Ronald Cron
799077177b
TLS 1.3: Use selected key exchange mode field
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-07-20 17:49:58 +02:00
Ronald Cron
7f9ccfeccc
TLS 1.3: Remove unnecessary key exchange mode check
...
If there is a PSK involved in the key exchange
and thus no certificate we do not go through the
MBEDTLS_SSL_CERTIFICATE_REQUEST state thus there
is no reason to check that in the coordination
function of that state.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-07-20 17:47:23 +02:00
Jerry Yu
3afdf36de7
Add hash length check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 18:12:08 +08:00
Jerry Yu
0a430c8aaf
Rename resumption_key and the hardcode len
...
`resumption_key` is better name.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
08aed4def9
fix comments and time_t type issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
a0446a0344
Add check_return flag
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
4e6c42a533
fix various issues
...
- wrong typo
- unnecessary comments/debug code
- wrong location
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
cb3b1396f3
move resume psk ticket computation to end
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
af2c0c8dd6
fix various comment/format issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
a357cf4d4c
Rename new_session_ticket state
...
Both client and server side use
`MBEDTLS_SSL_NEW_SESSION_TICKET` now
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
f8a4994ec7
Add tls13 new session ticket parser
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Ronald Cron
ce7d76e2ee
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
Ronald Cron
81a334fc02
tls13: Fix buffer overread checks in ssl_tls13_parse_alpn_ext()
...
Some coding style alignement as well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
fb508b8f21
tls13: Move state changes up to state main handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:21:13 +02:00
Ronald Cron
5afb904022
tls13: Move out of place handshake field reset
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
828aff6ead
tls13: Rename server_hello_coordinate to preprocess_server_hello
...
Rename server_hello_coordinate to preprocess_server_hello
as it is more aligned with what the function does.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
db5dfa1f1c
tls13: Move ServerHello fetch to the ServerHello top handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
9d6a545714
tls13: Re-organize EncryptedExtensions message parsing code
...
Align the organization of the EncryptedExtensions
message parsing code with the organization of the
other message parsing codes.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
c80835943c
tls13: Fix pointer calculation before space check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
2827106199
tls13: Add missing buffer overread check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-28 09:18:42 +02:00
Ronald Cron
1938588e80
tls13: Align some debug messages with TLS 1.2 ones
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Manuel Pégourié-Gonnard
a3115dc0e6
Mark static int SSL functions CHECK_RETURN_CRITICAL
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-20 21:12:52 +02:00
XiaokangQian
23c5be6b94
Enable SNI test for both tls12 and tls13
...
Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-07 09:43:13 +00:00
Jerry Yu
e3d67cb263
Improve readability
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-19 15:33:10 +08:00
Jerry Yu
e8c1fca67c
move trafic set to generic
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-18 16:57:45 +08:00
Gabor Mezei
696956da24
Typo
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-13 17:02:19 +02:00
Gabor Mezei
078e803d2c
Unify parsing of the signature algorithms extension
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-05-11 14:29:08 +02:00
Jerry Yu
93a13f2c38
Share magic word of HRR
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-09 15:48:59 +08:00
Jerry Yu
f86eb75c58
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-06 11:16:55 +08:00
Jerry Yu
e110d258d9
Add set outbound transform
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-05 19:59:59 +08:00
Jerry Yu
89e103c54c
tls13: Share write ecdh_key_exchange function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-04-22 16:45:01 +08:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
...
Add client hello into server side
2022-04-22 10:26:00 +02:00
XiaokangQian
0803755347
Update code base on review comments
...
Refine named_group parsing
Refine cipher_suites parsing
Remove hrr related part
Share code between client and server side
Some code style changes
Change-Id: Ia9ffd5ef9c0b64325f633241e0ea1669049fe33a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:50:14 +00:00
XiaokangQian
9b5d04b078
Share parse_key_share() between client and server
...
Change-Id: I3fd2604296dc0e1e8380f5405429a6b0feb6e981
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 07:43:48 +00:00
Ronald Cron
fd8cbda3ec
Remove ECDH code specific to TLS 1.3
...
ECDH operations in TLS 1.3 are now done through PSA.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Ronald Cron
fd6193c285
ssl_tls13_client: Add downgrade attack protection
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-04-19 18:31:24 +02:00
Glenn Strauss
cd78df6aa4
handshake->min_minor_ver to ->min_tls_version
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
e3af4cb72a
mbedtls_ssl_(read|write)_version using tls_version
...
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f
mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
...
Store the TLS version in tls_version instead of major, minor version num
Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.
Reduce size of mbedtls_ssl_ciphersuite_t
members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Manuel Pégourié-Gonnard
1b05aff3ad
Merge pull request #5624 from superna9999/5312-tls-server-ecdh
...
TLS ECDH 3b: server-side static ECDH (1.2)
2022-04-07 11:46:25 +02:00
Przemek Stekiel
a9f9335ee9
ssl_tls13_generate_and_write_ecdh_key_exchange(): remove redundant check
...
This check can be removed as if the buffer is too small for the key, then export will fail.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-04 17:32:30 +02:00
Neil Armstrong
91477a7964
Switch handshake->ecdh_bits to size_t and remove now useless cast & limit checks
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-03-31 15:24:18 +02:00
Ronald Cron
6476726ce4
Fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 14:13:57 +02:00
Ronald Cron
ba120bb228
ssl_tls13_client.c: Fix ciphersuite final validation
...
As we may offer ciphersuites not compatible with
TLS 1.3 in the ClientHello check that the selected
one is compatible with TLS 1.3.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
Ronald Cron
9847338429
ssl_tls13_client.c: Add check in supported_versions parsing
...
Add check in ServerHello supported_versions parsing
that the length of the extension data is exactly
two.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:33:41 +02:00
Ronald Cron
a77fc2756e
ssl_tls13_client.c: versions ext writing : Fix available space check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:27:35 +02:00
Ronald Cron
da41b38c42
Improve and fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 14:10:03 +02:00
Ronald Cron
dbe87f08ec
Propose TLS 1.3 and TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
9f0fba374c
Add logic to switch to TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
Ronald Cron
27c85e743f
ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00