Ronald Cron
9f2c3c09df
tls13: cli: Add mbedtls_ssl_get_early_data_status() API
...
Add mbedtls_ssl_get_early_data_status() API and its
testing.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:44:51 +01:00
Ronald Cron
e21c2d2ce1
tls13: cli: Add missing MBEDTLS_SSL_EARLY_DATA guards
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:44:51 +01:00
Ronald Cron
d4069247b8
Improve comments/documentation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:37:26 +01:00
Ronald Cron
49221900b0
tls13: write_early_data: Add endpoint check
...
Return in error of the API is not called
from a client endpoint.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 14:37:52 +01:00
Ronald Cron
d6d32b9210
tls13: Improve declaration and doc of early data status
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:14 +01:00
Ronald Cron
b9a9b1f5a5
tls13: Fix/Improve comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:14 +01:00
Ronald Cron
84dfbf488a
tls13: client: Add comment about early data in 2nd ClientHello
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:14 +01:00
Ronald Cron
5fbd27055d
tls13: Use a flag not a counter for CCS and HRR handling
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-15 17:19:02 +01:00
Ronald Cron
e273f7203d
tls13: client: Improve CCS handling
...
Call unconditionally the CCS writing function
when sending a CCS may be necessary in the
course of an handshake. Enforce in the writing
function and only in the writing function that
only one CCS is sent.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-14 10:24:00 +01:00
Xiaokang Qian
b62732e1d6
tls13: cli: Add mbedtls_ssl_write_early_data() API
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
Ronald Cron
90e223364c
tls13: cli: Refine early data status
...
The main purpose of the change is to
know from the status, at any point in
the handshake, if early data can be
sent or not and why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Ronald Cron
fe59ff794d
tls13: Send dummy CCS only once
...
Fix cases where the client was sending
two CCS, no harm but better to send only one.
Prevent to send even more CCS when early data
are involved without having to add conditional
state transitions.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-06 16:43:33 +01:00
Manuel Pégourié-Gonnard
5c9cc0b30f
Merge pull request #8727 from ronald-cron-arm/tls13-ignore-early-data-when-rejected
...
TLS 1.3: SRV: Ignore early data when rejected
2024-02-06 13:16:03 +00:00
Ronald Cron
71c6e65d83
tls13: ssl_msg.c: Improve/add comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-05 16:54:37 +01:00
Ronald Cron
31e2d83eee
tls13: srv: Improve coding
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-05 16:45:57 +01:00
Manuel Pégourié-Gonnard
32c28cebb4
Merge pull request #8715 from valeriosetti/issue7964
...
Remove all internal functions from public headers
2024-02-05 15:09:15 +00:00
Janos Follath
747bedb0b0
Merge pull request #8733 from ivq/gcm_ad_len_check
...
Add back restriction on AD length of GCM
2024-02-05 13:33:58 +00:00
Jerry Yu
f57d14bed4
Ignore early data app msg before 2nd client hello
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Jerry Yu
263dbf7167
tls13: srv: Do not allow early data indication in 2nd ClientHello
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Ronald Cron
1483dc3bde
tls13: cli: Indicate early data only in first ClientHello
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Ronald Cron
2995d35ac3
tls13: srv: Deprotect and discard early data records
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Jerry Yu
4caf3ca08c
tls13: srv: Add discard_early_data_record SSL field
...
Add discard_early_data_record in SSL context for
the record layer to know if it has to discard
some potential early data record and how.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-02 17:31:20 +01:00
Ronald Cron
78a38f607c
tls13: srv: Do not use early_data_status
...
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:10:35 +01:00
Ronald Cron
3b9034544e
Revert "tls13: Introduce early_data_state SSL context field"
...
This reverts commit 0883b8b625
.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 20:03:57 +01:00
Ronald Cron
164537c4a6
tls13: early data: Improve, add comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 19:52:30 +01:00
Ronald Cron
ed7d4bfda5
tls13: srv: Simplify mbedtls_ssl_read_early_data() API
...
