mbedtls

Author	SHA1	Message	Date
Ronald Cron	fbd9f99f10	ssl_tls.c: Move some client specific functions to ssl_client.c Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	7320e6436b	ssl_tls12_client.c: Switch to generic Client Hello state handler Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	27c85e743f	ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	5f4e91253f	ssl_client.c: Add DTLS ClientHello message sending specifics Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	4079abc7d1	ssl_client.c: Adapt extensions writing to the TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	11e1857f5e	ssl_client.c: Fix key share code guards In TLS 1.3 key sharing is not restricted to key exchange with certificate authentication. It happens in the PSK and ephemeral key exchange mode as well where there is no certificate authentication. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:58:31 +02:00
Ronald Cron	df823bf39b	ssl_client.c: Re-order partially extension writing Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:57:54 +02:00
Ronald Cron	42c1cbf1de	ssl_client.c: Adapt compression methods comment to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 18:56:58 +02:00
Paul Elliott	571f1187b6	Merge pull request #5642 from mprse/ecp_export Add ECP keypair export function	2022-03-29 17:19:04 +01:00
Artur Allmann	3f396152b7	Fix typo "phtreads" to "pthreads" Closes issue #5349 Signed-off-by: Artur Allmann <Artur.Allmann@tptlive.ee>	2022-03-29 17:43:56 +02:00
Ronald Cron	d491c2d779	ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Ronald Cron	a874aa818a	ssl_client.c: Add DTLS 1.2 cookie support Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Ronald Cron	021b1785ef	ssl_client.c: Adapt session id generation to the TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:57 +02:00
Ronald Cron	58b803818d	ssl_client.c: Adapt TLS random generation and writing to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:17:50 +02:00
Gabor Mezei	cb5ef6a532	Remove duplicated includes Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:10:01 +02:00
Gabor Mezei	55c49a3335	Use proper macro guard Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:09:15 +02:00
Gabor Mezei	29e7ca89d5	Fix typo Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:08:49 +02:00
Gabor Mezei	c09437526c	Remove commented out code Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-03-29 17:08:15 +02:00
Ronald Cron	1614eb668c	ssl_client.c: Adapt TLS version writing to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	86a477f5ee	ssl_client.c: Adapt initial version selection to TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	5456a7f89c	ssl_client.c: Expand ssl_write_client_hello_body doc with TLS 1.2 case Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	71c2332860	ssl_client.c: Rename TLS 1.3 ClientHello writing functions Rename TLS 1.3 ClientHello writing functions aiming to support TLS 1.2 as well. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Ronald Cron	3d580bf4bd	Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 17:00:29 +02:00
Dave Rodgman	1c41501949	Merge pull request #5632 from tom-cosgrove-arm/seclib-667-sha512-acceleration-mbedtls-internal SECLIB-667: Accelerate SHA-512 with A64 crypto extensions	2022-03-29 15:34:12 +01:00
Ronald Cron	8f6d39a81d	Make some handshake TLS 1.3 utility routines available for TLS 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	7ffe7ebe38	ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will be necessary when the ClientHello writing code is made available when MBEDTLS_SSL_PROTO_TLS1_2 is enabled. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	04fbd2b2ff	ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	12dcdf0d6e	ssl_tls12_client.c: Move writing of TLS 1.2 specific extensions Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	4e263fd49c	ssl_tls12_client.c: Simplify TLS version in encrypted PMS This can only be TLS 1.2 now in this structure and when adding support for TLS 1.2 or 1.3 version negotiation the highest configured version can be TLS 1.3. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	90f012037d	ssl_tls12_server.c: Simplify TLS version check in ClientHello The TLS server code only support TLS 1.2 thus simplify the check of the version proposed by the client. