Dave Rodgman
f3c04f3f47
Better definition of MBEDTLS_IS_BIG_ENDIAN for IAR
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-14 12:08:57 +00:00
Manuel Pégourié-Gonnard
001fb73131
Merge pull request #8612 from valeriosetti/issue8601
...
Quit using enrollment in pkparse
2023-12-13 14:55:34 +00:00
Manuel Pégourié-Gonnard
ea6b3c030d
Merge pull request #8605 from valeriosetti/issue8600
...
Quit using enrollment alg in for ECDSA in PK
2023-12-12 16:53:15 +00:00
Ronald Cron
90d07118ad
Merge pull request #6721 from yuhaoth/pr/tls13-early-data-extension-of-nst
...
TLS 1.3: EarlyData SRV: Write `early_data` extension of NewSessionTicket
2023-12-07 09:25:35 +00:00
Gilles Peskine
f3ccfddb45
Merge pull request #8615 from davidhorstmann-arm/fix-cast-potential-overflow
...
Fix possible integer overflows
2023-12-07 00:42:10 +00:00
Gilles Peskine
57e401b39f
Merge pull request #8521 from valeriosetti/issue8441
...
[G4] Make CTR-DRBG fall back on PSA when AES not built in
2023-12-06 18:25:44 +00:00
David Horstmann
4749007f64
Fix possible integer overflows before widening
...
When calculating a result to go into an mbedtls_ms_time_t, make sure
that arithmetic is performed at the final size to prevent overflow.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-06 17:22:53 +00:00
Valerio Setti
202bb71dcd
ssl_tls12_server: do not export/import opaque keys
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 17:05:24 +01:00
Manuel Pégourié-Gonnard
ad4f0ada37
Merge pull request #8514 from mschulz-at-hilscher/fixes/uninitialized-variable-in-ssl_msg
...
Fix uninitialized variable warnings in ssl_msg.c
2023-12-06 11:06:03 +00:00
Jerry Yu
95648b0134
Some minor improvement
...
- move early data check to `prepare`
- avoid `((void) output_len)
- replace check with `session_ticket_allow` in 2nd place
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:16 +08:00
Jerry Yu
c59c586ac4
change prototype of write_early_data_ext
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:15 +08:00
Jerry Yu
163e12f7ff
remove assignment for session->max_early_data_size
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:21:09 +08:00
Jerry Yu
ebe1de62f9
fix various issue
...
- rename connection time variable
- remove unnecessary comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:25 +08:00
Jerry Yu
9e7f9bc253
Add missing debug message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:22 +08:00
Jerry Yu
db97163ac7
add ticket max_early_data_size check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:20:13 +08:00
Jerry Yu
5233539d9f
share write_early_data_ext function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:50 +08:00
Jerry Yu
0069abc141
improve comments of new session ticket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:46 +08:00
Jerry Yu
1a160703f8
set max_early_data_size of ticket to keep consistent
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:43 +08:00
Jerry Yu
f135bac89c
Add max_early_data_size check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:39 +08:00
Jerry Yu
930ce4cfac
Revert "change max_early_data_size source"
...
This reverts commit 3d8d6a770f3a0f3045820970bc4a5d6ee7df8e10.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:36 +08:00
Jerry Yu
2f5d93b1c9
Revert "set init value for max_early_data_size in session"
...
This reverts commit 8b02d75ed1af883e135979d24e38c0847e66fede.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:33 +08:00
Jerry Yu
d450fd25ae
change max_early_data_size source
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:31 +08:00
Jerry Yu
525990fb62
set init value for max_early_data_size in session
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:18:28 +08:00
Jerry Yu
db6fda71e5
improve early data comments
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:51 +08:00
Jerry Yu
10795a0c3b
replace ticket permission set
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:48 +08:00
Jerry Yu
c2b1bc4fb6
replace early data permission check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:46 +08:00
Jerry Yu
4da7c22cd6
add early data flag check function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:44 +08:00
Jerry Yu
ea96ac3da9
fix various issues
...