Do not progress the handshake in the API, just
read early data if some has been detected by
a previous call to mbedtls_ssl_handshake(),
mbedtls_ssl_handshake_step(),
mbedtls_ssl_read() or mbedtls_ssl_write().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:07 +01:00
Ronald Cron
0883b8b625
tls13: Introduce early_data_state SSL context field
...
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:45:04 +01:00
Ronald Cron
7b6ee9482e
tls13: srv: Reject early data in case of HRR
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
d9ca354dbd
tls13: srv: Add mbedtls_ssl_read_early_data() API
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
6a5904db45
tls13: srv: Move early data size check placeholder
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Jerry Yu
739a1d4246
tls: Add internal function ssl_read_application_data()
...
The function will be used by
mbedtls_ssl_read_early_data() as well.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Ronald Cron
5d0ae9021f
tls13: srv: Refine early data status
...
The main purpose is to know from the status
if early data can be received of not and
why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
Ronald Cron
11cc41265b
Merge pull request #8711 from ronald-cron-arm/tls13-ticket-and-early-data-unit-test
...
Add TLS 1.3 ticket and early data unit tests
2024-02-01 13:15:55 +00:00
Paul Elliott
cb88c4945a
Merge pull request #8754 from Redfoxymoon/development
...
fix build for midipix
2024-02-01 10:01:49 +00:00
Dave Rodgman
dae21d3808
Support SHA-512 hwcap detection on old libc
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-30 15:31:42 +00:00
Ørjan Malde
2a6cb5c881
fix build for midipix
...
Signed-off-by: Ørjan Malde <red@foxi.me>
2024-01-30 14:50:23 +01:00
Paul Elliott
47c74a4773
Merge pull request #8741 from Ryan-Everett-arm/add-locking-macros
...
Add macros for locking/unlocking the key slot mutex
2024-01-26 13:53:38 +00:00
Dave Rodgman
935182fe2b
Merge pull request #1158 from daverodgman/mbedtls-3.5.2rc
...
Mbedtls 3.5.2rc
2024-01-25 12:22:54 +00:00
Dave Rodgman
f5e231ca84
Merge pull request #8719 from daverodgman/iar-codegen
...
Improve codegen of unaligned access for IAR and gcc
2024-01-25 08:31:45 +00:00
Ryan Everett
3877d4858b
Refactor macros
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-24 13:26:26 +00:00
Dave Rodgman
13f2f4e7f1
Merge remote-tracking branch 'restricted/development' into mbedtls-3.5.2rc
2024-01-24 09:49:15 +00:00
Ryan Everett
cb05ce30e9
Minor fixes to locking macros
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-23 19:25:10 +00:00
Ryan Everett
90afb132e0
Add ..._GOTO_EXIT macro
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-23 18:34:55 +00:00
Ryan Everett
d6d6a76e46
Add ..._GOTO_RETURN macro
...
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
2024-01-23 18:32:42 +00:00
Chien Wong
019c2a7817
Handle sizeof(size_t) > sizeof(uint64_t)
...
Signed-off-by: Chien Wong <m@xv97.com>
2024-01-23 21:38:06 +08:00
Janos Follath
aa3fa98bc4
Merge pull request #8726 from v1gnesh/patch-1
...
Update entropy_poll.c to allow build in z/OS
2024-01-23 12:43:18 +00:00
Dave Rodgman
c64280a2d7
Fix comment typo
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-23 10:05:08 +00:00
Dave Rodgman
00b530e395
Limit compiler hint to compilers that are known to benefit from it
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-23 09:41:34 +00:00
Dave Rodgman
e23d6479cc
Bump version
...
./scripts/bump_version.sh --version 3.5.1
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2024-01-22 15:45:49 +00:00
Janos Follath
b4b8f3df3b
RSA: improve readability
...
Signed-off-by: Janos Follath <janos.follath@arm.com>
2024-01-22 15:33:19 +00:00