and DTLS 1.3 move the version to
the "supported_versions" ClientHello extension.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
041a37635b Remove some tls_ver < MBEDTLS_SSL_VERSION_TLS1_2 checks
mbedtls no longer supports earlier TLS protocol versions

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Glenn Strauss
da7851c825 Rename mbedtls_ssl_session minor_ver to tls_version
Store the TLS version instead of minor version number in tls_version.

Note: struct member size changed from unsigned char to uint16_t
Due to standard structure padding, the structure size does not change
unless alignment is 1-byte (instead of 2-byte or more)

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is compatible on little-endian platforms,
but not compatible on big-endian platforms.  The enum values for
the lower byte of MBEDTLS_SSL_VERSION_TLS1_2 and of
MBEDTLS_SSL_VERSION_TLS1_3 matches MBEDTLS_SSL_MINOR_VERSION_3 and
MBEDTLS_SSL_MINOR_VERSION_4, respectively.

Note: care has been taken to preserve serialized session format,
which uses only the lower byte of the TLS version.

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:23:57 -04:00
Neil Armstrong
913b364a52 Simplify compile-time PSA/non-PSA ECDH(E) code in ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 14:59:48 +02:00
Neil Armstrong
3ea01498d8 Store TLS1.2 ECDH point format only when USE_PSA_CRYPTO isn't selected
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-12 14:41:50 +02:00
Neil Armstrong
d91526c17f Refactor to make PSA and non-PSA ECDH(E) server code exclusive
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-12 14:38:52 +02:00
Manuel Pégourié-Gonnard
927410ded3
Merge pull request #5611 from superna9999/5318-tls-ecdhe-psk
TLS ECDH 3a: ECDHE-PSK (both sides, 1.2)
2022-04-12 13:28:02 +02:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh
TLS ECDH 3b: server-side static ECDH (1.2)
2022-04-07 11:46:25 +02:00
Neil Armstrong
1039ba5c98 Check if not using Opaque PSK in ECHDE-PSK PSA version of ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:33:01 +02:00
Neil Armstrong
ede381c808 Get PSK length & check for buffer size before writting in ECHDE-PSK PSA version of ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:33:01 +02:00
Neil Armstrong
3cae167e6a Check buffer pointers before storing peer's public key in ECHDE-PSK PSA version of ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
fdf20cb513 Fix command indentation in ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
2d63da9269 Introduce zlen size variable in ECHDE-PSK part of ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00
Neil Armstrong
d6e2759afb Change to more appropriate pointer declaration in ECHDE-PSK part of ssl_parse_client_key_exchange()
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-05 10:29:53 +02:00