Jerry Yu
7d2396332d
fix wrong setting of max_minor version
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
c5aef88be6
tls13_only: guard ssl_{cli,srv}.c with TLS1_2
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
c10f6b4735
tls13_only: simple test pass
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Jerry Yu
c3091b1c8c
tls13_only: compile pass
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-21 09:06:00 +08:00
Andrzej Kurek
d70fa0e327
Restructure error handling in mbedtls_pk_verify_ext
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-17 10:51:15 -05:00
Gabor Mezei
8e3602569b
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-17 11:50:02 +01:00
Manuel Pégourié-Gonnard
4fa604cc3b
Merge pull request #5511 from SiliconLabs/feature/PSEC-3195-PSA-test-suites-NOT-using-UID-0
...
feat: Update test_suite_psa_its to NOT use UID=0
2022-02-17 11:49:33 +01:00
Gilles Peskine
57b1ff39c2
Merge pull request #5377 from hanno-arm/ecp_add_mixed_fewer_mpis
...
Minor improvements to ECC arithmetic subroutines
2022-02-17 10:27:18 +01:00
Manuel Pégourié-Gonnard
3d1f8b9c00
Merge pull request #5532 from ronald-cron-arm/tls13_and_use_psa_crypto
...
Make TLS 1.3 compatible with MBEDTLS_USE_PSA_CRYPTO
2022-02-16 17:33:47 +01:00
Andrzej Kurek
59550537f0
Change signature_length type to size_t
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-16 07:46:42 -05:00
Andrzej Kurek
4a953cdd9f
pk: properly handle signatures in larger buffers when using PSA
...
As stated in function documentation.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-16 06:13:35 -05:00
Gabor Mezei
8d5a4cbfdb
Check return value of psa_destroy_key
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:23:17 +01:00
Gabor Mezei
833713c35c
Add better name for variable
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-15 16:16:08 +01:00
Andrzej Kurek
8666df6f18
Add signature length mismatch handling when using PSA in pk_verify_ext
...
Introduce a regression test for that too.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 08:23:02 -05:00
Andrzej Kurek
90ba2cbd0a
Cosmetic changes to return placement and variable naming
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-15 08:18:44 -05:00
Manuel Pégourié-Gonnard
a1b506996d
Merge pull request #5526 from paul-elliott-arm/fix_fuzzer_null_ref
...
Ensure ctr_drbg is initialised every time in fuzz_server
2022-02-15 10:31:03 +01:00
Ronald Cron
b788c044b7
Use PSA status to Mbed TLS error code conversion function
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-15 09:14:15 +01:00
Manuel Pégourié-Gonnard
e14b644f4d
Merge pull request #5456 from mpg/cleanup-ecdh-psa
...
Cleanup PSA-based ECDHE in TLS 1.2
2022-02-15 09:09:07 +01:00
PeterSpace
c2774a3ad4
Update library/psa_its_file.c
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
Co-authored-by: Gilles Peskine <gilles.peskine@arm.com>
2022-02-14 12:24:56 +01:00
Ronald Cron
f6893e11c7
Finalize PSA hash operations in TLS 1.3
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-02-11 16:10:34 +01:00
Paul Elliott
00738bf65e
Ensure ctr_drbg is initialised every time
...
ctr_drbg is a local variable and thus needs initialisation every time
LLVMFuzzerTestOneInput() is called, the rest of the variables inside the
if(initialised) block are all static.
Add extra validation to attempt to catch this issue in future.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-10 18:38:53 +00:00
Gabor Mezei
9607ab4dbd
Prevent function not used compilation error
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-10 10:57:24 +01:00
Gabor Mezei
a3eecd242c
Implement HKDF expand in TLS 1.3 based on PSA HMAC
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-02-10 10:57:23 +01:00
Glenn Strauss
a941b62985
Create public macros for ssl_ticket key,name sizes
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 15:28:28 -05:00
Glenn Strauss
a950938ff0
Add mbedtls_ssl_ticket_rotate for ticket rotation.
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 14:33:15 -05:00
Andrzej Kurek
7db1b78fff
Make RSA-PSS verification use PSA with MBEDTLS_USE_PSA_CRYPTO
...
