If the server during a TLS 1.3 handshake selects
the PSK key exchange mode, it does not matter
if it did not find in the key share extension
a key share for a group it supports. Such a
key share is used and necessary only in the
case of the ephemeral or PSK ephemeral key
exchange mode. This is a possible scenario in
the case of a server that supports only the PSK
key exchange mode and a client that also
supports a key exchange mode with ephemeral keys.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Large static inline functions used from several translation units in the
library are bad for code size as we end up with multiple copies. Use the
actual function instead. There's already a comment that says so.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
As usual, just a search-and-replace plus:
1. Removing things from hash_info.[ch]
2. Adding new auto-enable MD_LIGHT in build-info.h
3. Including md_psa.h where needed
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Check for TLS 1.3 version first when parsing
the supported versions extension as it is
the most likely version.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Postpone TLS 1.3 cipher suite selection
when we are sure we negotiate the version
1.3 of the protocol.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the legacy session id.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
To avoid doing it twice in case we eventually
negotiate the version 1.2 of the protocol,
postpone the copy of the client random
bytes.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
When parsing the ClientHello message,
move the setting of the TLS version
to TLS 1.3 after the computation of
the end of the list of cipher suites.
At that point we are able to compute
the address and end address of the
list of extensions and thus able to
search and parse the supported_versions
extension to select which version
of the TLS protocol we are going to
negotiate.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
A few functions were changed from returning void to returning int three
commits ago. Make sure their callers check the return values.
This commits was basically a matter of declaring newly-int-returning
functions MBEDTLS_CHECK_RETURN_CRITICAL and then fixing the resulting
warnings. A few functions had to be made int in the process; they were
applied the same process as well.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Check ciphersuite list length parity once,
mainly to enable the possibility of getting
out of the loop of the ciphersuites whenever
we want.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