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:37 +08:00
Jerry Yu
3db60dfe5e
rename nst early data write function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:16:56 +08:00
Jerry Yu
fceddb310e
Add early data permission check
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:54 +08:00
Jerry Yu
01da35e2c8
add early data extension of NST
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:52 +08:00
Valerio Setti
bced8bc8d7
ssl_tls12_server: export/import PK parsed key in TLS side
...
Instead of setting both algorithm and enrollement algorithm in the
PK module when parsing the key:
- for Weierstrass keys we only set ECDSA algorithm,
- for Montgomery keys we don't set any algorithm.
Reasons:
- PK module can only do ECDSA and not ECDH
- ECDH is only used in TLS
- Montgomery keys cannot be used to do ECDSA, while Weierstrass ones
can do both ECDSA and ECDH.
So the idea is that once TLS needs the key to do ECDH (either Weierstrass
and Montgomery), it exports the one parsed from the PK module and then
re-imports it setting proper algorithm and flags. In this way the TLS
module will own the new key so it will be its duty to clear it on
exit.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 10:40:47 +01:00
Valerio Setti
fbbafa0d2d
pkparse: do not set key algorithm for Montgomery keys in pk_ecc_set_key()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-06 10:07:34 +01:00
Ronald Cron
40f3f1c36f
Merge pull request #7058 from yuhaoth/pr/tls13-early-data-parsing-0-rtt-data
...
TLS 1.3 EarlyData SRV: Parsing 0-RTT data
2023-12-06 06:47:32 +00:00
Jerry Yu
42020fb186
revert output message which used by testing
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-05 17:35:53 +08:00
Ronald Cron
a1e867c676
Merge pull request #8576 from yanrayw/issue/fix-tls13-session_negotiate-assignment
...
TLS13: CLI: EarlyData: Assign ciphersuite after associated verification in EE
2023-12-05 08:31:24 +00:00
Valerio Setti
4ac2c18834
pk_wrap: try both ECDSA signature schemes in ecdsa_sign_psa()
...
Instead of extracting key's properties in order to check whether it
supports deterministic or non-deterministic ECDSA, we try both.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-05 07:59:01 +01:00
Jerry Yu
ebb1b1d48f
fix ci test failure
...
"skip parse certificate verify" can not be changed.
It is used in `Authentication: client badcert, server none`
test.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-05 11:02:15 +08:00
Jerry Yu
b55f9eb5c5
fix various issues
...
- remove unnecessary statements
- improve macro name
- improve output message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-05 10:27:17 +08:00
Valerio Setti
83e0de8481
crypto_extra: revert changes to mbedtls_psa_random_free()
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:42 +01:00
Valerio Setti
402cfba4dc
psa: free RNG implementation before checking for remaining open key slots
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Valerio Setti
5f4b28defc
ctr_drbg: add alternative PSA implementation when AES_C is not defined
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-12-04 11:04:41 +01:00
Dave Rodgman
9afc0200c7
Merge pull request #8563 from Oldes/issues-8562
...
Fixed compilation for Haiku OS
2023-12-04 09:53:08 +00:00
Jerry Yu
7bb40a3650
send unexpected alert when not received eoed or app during reading early data
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-04 10:04:15 +08:00
Jerry Yu
fbf039932a
Send decode error alert when EOED parsing fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-04 10:00:37 +08:00
Jerry Yu
3be850782c
fix various issues
...
- improve comments
- rename function and macros name
- remove unnecessary comments
- remove extra empty lines
- remove unnecessary condition
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-04 09:58:54 +08:00
Yanray Wang
744577a429
tls13: early_data: cli: check a PSK has been selected in EE
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 23:03:37 +08:00
Dave Rodgman
f1be1f6740
Remove unused code
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-12-01 13:53:45 +00:00
Oldes Huhuman
304fa091cf
Shortening a comment line
...
Related to: https://github.com/Mbed-TLS/mbedtls/issues/8562
Signed-off-by: Oldes Huhuman <oldes.huhuman@gmail.com>
2023-12-01 12:23:26 +01:00
Yanray Wang
9ae6534c20
tls13: early_data: cli: improve comment
...
This commit improves comment of why we assign the identifier of the
ciphersuite in handshake to `ssl->session_negotiate`.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-12-01 17:46:08 +08:00