yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
18784 commits 1 branch 0 tags 94 MiB
Commit graph

8133 commits

Author SHA1 Message Date
Manuel Pégourié-Gonnard
3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto 
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
 2022-02-16 17:33:47 +01:00
Andrzej Kurek
59550537f0 Change signature_length type to size_t 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-16 07:46:42 -05:00
Andrzej Kurek
4a953cdd9f pk: properly handle signatures in larger buffers when using PSA 
As stated in function documentation.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-16 06:13:35 -05:00
Gabor Mezei
8d5a4cbfdb
Check return value of psa_destroy_key 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-15 16:23:17 +01:00
Gabor Mezei
833713c35c
Add better name for variable 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-15 16:16:08 +01:00
Andrzej Kurek
8666df6f18 Add signature length mismatch handling when using PSA in pk_verify_ext 
Introduce a regression test for that too.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-15 08:23:02 -05:00
Andrzej Kurek
90ba2cbd0a Cosmetic changes to return placement and variable naming 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-15 08:18:44 -05:00
Manuel Pégourié-Gonnard
a1b506996d
Merge pull request #5526 from paul-elliott-arm/fix_fuzzer_null_ref 
Ensure ctr_drbg is initialised every time in fuzz_server
 2022-02-15 10:31:03 +01:00
Ronald Cron
b788c044b7 Use PSA status to Mbed TLS error code conversion function 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-15 09:14:15 +01:00
Manuel Pégourié-Gonnard
e14b644f4d
Merge pull request #5456 from mpg/cleanup-ecdh-psa 
Cleanup PSA-based ECDHE in TLS 1.2
 2022-02-15 09:09:07 +01:00
PeterSpace
c2774a3ad4 Update library/psa_its_file.c 
Signed-off-by: pespacek <peter.spacek@silabs.com>
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
 2022-02-14 12:24:56 +01:00
Ronald Cron
f6893e11c7 Finalize PSA hash operations in TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-02-11 16:10:34 +01:00
Paul Elliott
00738bf65e Ensure ctr_drbg is initialised every time 
ctr_drbg is a local variable and thus needs initialisation every time
LLVMFuzzerTestOneInput() is called, the rest of the variables inside the
if(initialised) block are all static.

