82c785fac3
Make handshake::min_minor_ver client only
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 15:44:41 +02:00
6476726ce4
Fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 14:13:57 +02:00
ba120bb228
ssl_tls13_client.c: Fix ciphersuite final validation
...
As we may offer ciphersuites not compatible with
TLS 1.3 in the ClientHello check that the selected
one is compatible with TLS 1.3.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
8fdad9e534
ssl_tls12_client.c: Remove duplicate of ciphersuite validation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
757a2abfe2
ssl_client.c: Extend and export ciphersuite validation function
...
Extend and export ciphersuite validation function
to be able to use it in TLS 1.2/3 specific code.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
f735cf1f0f
ssl_tls.c: Fix ciphersuite selection regarding protocol version
...
Use the actual minimum and maximum of the minor
version to be negotiated to filter ciphersuites
to propose rather than the ones from the
configuration.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:35:33 +02:00
9847338429
ssl_tls13_client.c: Add check in supported_versions parsing
...
Add check in ServerHello supported_versions parsing
that the length of the extension data is exactly
two.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:33:41 +02:00
1fa4f6863b
ssl_tls.c: Return in error if default config fails
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:27:35 +02:00
a77fc2756e
ssl_tls13_client.c: versions ext writing : Fix available space check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:27:35 +02:00
37bdaab64f
tls: Simplify the logic of the config version check and test it
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-31 09:26:58 +02:00
3cffc5ccb1
tls: Remove unnecessary checks of MBEDTLS_CIPHERSUITE_NODTLS
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:59:44 +02:00
150d579d7a
ssl_client.c: Improve coding style
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 21:58:50 +02:00
da41b38c42
Improve and fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-30 14:10:03 +02:00
8ecd9937a9
ssl_client.c: Fix state change for DTLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
3cec8e8864
tests: Init PSA crypto if TLS 1.3 is enabled
...
Initialize PSA crypto in tests if TLS 1.3 is
enabled as done when MBEDTLS_USE_PSA_CRYPTO
is enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
a1b8f6e914
ssl-opt.sh: Do not force TLS 1.3 on client
...
For TLS 1.3 tests, do not force TLS 1.3
version on client to play the negotiation
game whenever possible.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
f3b425bbde
ssl-opt.sh: Force TLS 1.2 on server
...
To maximize the number of tests where MbedTLS
client proposes both TLS 1.2 and TLS 1.3 to
the server, force the TLS 1.2 version on the
server side rather than on the client side
in TLS 1.2 specific tests.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
f660655b84
TLS: Allow hybrid TLS 1.2/1.3 in default configurations
...
This implies that when both TLS 1.2 and TLS 1.3
are included in the build all the TLS 1.2 tests
using the default configuration now go through
a version negotiation on the client side.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
e71639d39b
Simplify TLS major version default value setting
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
dbe87f08ec
Propose TLS 1.3 and TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
9f0fba374c
Add logic to switch to TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
e1d3f06399
Allow hybrid TLS 1.3 + TLS 1.2 configuration
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
fbd9f99f10
ssl_tls.c: Move some client specific functions to ssl_client.c
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
7320e6436b
ssl_tls12_client.c: Switch to generic Client Hello state handler
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
27c85e743f
ssl_tls.c: Unify TLS 1.2 and TLS 1.3 SSL state logs
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
5f4e91253f
ssl_client.c: Add DTLS ClientHello message sending specifics
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
4079abc7d1
ssl_client.c: Adapt extensions writing to the TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
11e1857f5e
ssl_client.c: Fix key share code guards
...
In TLS 1.3 key sharing is not restricted to key
exchange with certificate authentication. It
happens in the PSK and ephemeral key exchange
mode as well where there is no certificate
authentication.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:58:31 +02:00
df823bf39b
ssl_client.c: Re-order partially extension writing
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:57:54 +02:00
42c1cbf1de
ssl_client.c: Adapt compression methods comment to TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 18:56:58 +02:00
d491c2d779
ssl_client.c: Adapt ciphersuite writing to TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:57 +02:00
a874aa818a
ssl_client.c: Add DTLS 1.2 cookie support
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:57 +02:00
021b1785ef
ssl_client.c: Adapt session id generation to the TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:57 +02:00
58b803818d
ssl_client.c: Adapt TLS random generation and writing to TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:17:50 +02:00
1614eb668c
ssl_client.c: Adapt TLS version writing to TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
86a477f5ee
ssl_client.c: Adapt initial version selection to TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
5456a7f89c
ssl_client.c: Expand ssl_write_client_hello_body doc with TLS 1.2 case
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
71c2332860
ssl_client.c: Rename TLS 1.3 ClientHello writing functions
...
Rename TLS 1.3 ClientHello writing functions
aiming to support TLS 1.2 as well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
3d580bf4bd
Move TLS 1.3 client hello writing to new TLS 1.2 and 1.3 client file
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 17:00:29 +02:00
8f6d39a81d
Make some handshake TLS 1.3 utility routines available for TLS 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
7ffe7ebe38
ssl_tls13_client.c: Add some MBEDTLS_SSL_PROTO_TLS1_3 guards
...
Add some MBEDTLS_SSL_PROTO_TLS1_3 guards that will
be necessary when the ClientHello writing code is
made available when MBEDTLS_SSL_PROTO_TLS1_2 is
enabled.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
04fbd2b2ff
ssl_tls13_client.c: Move writing of TLS 1.3 specific extensions
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
12dcdf0d6e
ssl_tls12_client.c: Move writing of TLS 1.2 specific extensions
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
4e263fd49c
ssl_tls12_client.c: Simplify TLS version in encrypted PMS
...
This can only be TLS 1.2 now in this structure and when
adding support for TLS 1.2 or 1.3 version negotiation
the highest configured version can be TLS 1.3.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
90f012037d
ssl_tls12_server.c: Simplify TLS version check in ClientHello
...
The TLS server code only support TLS 1.2 thus simplify
the check of the version proposed by the client.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
086ee0be0e
ssl_tls.c: Reject TLS 1.3 version configuration for server
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
8457c12127
ssl_tls12_server.c: Remove some unnecessary checks on TLS minor version
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
b894ac7f99
ssl_tls12_server.c: Remove some dead code for versions of TLS < 1.2
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
90915f2a21
ssl_tls12_client.c: Remove some unnecessary checks on TLS minor version
...
ssl_tls12_client.c contains only TLS 1.2 specific
code thus remove some checks on the minor version
version being MBEDTLS_SSL_MINOR_VERSION_3. No aim
for completeness, ssl_parse_server_hello() is not
reworked here for example.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
a25cf58681
ssl_tls.c: Remove one unnecessary minor version check
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-03-29 14:42:17 +02:00