Duplicate a test case but with a different expected error
due to error translation to and from PSA.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-02-09 14:13:44 -05:00
Jerry Yu
7840f81303
fix client_auth fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-09 19:43:22 +08:00
Manuel Pégourié-Gonnard
62b49cd06a
Merge pull request #5472 from yuhaoth/pr/move-client-auth
...
Move client_auth to handshake
2022-02-09 10:57:00 +01:00
Ronald Cron
6ca6faa67e
Merge pull request #5080 from xffbai/add-tls13-read-certificate-request
...
add tls1_3 read certificate request
2022-02-09 09:51:55 +01:00
Xiaofei Bai
7c8b6a97b9
Update CertificateRequest skip condition
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-02-08 15:21:13 +00:00
Jerry Yu
5c7d1cce97
fix typo error
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-08 21:08:29 +08:00
Jerry Yu
2d9a694088
change type of client_auth
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-08 21:07:10 +08:00
pespacek
e990100ddb
BUGFIX: psa_its_set now rejects UID = 0
...
Signed-off-by: pespacek <peter.spacek@silabs.com>
2022-02-08 14:05:41 +01:00
Xiaofei Bai
c234ecf695
Update mbedtls_ssl_handshake_free() and address review comments.
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-02-08 10:26:42 +00:00
Manuel Pégourié-Gonnard
45c5768a74
Merge pull request #5434 from mprse/tls_use_psa
...
TLS Cipher: use PSA crypto
2022-02-08 10:27:25 +01:00
Manuel Pégourié-Gonnard
5d6053f548
Fix a typo
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 10:26:19 +01:00
Xiaofei Bai
51f515a503
update based on comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-02-08 07:28:04 +00:00
Jerry Yu
0ff8ac89f5
fix comments issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-02-08 10:10:48 +08:00
Przemyslaw Stekiel
c499e33ed0
ssl_msg.c: Change message in MBEDTLS_SSL_DEBUG_RET() to be the failed function name instead current function name
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-07 15:12:05 +01:00
Manuel Pégourié-Gonnard
ff229cf639
Add debug message for wrong curve
...
The non-PSA path has a debug message here, so let's have a similar one
in the PSA case - just add the curve ID to be a bit more informative.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-07 12:00:32 +01:00
Manuel Pégourié-Gonnard
422370d633
Improve a comment and fix some whitespace
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-07 11:55:21 +01:00
Przemyslaw Stekiel
c8a06feae6
ssl_msg.c: Optimize null/stream cipher decryption/encryption
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-07 10:52:47 +01:00
Przemyslaw Stekiel
98ef6dca68
Remove redundant new lines
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-07 08:04:39 +01:00
Przemyslaw Stekiel
6928a5164d
Compile mbedtls_ssl_cipher_to_psa() conditionally under MBEDTLS_USE_PSA_CRYPTO only
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
8c010eb467
Fix comments, code style, remove debug code
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 14:55:24 +01:00
Przemyslaw Stekiel
6b2eedd25f
ssl_msg.c: add debug code for psa failures
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 14:55:14 +01:00
Manuel Pégourié-Gonnard
141be6cc7f
Fix missing check on server-chosen curve
...
We had this check in the non-PSA case, but it was missing in the PSA
case.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
0d63b84fa4
Add mbedtls_ssl_check_curve_tls_id() (internal)
...
This can be used to validate the server's choice of group in the PSA
case (this will be done in the next commit).
Note that new function doesn't depend on ECP_C, as it only requires
mbedtls_ssl_get_groups(), which is always available. As a general rule,
functions for defining and enforcing policy in the TLS module should not
depend on low-level modules but work with TLS-level identifiers are much
as possible, and this new function follows that principle.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
3caa0edb9b
Remove dead preprocessor code
...
There's no way currently (see below regarding the future) that ECC-based
key exchanges are enabled without ECP_C being defined. So, the #if was
fully redundant with the checks surrounding the function, as it always
evaluated to true.
The situation arose as, in the old days (before Mbed TLS 2.0),
mbedtls_ssl_conf_curves() (or ssl_set_curves() as it was called back
then) was optional, controlled by its own compile-time option
POLARSSL_SSL_SET_CURVES. So, in turn mbedtls_ssl_check_curve() depended
on POLARSSL_SSL_SET_CURVES too, and all calls to it were guarded by
that.