Add extra validation to attempt to catch this issue in future.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-10 18:38:53 +00:00
Gabor Mezei
9607ab4dbd
Prevent function not used compilation error 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-10 10:57:24 +01:00
Gabor Mezei
a3eecd242c
Implement HKDF expand in TLS 1.3 based on PSA HMAC 
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-02-10 10:57:23 +01:00
Glenn Strauss
a941b62985 Create public macros for ssl_ticket key,name sizes 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 15:28:28 -05:00
Glenn Strauss
a950938ff0 Add mbedtls_ssl_ticket_rotate for ticket rotation. 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 14:33:15 -05:00
Andrzej Kurek
7db1b78fff Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO 
Duplicate a test case but with a different expected error
due to error translation to and from PSA.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-02-09 14:13:44 -05:00
Jerry Yu
7840f81303 fix client_auth fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-09 19:43:22 +08:00
Manuel Pégourié-Gonnard
62b49cd06a
Merge pull request #5472 from yuhaoth/pr/move-client-auth 
Move client_auth to handshake
 2022-02-09 10:57:00 +01:00
Ronald Cron
6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request 
add tls1_3 read certificate request
 2022-02-09 09:51:55 +01:00
Xiaofei Bai
7c8b6a97b9 Update CertificateRequest skip condition 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-02-08 15:21:13 +00:00
Jerry Yu
5c7d1cce97 fix typo error 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-08 21:08:29 +08:00
Jerry Yu
2d9a694088 change type of client_auth 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-08 21:07:10 +08:00
pespacek
e990100ddb BUGFIX: psa_its_set now rejects UID = 0 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-02-08 14:05:41 +01:00
Xiaofei Bai
c234ecf695 Update mbedtls_ssl_handshake_free() and address review comments. 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-02-08 10:26:42 +00:00
Manuel Pégourié-Gonnard
45c5768a74
Merge pull request #5434 from mprse/tls_use_psa 
TLS Cipher: use PSA crypto
 2022-02-08 10:27:25 +01:00
Manuel Pégourié-Gonnard
5d6053f548 Fix a typo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 10:26:19 +01:00
Xiaofei Bai
51f515a503 update based on comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-02-08 07:28:04 +00:00
Jerry Yu
0ff8ac89f5 fix comments issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-02-08 10:10:48 +08:00
Przemyslaw Stekiel
c499e33ed0 ssl_msg.c: Change message in MBEDTLS_SSL_DEBUG_RET() to be the failed function name instead current function name 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-07 15:12:05 +01:00
Manuel Pégourié-Gonnard
ff229cf639 Add debug message for wrong curve 
The non-PSA path has a debug message here, so let's have a similar one
in the PSA case - just add the curve ID to be a bit more informative.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-07 12:00:32 +01:00
Manuel Pégourié-Gonnard
422370d633 Improve a comment and fix some whitespace 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-07 11:55:21 +01:00
Przemyslaw Stekiel
c8a06feae6 ssl_msg.c: Optimize null/stream cipher decryption/encryption 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-07 10:52:47 +01:00
Przemyslaw Stekiel
98ef6dca68 Remove redundant new lines 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-07 08:04:39 +01:00
Przemyslaw Stekiel
6928a5164d Compile mbedtls_ssl_cipher_to_psa() conditionally under MBEDTLS_USE_PSA_CRYPTO only 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
8c010eb467 Fix comments, code style, remove debug code 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
6b2eedd25f ssl_msg.c: add debug code for psa failures 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 14:55:14 +01:00
Manuel Pégourié-Gonnard
141be6cc7f Fix missing check on server-chosen curve 
We had this check in the non-PSA case, but it was missing in the PSA
case.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
0d63b84fa4 Add mbedtls_ssl_check_curve_tls_id() (internal) 
This can be used to validate the server's choice of group in the PSA
case (this will be done in the next commit).

Note that new function doesn't depend on ECP_C, as it only requires
mbedtls_ssl_get_groups(), which is always available. As a general rule,
functions for defining and enforcing policy in the TLS module should not
depend on low-level modules but work with TLS-level identifiers are much
as possible, and this new function follows that principle.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
3caa0edb9b Remove dead preprocessor code 
There's no way currently (see below regarding the future) that ECC-based
key exchanges are enabled without ECP_C being defined. So, the #if was
fully redundant with the checks surrounding the function, as it always
evaluated to true.

The situation arose as, in the old days (before Mbed TLS 2.0),
mbedtls_ssl_conf_curves() (or ssl_set_curves() as it was called back
then) was optional, controlled by its own compile-time option
POLARSSL_SSL_SET_CURVES. So, in turn mbedtls_ssl_check_curve() depended
on POLARSSL_SSL_SET_CURVES too, and all calls to it were guarded by
that.

When it was made non-optional, a blind
s/POLARSSL_SSL_SET_CURVES/MBEDTLS_ECP_C/ was done, which resulted in
stupid situations like this with redundant checks for ECP_C.

Note regarding the future: at some point it will be possible to compile
with ECC-based key exchanges but without ECP_C. This doesn't change
anything to the reasoning above: mbedtls_ssl_check_curve() will be
available in all builds where ECC is used; it will just need a new
definition (with new guards), but that doesn't change anything for its
callers.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
4a0ac1f160 Remove mbedtls_psa_tls_ecpoint_to_psa_ec() 
Same reasons as for the previous commit.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
58d2383ef4 Remove mbedtls_psa_tls_psa_ec_to_ecpoint() 
Initially this function was doing something because the output format of
psa_export_public() didn't match the ECPoint format that TLS wants.