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	086ee0be0e	ssl_tls.c: Reject TLS 1.3 version configuration for server Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	8457c12127	ssl_tls12_server.c: Remove some unnecessary checks on TLS minor version Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	b894ac7f99	ssl_tls12_server.c: Remove some dead code for versions of TLS < 1.2 Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	90915f2a21	ssl_tls12_client.c: Remove some unnecessary checks on TLS minor version ssl_tls12_client.c contains only TLS 1.2 specific code thus remove some checks on the minor version version being MBEDTLS_SSL_MINOR_VERSION_3. No aim for completeness, ssl_parse_server_hello() is not reworked here for example. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	a25cf58681	ssl_tls.c: Remove one unnecessary minor version check Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	c2f13a0568	ssl_tls.c: Modify mbedtls_ssl_set_calc_verify_md() Modify mbedtls_ssl_set_calc_verify_md() taking into account that it is an TLS 1.2 only function. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	4dcbca952e	ssl_tls.c: Move mbedtls_ssl_set_calc_verify_md() to TLS 1.2 section In ssl_tls.c, move mbedtls_ssl_set_calc_verify_md() under the "if defined(MBEDTLS_SSL_PROTO_TLS1_2)" pre-processor directive as it is specific to TLS 1.2. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	81591aa0f3	ssl_tls.c: Remove ssl_set_handshake_prfs unnecessary minor_ver param ssl_set_handshake_prfs() is TLS 1.2 specific and only called from TLS 1.2 only code thus no need to pass the TLS minor version of the currebt session. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	f12b81d387	ssl_tls.c: Fix PSA ECDH private key destruction In TLS 1.3, a PSA ECDH private key may be created even if MBEDTLS_SSL_USA_PSA_CRYPTO is disabled. We must destroy this key if still referenced by an handshake context when we free such context. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	5b98ac9c64	TLS 1.3: Move PSA ECDH private key destroy to dedicated function Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	8540cf66ac	ssl_tls.c: Propose PKCS1 v1.5 signatures with SHA_384/512 In case of TLS 1.3 and hybrid TLS 1.2/1.3, propose PKCS1 v1.5 signatures with SHA_384/512 not only SHA_256. There is no point in not proposing them if they are available. In TLS 1.3 those could be useful for certificate signature verification. In hybrid TLS 1.2/1.3 this allows to propose for TLS 1.2 the same set of signature algorithms. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:42:17 +02:00
Ronald Cron	60ff79424e	ssl_tls13_client.c: alpn: Miscellanous minor improvements Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	13d8ea1dd9	ssl_tls13_client.c: alpn: Loop only once over protocol names This has although the benefit of getting rid of a potential integer overflow (though very unlikely and probably harmless). Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	a0855a6d13	ssl_tls13_client.c: alpn: Add missing return value assignment Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	de1adee51a	Rename ssl_cli/srv.c Rename ssl_cli.c and ssl_srv.c to reflect the fact that they are TLS 1.2 specific now. Align there new names with the TLS 1.3 ones. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-03-29 14:39:49 +02:00
Ronald Cron	63d97ad0bb	Merge pull request #5559 from yuhaoth/pr/add-rsae-sha384-sha512 Add rsae sha384 sha512	2022-03-29 14:01:51 +02:00
Jerry Yu	d73d0a327a	remove unnecessary condition Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-29 16:37:51 +08:00
Manuel Pégourié-Gonnard	39f2f73e69	Merge pull request #5630 from ronald-cron-arm/restore-full-compat-testing Restore full TLS compatibility testing	2022-03-28 18:31:17 +02:00
Ronald Cron	e44d8e7eea	Merge pull request #5369 from xkqian/add_2nd_client_hello Add 2nd client hello	2022-03-28 12:18:41 +02:00
XiaokangQian	5c252620c5	Move MAC-ALL to self._ciphs in ssl-opt.sh Change-Id: I60d29560f8937a0001ab4a30086bac255fc4b1eb Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-03-28 08:53:45 +00:00

... 4 5 6 7 8 ...

19539 Commits