When it was made non-optional, a blind
s/POLARSSL_SSL_SET_CURVES/MBEDTLS_ECP_C/ was done, which resulted in
stupid situations like this with redundant checks for ECP_C.
Note regarding the future: at some point it will be possible to compile
with ECC-based key exchanges but without ECP_C. This doesn't change
anything to the reasoning above: mbedtls_ssl_check_curve() will be
available in all builds where ECC is used; it will just need a new
definition (with new guards), but that doesn't change anything for its
callers.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
4a0ac1f160
Remove mbedtls_psa_tls_ecpoint_to_psa_ec()
...
Same reasons as for the previous commit.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:15 +01:00
Manuel Pégourié-Gonnard
58d2383ef4
Remove mbedtls_psa_tls_psa_ec_to_ecpoint()
...
Initially this function was doing something because the output format of
psa_export_public() didn't match the ECPoint format that TLS wants.
Then it became a no-op then the output format of psa_export_public()
changed, but it made sense to still keep the function in case the format
changed again. Now that the PSA Crypto API has reached 1.0 status, this
is unlikely to happen, so the no-op function is no longer useful.
Removing it de-clutters the code a bit; while at it we can remove a
temporary stack buffer (that was up to 133 bytes).
It's OK to remove this function even if it was declared in a public
header, as there's a warning at the top of the file saying it's not part
of the public API.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:14 +01:00
Manuel Pégourié-Gonnard
e5119898e4
Improve a comment
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-03 11:08:13 +01:00
Przemyslaw Stekiel
d66387f8fa
Init psa status to PSA_ERROR_CORRUPTION_DETECTED
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 09:16:41 +01:00
Przemyslaw Stekiel
b97556e8d1
mbedtls_ssl_encrypt/decrypt_buf: remove dead code
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-03 09:16:29 +01:00
Przemyslaw Stekiel
f9cd60853f
ssl_tls1X_populate_transform(): import psa keys only if alg is not MBEDTLS_SSL_NULL_CIPHER
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-01 11:25:55 +01:00
Manuel Pégourié-Gonnard
9cb7b8d263
Merge pull request #5469 from Unity-Technologies/windows-arm64-workaround
...
Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug
2022-02-01 09:21:27 +01:00
Tautvydas Žilys
40fc7da101
Cap the workaround for mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to MSVC versions prior to 17.1.
...
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
2022-01-31 13:34:01 -08:00
Przemyslaw Stekiel
77aec8d181
Rename ssl_psa_status_to_mbedtls->psa_ssl_status_to_mbedtls
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 20:22:53 +01:00
Przemyslaw Stekiel
be47ecf5e2
mbedtls_ssl_get_record_expansion: use same condidion set as for non-psa build
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 17:50:00 +01:00
Przemyslaw Stekiel
2c87a200a3
ssl_write_encrypt_then_mac_ext(): adapt to psa crypto
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
89dad93a78
Rename psa_status_to_mbedtls->ssl_psa_status_to_mbedtls and add conversion for PSA_ERROR_INVALID_SIGNATURE
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
399ed51185
Fix condition in mbedtls_ssl_get_record_expansion
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
e5c2238a99
Move mbedtls_ssl_cipher_to_psa() and psa_status_to_mbedtls() defs out of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED build flag
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:39:24 +01:00
Przemyslaw Stekiel
f57b45660d
Rename tls_mbedtls_cipher_to_psa() to be consistent with function naming convention.
...
New function name: mbedtls_ssl_cipher_to_psa().
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
1d714479a3
mbedtls_ssl_get_record_expansion: rework switch statement for psa
...
As PSA_ALG_IS_AEAD( transform->psa_alg ) can't be used as switch labels (switch labels must be constant expressions, they have to be evaluated at compile time) refactor switch to "if else" statement.
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
e88477844c
Adapt the mbed tls mode: ccm or gcm or cachapoly to psa version
...
mode == MBEDTLS_MODE_CCM || mode == MBEDTLS_GCM || mode == MBEDTLS_CHACHAPOLY is equivalent to PSA_ALG_IS_AEAD( alg ).