Then it became a no-op then the output format of psa_export_public()
changed, but it made sense to still keep the function in case the format
changed again. Now that the PSA Crypto API has reached 1.0 status, this
is unlikely to happen, so the no-op function is no longer useful.

Removing it de-clutters the code a bit; while at it we can remove a
temporary stack buffer (that was up to 133 bytes).

It's OK to remove this function even if it was declared in a public
header, as there's a warning at the top of the file saying it's not part
of the public API.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:14 +01:00
Manuel Pégourié-Gonnard
e5119898e4 Improve a comment 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-03 11:08:13 +01:00
Przemyslaw Stekiel
d66387f8fa Init psa status to PSA_ERROR_CORRUPTION_DETECTED 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel
b97556e8d1 mbedtls_ssl_encrypt/decrypt_buf: remove dead code 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-03 09:16:29 +01:00
Przemyslaw Stekiel
f9cd60853f ssl_tls1X_populate_transform(): import psa keys only if alg is not MBEDTLS_SSL_NULL_CIPHER 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-01 11:25:55 +01:00
Manuel Pégourié-Gonnard
9cb7b8d263
Merge pull request #5469 from Unity-Technologies/windows-arm64-workaround 
Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug
 2022-02-01 09:21:27 +01:00
Tautvydas Žilys
40fc7da101 Cap the workaround for mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to MSVC versions prior to 17.1. 
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
 2022-01-31 13:34:01 -08:00
Przemyslaw Stekiel
77aec8d181 Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel
be47ecf5e2 mbedtls_ssl_get_record_expansion: use same condidion set as for non-psa build 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 17:50:00 +01:00
Przemyslaw Stekiel
2c87a200a3 ssl_write_encrypt_then_mac_ext(): adapt to psa crypto 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
89dad93a78 Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
399ed51185 Fix condition in mbedtls_ssl_get_record_expansion 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
e5c2238a99 Move mbedtls_ssl_cipher_to_psa() and psa_status_to_mbedtls() defs out of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED build flag 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
f57b45660d Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention. 
New function name:  mbedtls_ssl_cipher_to_psa().

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
1d714479a3 mbedtls_ssl_get_record_expansion: rework switch statement for psa 
As PSA_ALG_IS_AEAD( transform->psa_alg ) can't be used as switch labels (switch labels must be constant expressions, they have to be evaluated at compile time) refactor switch to "if else" statement.

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
e88477844c Adapt the mbed tls mode: ccm or gcm or cachapoly to psa version 
mode == MBEDTLS_MODE_CCM || mode == MBEDTLS_GCM || mode == MBEDTLS_CHACHAPOLY is equivalent to PSA_ALG_IS_AEAD( alg ).

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
221b52791e ssl_msg.c: fix parm in call to mbedtls_ssl_decrypt_buf() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
9b22c2b1e6 Rename: mbedtls_cipher_to_psa -> tls_mbedtls_cipher_to_psa 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
6be9cf542f Cleanup the code 
Use conditional compilation for psa and mbedtls code (MBEDTLS_USE_PSA_CRYPTO).

Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
d4eab57933 Skip psa encryption/decryption for null cipher 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
ce09e7d868 Use psa_status_to_mbedtls() for psa error case 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
fe7397d8a7 Fix key attributes encrypt or decrypt only (not both) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
dd7b501c92 Move PSA init after taglen is set 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
e87475d834 Move psa_status_to_mbedtls to ssl_misc.h 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
8398a67e31 Fix description of the translation function 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
1fe065b235 Fix conditional compilation (MBEDTLS_USE_PSA_CRYPTO) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
2e9711f766 mbedtls_ssl_decrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_decrypt_ext() with PSA calls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
b37fae122c mbedtls_ssl_encrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_encrypt_ext() with PSA calls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
76e1583483 Convert psa status to mbedtls 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
11a33e6d90 Use PSA_BITS_TO_BYTES macro to convert key bits to bytes 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ae77b0ab28 mbedtls_ssl_tls13_populate_transform: store the en/decryption keys and alg in the new fields 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ffccda45df ssl_tls12_populate_transform: store the en/decryption keys and alg in the new fields 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ce37d11c67 mbedtls_ssl_transform_free(): fix destruction of psa keys 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
8f80fb9b1d Adapt in mbedtls_ssl_transform_init() and mbedtls_ssl_transform_free() after extending mbedtls_ssl_transform struct 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
44187d7a3e Extend mbedtls_ssl_transform struct for psa keys and alg 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
430f337b49 Add helper function to translate mbedtls cipher type/mode pair to psa: algorithm, key type and key size. 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-01-31 15:38:28 +01:00
Paul Elliott
a9f32fbb21
Merge pull request #5382 from lhuang04/tls13_f_export_keys 
Swap the client and server random for TLS 1.3 f_export_keys
 2022-01-28 12:09:19 +00:00
Xiaofei Bai
6d42bb430c Update mbedtls_ssl_handshake_free() 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-28 10:05:51 +00:00
Manuel Pégourié-Gonnard
f7d704dbd2 Avoid dead code in some configurations 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-28 10:05:56 +01:00
Xiaofei Bai
f5b4d25cfa Add received_sig_algs member to struct mbedtls_ssl_handshake_params 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-28 06:37:15 +00:00
Jerry Yu
fb28b88e26 move client_auth to handshake 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-28 11:05:58 +08:00
lhuang04
a3890a3427 Swap the client and server random for TLS 1.3 
Summary:

Test Plan:

Reviewers:

Subscribers:

Tasks:

Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
 2022-01-27 06:00:43 -08:00
XiaokangQian
8499b6ce25 Only free verify_cookie in tls 1.3 case. 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-27 09:00:11 +00:00
Xiaofei Bai
82f0a9a1db Rebase and address review comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2022-01-27 07:53:52 +00:00
XiaokangQian
a909061c2a Refine HRR parse successfully message in test cases 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-27 03:48:27 +00:00
XiaokangQian
34909746df Change cookie free code and some comments 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-27 02:25:04 +00:00
Tautvydas Žilys
60165d7708 Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug. 
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
 2022-01-26 15:44:10 -08:00
XiaokangQian
52da558103 Change code base on comments 
Align the alert type in parse_server_hello
Remove MBEDTLS_SSL_COOKIE_C guard
Enable cookie for both DTLS and TLS1.3

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
aec1f3e913 Cookie fields are used only by DTLS 1.3 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
b119a35d07 Refine fatal alert in parse_server_hello 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
d59be77ce7 Refine code based on comments 
Add comments for parse hrr key share and cookie
Change variable names based on RFC8466
Refine fatal allerts in parse server hello and hrr

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
0ece998287 Refine code in mbedtls_ssl_reset_transcript_for_hrr 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
f1e7d12cb6 Fix compile issues in mbedtls_ssl_session_reset_msg_layer 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
43550bd761 Prepare function to parse hrr cookie extension 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
2b01dc30cb Add hrr no change check and allign mbedtls_ssl_session_reset_msg_layer 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
355e09ae9d Change code base on comments 
Change functions name
Change some comments
Improve hrr test case for gnutls

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
78b1fa7e81 Update code base on comments 
Move reset transcript for hrr to generic
Reset SHA256 or SHA384 other than both
Rename message layer reset
Add check log for hrr parse successfully

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:53:15 +00:00
XiaokangQian
53f20b71c5 Improve ssl_tls13_parse_server_hello 
Avoid coping random bytes in hrr
Send illegal parameter alert when cipher suite mismatch
Send illegal parameter alert when supported_version not exist

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-01-26 10:51:13 +00:00