Jerry Yu
f017ee4203
merge write sig_alg of tls12 and tls13
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
# Conflicts:
# library/ssl_misc.h
2022-01-25 12:46:17 +08:00
Jerry Yu
1abd1bc22f
Change write_sig_alg_ext of tls12
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Jerry Yu
0e5bcb6bf5
Replace directly access for sig_hashes
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:16 +08:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite
...
Add accessors for ciphersuite info
2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard
d2da19b8eb
Merge pull request #5380 from AndrzejKurek/key-id-encodes-owner-psa-fixes
...
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
2022-01-18 09:16:25 +01:00
Ronald Cron
188ed19456
Merge pull request #5351 from yuhaoth/pr/remove-duplicate-supported_group_ext
...
Remove duplicate function for writing supported_groups extension
2022-01-17 09:13:14 +01:00
Glenn Strauss
8f52690956
Add accessors for ciphersuite info
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-13 00:05:48 -05:00
Jerry Yu
b925f21806
fix comment issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-12 11:17:02 +08:00
Jerry Yu
1510cea0f3
fix coding style issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-12 10:56:49 +08:00
Jerry Yu
3ad14ac9e9
Add named group IANA value check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-11 17:13:16 +08:00
Jerry Yu
f46b016058
skip some extensions if ephemeral not enabled
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-11 16:28:00 +08:00
Jerry Yu
63282b4321
Refactor write supported group
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-11 15:43:53 +08:00
Jerry Yu
7f029d8a94
fix coding style issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-11 11:08:53 +08:00
Andrzej Kurek
03e01461ad
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
...
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 12:53:24 +01:00
Jerry Yu
1ea9d10687
fix test_ref_configs build fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-21 14:52:38 +08:00
Glenn Strauss
cee11296aa
Reset dhm_P and dhm_G if config call repeated
...
Reset dhm_P and dhm_G if call to mbedtls_ssl_config_defaults() repeated
to avoid leaking memory.
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2021-12-20 20:24:56 -05:00
Jerry Yu
1753261083
change write_supported_groups_ext prototype
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-20 22:32:09 +08:00
Jerry Yu
ba07342cd6
Add generic write_supported-groups_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-12-20 22:22:15 +08:00
Gilles Peskine
a4174312da
Initialize hash_len before using it
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 14:38:40 +01:00
Gilles Peskine
f0fd4c3aee
mbedtls_ssl_parse_finished: zeroize expected finished value on error
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-13 12:36:15 +01:00
Dave Rodgman
050ad4bb50
Merge pull request #5313 from gilles-peskine-arm/missing-ret-check-mbedtls_md_hmac
...
Check HMAC return values
2021-12-13 10:51:27 +00:00
Gilles Peskine
ecf6bebb9c
Catch failures of md_hmac operations
...
Declare mbedtls_md functions as MBEDTLS_CHECK_RETURN_TYPICAL, meaning that
their return values should be checked.
Do check the return values in our code. We were already doing that
everywhere for hash calculations, but not for HMAC calculations.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-12-11 15:00:57 +01:00
Ronald Cron
db6adc5aad
ssl: Fix some compilation guards for TLS 1.3 signature algorithms
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 14:25:35 +01:00
Ronald Cron
6f135e1148
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
...
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Manuel Pégourié-Gonnard
b873577fc3
Merge pull request #5240 from duckpowermb/development
...
[session] fix a session copy bug
2021-12-09 09:23:23 +01:00
Gilles Peskine
392113434a
Merge pull request #5263 from ronald-cron-arm/psa-test-driver_3.x
...
Forward port to 3.x: Introduce PSA test driver library to test PSA configuration
2021-12-07 12:52:20 +01:00
Ronald Cron
69a63426af
psa: Fix the size of hash buffers
...
Fix the size of hash buffers for PSA hash
operations.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-03 18:55:33 +01:00
吴敬辉
0b71611c80
[session] fix a session copy bug
...
fix a possible double reference on 'ticket'
when peer_cert/peer_cert_digest calloc failed.