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
221b52791e
ssl_msg.c: fix parm in call to mbedtls_ssl_decrypt_buf()
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
9b22c2b1e6
Rename: mbedtls_cipher_to_psa -> tls_mbedtls_cipher_to_psa
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
6be9cf542f
Cleanup the code
...
Use conditional compilation for psa and mbedtls code (MBEDTLS_USE_PSA_CRYPTO).
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
d4eab57933
Skip psa encryption/decryption for null cipher
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
ce09e7d868
Use psa_status_to_mbedtls() for psa error case
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
fe7397d8a7
Fix key attributes encrypt or decrypt only (not both)
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
dd7b501c92
Move PSA init after taglen is set
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
e87475d834
Move psa_status_to_mbedtls to ssl_misc.h
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
8398a67e31
Fix description of the translation function
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
1fe065b235
Fix conditional compilation (MBEDTLS_USE_PSA_CRYPTO)
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
2e9711f766
mbedtls_ssl_decrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_decrypt_ext() with PSA calls
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:29 +01:00
Przemyslaw Stekiel
b37fae122c
mbedtls_ssl_encrypt_buf(): replace mbedtls_cipher_crypt() and mbedtls_cipher_auth_encrypt_ext() with PSA calls
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
76e1583483
Convert psa status to mbedtls
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
11a33e6d90
Use PSA_BITS_TO_BYTES macro to convert key bits to bytes
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ae77b0ab28
mbedtls_ssl_tls13_populate_transform: store the en/decryption keys and alg in the new fields
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ffccda45df
ssl_tls12_populate_transform: store the en/decryption keys and alg in the new fields
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
ce37d11c67
mbedtls_ssl_transform_free(): fix destruction of psa keys
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
8f80fb9b1d
Adapt in mbedtls_ssl_transform_init() and mbedtls_ssl_transform_free() after extending mbedtls_ssl_transform struct
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
44187d7a3e
Extend mbedtls_ssl_transform struct for psa keys and alg
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Przemyslaw Stekiel
430f337b49
Add helper function to translate mbedtls cipher type/mode pair to psa: algorithm, key type and key size.
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-01-31 15:38:28 +01:00
Paul Elliott
a9f32fbb21
Merge pull request #5382 from lhuang04/tls13_f_export_keys
...
Swap the client and server random for TLS 1.3 f_export_keys
2022-01-28 12:09:19 +00:00
Xiaofei Bai
6d42bb430c
Update mbedtls_ssl_handshake_free()
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-28 10:05:51 +00:00
Manuel Pégourié-Gonnard
f7d704dbd2
Avoid dead code in some configurations
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-01-28 10:05:56 +01:00
Xiaofei Bai
f5b4d25cfa
Add received_sig_algs member to struct mbedtls_ssl_handshake_params
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-28 06:37:15 +00:00
Jerry Yu
fb28b88e26
move client_auth to handshake
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-28 11:05:58 +08:00
lhuang04
a3890a3427
Swap the client and server random for TLS 1.3
...
Summary:
Test Plan:
Reviewers:
Subscribers:
Tasks:
Tags:
Signed-off-by: lhuang04 <lhuang04@fb.com>
2022-01-27 06:00:43 -08:00
XiaokangQian
8499b6ce25
Only free verify_cookie in tls 1.3 case.
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 09:00:11 +00:00
Xiaofei Bai
82f0a9a1db
Rebase and address review comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-01-27 07:53:52 +00:00
XiaokangQian
a909061c2a
Refine HRR parse successfully message in test cases
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 03:48:27 +00:00
XiaokangQian
34909746df
Change cookie free code and some comments
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-27 02:25:04 +00:00
Tautvydas Žilys
60165d7708
Don't inline mbedtls_mpi_safe_cond_assign on MSVC/ARM64 to avoid a compiler bug.
...
Signed-off-by: Tautvydas Žilys <tautvydas.zilys@gmail.com>
2022-01-26 15:44:10 -08:00
XiaokangQian
52da558103
Change code base on comments
...
Align the alert type in parse_server_hello
Remove MBEDTLS_SSL_COOKIE_C guard
Enable cookie for both DTLS and TLS1.3
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
aec1f3e913
Cookie fields are used only by DTLS 1.3
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00
XiaokangQian
b119a35d07
Refine fatal alert in parse_server_hello
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-01-26 10:53:15 +00:00