Jerry Yu
cbd082f396
Add extension check for EncryptedExtensions
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
e18dc7eb9a
Add forbidden extensions check for ClientHello
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Jerry Yu
471dee5a12
Add debug helpers to track extensions
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-31 16:41:42 +08:00
Ronald Cron
04e2133f45
Merge pull request #6482 from ronald-cron-arm/tls13-misc
...
TLS 1.3: Update documentation for the coming release and misc
2022-10-28 11:09:03 +02:00
Gilles Peskine
75c4eaf1f8
Merge pull request #5841 from aurel32/ecp_mul_mxz-timing-leak
...
Fix a timing leak in ecp_mul_mxz()
2022-10-27 19:46:48 +02:00
Gilles Peskine
9603daddaa
Merge pull request #6230 from tom-cosgrove-arm/issue-6223-core-add
...
Bignum: extract core_add from the prototype
2022-10-27 11:25:27 +02:00
Ronald Cron
77e15e8a2c
Merge pull request #6460 from xkqian/tls13_add_early_data_preparatory
...
Internal and Open CI merge job ran successfully. Good to go.
2022-10-27 10:40:56 +02:00
Gilles Peskine
88f5fd9099
Merge pull request #6479 from AndrzejKurek/depends-py-no-psa
...
Enable running depends.py in a configuration without MBEDTLS_USE_PSA_CRYPTO and remove perl dependency scripts
2022-10-26 20:02:57 +02:00
Gilles Peskine
d4d080b41b
Merge pull request #6407 from minosgalanakis/minos/6017_add_montgomery_constant_squared
...
Bignum: Added pre-calculation of Montgomery constants
2022-10-26 14:28:16 +02:00
Ronald Cron
4f7feca0dc
Merge pull request #6391 from davidhorstmann-arm/fix-x509-get-name-cleanup
...
The Open CI ran successfully thus I think we can ignore the internal CI.
2022-10-26 14:27:54 +02:00
Xiaokang Qian
72dbfef6e4
Improve coding styles
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-26 06:33:57 +00:00
Ronald Cron
eac00ad2a6
tls13: server: Note down client not being authenticated in SSL context
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-25 20:02:03 +02:00
Gilles Peskine
744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0
...
Fix unusual macros
2022-10-25 19:55:29 +02:00
Ronald Cron
a709a0f2c6
tls13: Declare PSK ephemeral key exchange mode first
...
In the PSK exchange modes extension declare first
PSK ephemeral if we support both PSK ephemeral
and PSK. This is aligned with our implementation
giving precedence to PSK ephemeral over pure PSK
and improve compatibility with GnuTLS.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-25 19:05:26 +02:00
Tom Cosgrove
6469fdfb0a
Fix whitespace issue spotted in review
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-10-25 16:29:58 +01:00
Tom Cosgrove
82f131063a
Update documentation following review comment
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-10-25 16:29:58 +01:00
Tom Cosgrove
af7d44b4d2
Tidy up, remove MPI_CORE(), apply the naming convention, and use the new mbedtls_mpi_core_add()
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-10-25 16:29:58 +01:00
Hanno Becker
c98871339d
Extract MPI_CORE(add) from the prototype
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-10-25 16:29:58 +01:00
Minos Galanakis
a081c51cd3
Renamed mpi_core_get_mont_R2_unsafe_neg -> mpi_core_get_mont_r2_unsafe_neg
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:38 +01:00
Minos Galanakis
51d638baf6
bignum_core: Style update
...
'mbedtls_mpi_core_get_mont_R2_unsafe' aligns const
keyword to match the style of the rest of the module.
Documentation is also updated to remove
`MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED`.
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:38 +01:00
Minos Galanakis
ae4fb671b4
mbedtls_mpi_core_get_mont_R2_unsafe: Removed NULL input checking
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:38 +01:00
Minos Galanakis
b85506e250
bignum_core.h: Comment update for mbedtls_mpi_core_get_mont_R2_unsafe
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:23 +01:00
Minos Galanakis
4f43f61c6a
Renamed mbedtls_mpi_get_montgomery_constant_unsafe to mpi_core_get_mont_R2_unsafe
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:12:23 +01:00
Hanno Becker
ec440f2397
bignum_mod_raw: Ported mbedtls_mpi_get_montgomery_constant_unsafe from prototype
...