Signed-off-by: 吴敬辉 <11137405@vivo.com>
2021-11-29 10:50:04 +08:00
Xiaofei Bai
6dc90da740
Rebased on 74217ee
and add fixes
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:12:43 +00:00
Xiaofei Bai
9539501120
Rebase and add fixes
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:09:26 +00:00
Xiaofei Bai
746f9481ea
Fix 1_3/13 usages in macros and function names
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
XiaokangQian
a83014db4a
TLS1.3: Add signature scheme pkcs1 v1.5
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-25 02:21:16 +00:00
Gilles Peskine
e2d707fea5
Merge pull request #4866 from gabor-mezei-arm/3649_move_constant_time_functions_into_separate_module
...
Move constant-time functions into a separate module
2021-11-24 19:33:00 +01:00
Gabor Mezei
be7b21da22
Merge branch 'development' into 3649_move_constant_time_functions_into_separate_module
2021-11-24 10:44:13 +01:00
XiaokangQian
4b82ca1b70
Refine test code and test scripts
...
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:12 +00:00
XiaokangQian
82d34ccf47
Add signature scheme rsa pss
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:12 +00:00
Ronald Cron
bb41a88f2e
Merge pull request #5120 from yuhaoth/pr/fix-memory-leak-and-version-header
...
TLS1.3 :fix memory leak and version header
2021-11-12 13:49:26 +01:00
Jerry Yu
a1a568c2f6
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-11-09 10:17:21 +08:00
Jerry Yu
ba9c727e94
fix memory leak issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-30 20:23:45 +08:00
Brett Warren
e0edc8407b
Add mbedtls_ssl_conf_groups to API
...
mbedtls_ssl_conf_groups allows supported groups for key
sharing to be configured via their IANA NamedGroup ID.
This is added in anticipation of PQC and Hybrid key
sharing algorithms being integrated into Mbed TLS.
mbedtls_ssl_conf_curves is deprecated in favor of
mbedtls_ssl_conf_groups. handshake_init has been
modified to translate and copy curves configured
via conf_curves into a heap allocatied array of
NamedGroup IDs. This allows the refactoring of code
interacting with conf_curve related variables (such
as curve_list) to use NamedGroup IDs while retaining
the deprecated API.
Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-29 11:27:00 +01:00
Gabor Mezei
90437e3762
Rename constant-time functions to have mbedtls_ct prefix
...
Rename functions to better suite with the module name.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-20 11:59:27 +02:00
Gilles Peskine
9202ba37b1
Merge pull request #4960 from mpg/cleanup-tls-cipher-psa-3.x
...
Clean up some remnants of TLS pre-1.2 support
2021-10-19 21:59:15 +02:00
Gabor Mezei
765862c4f3
Move mbedtls_cf_memcmp to a new public header
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2021-10-19 12:22:25 +02:00
Gilles Peskine
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys
...
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
2021-10-18 17:53:56 +02:00
Ronald Cron
e23bba04ee
Merge pull request #4927 from yuhaoth/pr/add-tls13-serverhello-utils
...
TLS 1.3: ServerHello: add utils functions used by ServerHello
Regarding the merge job, there was only one of the failure we currently encounter on almost all PR (Session resume using tickets, DTLS: openssl client test case see #5012 ) thus we can consider that this PR passed CI.
2021-10-11 11:01:11 +02:00
Jerry Yu
fd320e9a6e
Replace zeroize with memset
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 21:52:41 +08:00
Jerry Yu
ae0b2e2a2f
Rename counter_len
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 15:40:14 +08:00
Jerry Yu
c1ddeef53a
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-10-08 15:40:14 +08:00
Andrzej Kurek
a72fe641cc
Do not zeroize the ssl context if a key exporting function is set
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 17:08:31 -04:00
Andrzej Kurek
324f72ec9c
Fix a bug where the ssl context is used after it's nullified
...
When not using DEBUG_C, but using the DTLS CID feature -
a null pointer was accessed in ssl_tls.c.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 10:15:52 -04:00