Signed-off-by: Minos Galanakis <minos.galanakis@arm.com>
2022-10-25 15:08:08 +01:00
David Horstmann
3a334c2edc
Minor improvements to ssl_tls12_server.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:53:44 +01:00
David Horstmann
7aee0ec0ba
Minor improvements in ssl_client.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:38:25 +01:00
David Horstmann
6e11687ba5
Minor improvements to ecp.c changes
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:32:08 +01:00
David Horstmann
9b0eb90131
Rename ARIA_SELF_TEST_IF_FAIL
...
Change to ARIA_SELF_TEST_ASSERT
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:23:34 +01:00
David Horstmann
059848ff23
Minor changes to asn1write.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-25 10:16:45 +01:00
Gilles Peskine
e5a715e8c0
Merge pull request #6449 from gilles-peskine-arm/bignum-core-shift_r
...
Bignum core: shift_r
2022-10-25 10:40:39 +02:00
Xiaokang Qian
72de95dcf5
Move function mbedtls_ssl_tls13_conf_early_data to ssl_tls.c
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 05:34:25 +00:00
Xiaokang Qian
600804b0e7
Remove useless early data related macros for the time being
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 03:00:18 +00:00
Xiaokang Qian
54413b10c2
Add early data support preparatory work
...
Add MBEDTLS_SSL_EARLY_DATA configuration option
Define early_data_enabled field in mbedtls_ssl_config
Add function mbedtls_ssl_conf_early_data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-25 03:00:18 +00:00
Andrzej Kurek
409248a73a
mbedtls_ssl_get_handshake_transcript is unusable without hashes
...
Mark unused variables when compiling without
SHA256 and SHA384. In future a proper dependency
will be added to TLS 1.2 to enforce either of these hashes
to be on.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:56:10 -04:00
Andrzej Kurek
57d1063db9
Fix tls_prf generic dependencies
...
One version was already surrounded by the USE_PSA define,
so the VIA_XX_OR_XX macros were removed;
Second version is when USE_PSA is undefined, so MBEDTLS_
macros can be used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:56:10 -04:00
Andrzej Kurek
468c50656e
Fix key exchange dependencies for ssl_parse_server_ecdh_params
...
Resulting from particular configs in which this code is used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-24 15:55:18 -04:00
Ronald Cron
083da8eb53
tls13: client: Improve coding style
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
a2900bcd1e
tls13: keys: Simplify code guard
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
766c0cdb1f
tls13: Add missing kex guards
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
82be0d4b4d
tls13: Do not use MBEDTLS_KEY_EXCHANGE_SOME_ECDHE_ENABLED
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
de08cf3543
tls13: Do not use MBEDTLS_KEY_EXCHANGE_ECDHE_ECDSA_ENABLED
...
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
73fe8df922
Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
...
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e
Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
...
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
41a443a68d
tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK.*ENABLED
...
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED to guard
code specific to one of the TLS 1.3 key exchange mode with
PSK.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
928cbd34e7
tls13: Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
...
Use MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED
instead of MBEDTLS_KEY_EXCHANGE_WITH_CERT_ENABLED to guard
code specific to the TLS 1.3 ephemeral key exchange mode.
Use it also for the dependencies of TLS 1.3 only tests
relying on ephemeral key exchange mode, but for
tests in tls13-kex-modes.sh where the change is done
later using all
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_.*ENABLED macros.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Gilles Peskine
abc6fbb8d7
Fix brief description
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-10-21 18:36:31 +02:00
Ronald Cron
d29e13eb1b
tls: Use the same function in TLS 1.2 and 1.3 to check PSK conf
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
2a87e9bf83
tls: Align set and usage check for PSK
...
Check that the identity length is not
zero in ssl_conf_set_psk_identity()
as it is done in
mbedtls_ssl_conf_has_static_psk().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
fa1e04a7c4
tls13: keys: Fix PSK build only case
...
When deriving the handshake stage master
secret, in the case of a PSK only build,
the only possible key exchange mode is PSK
and there is no ephemeral key exchange
shared secret in that case. Thus do not
error out in that case in the first
phae of the derivation dedicated to the
shared secret.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00
Ronald Cron
9a6a49c7cb
tls13: keys: Fail if the group type is not ECDHE or DHE
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:34:20 +02:00