David Horstmann 
							
						 
					 
					
						
						
						
						
							
						
						
							21b89761f8 
							
						 
					 
					
						
						
							
							Refactor macro-spanning if in ssl_tls13_server.c  
						
						... 
						
						
						
						Signed-off-by: David Horstmann <david.horstmann@arm.com> 
						
						
					 
					
						2022-10-07 14:08:42 +01:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							25ab654781 
							
						 
					 
					
						
						
							
							Add dummy ticket support  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-10-07 10:11:05 +08:00 
						 
				 
			
				
					
						
							
							
								Manuel Pégourié-Gonnard 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e3358e14b2 
							
						 
					 
					
						
						
							
							Merge pull request  #6051  from mprse/permissions_2b_v2  
						
						... 
						
						
						
						Permissions 2b: TLS 1.3 sigalg selection 
						
						
					 
					
						2022-09-28 09:50:04 +02:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
						
						
							
						
						
							b72dac4ed7 
							
						 
					 
					
						
						
							
							Fix PSA identifier of RSA_PKCS1V15 signing algorithms  
						
						... 
						
						
						
						Signed-off-by: Ronald Cron <ronald.cron@arm.com> 
						
						
					 
					
						2022-09-27 09:25:47 +02:00 
						 
				 
			
				
					
						
							
							
								Paul Elliott 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							2c282c9bd0 
							
						 
					 
					
						
						
							
							Merge pull request  #6180  from yuhaoth/pr/add-tls13-multiple-session-tickets  
						
						... 
						
						
						
						TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session. 
						
						
					 
					
						2022-09-23 15:48:33 +01:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							359e65f784 
							
						 
					 
					
						
						
							
							limit session ticket number when resumption  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-22 23:47:43 +08:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							07ba2be20b 
							
						 
					 
					
						
						
							
							Merge pull request  #6304  from yuhaoth/pr/exclude-pre_shared_key-from-hrr-msg  
						
						... 
						
						
						
						TLS 1.3: PSK: Exclude pre_shared_key for HRR 
						
						
					 
					
						2022-09-22 10:21:06 +02:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							b7e3fa7fbd 
							
						 
					 
					
						
						
							
							move count decrement after success sent  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-22 13:21:29 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							d0766eca58 
							
						 
					 
					
						
						
							
							fix various issues  
						
						... 
						
						
						
						- Improve comments
- Align count variable name to `new_session_tickets_count`
- move tickets_count init to handshake init
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-22 13:21:29 +08:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
						
						
							
						
						
							67ea2543ed 
							
						 
					 
					
						
						
							
							tls13: server: Add sig alg checks when selecting best certificate  
						
						... 
						
						
						
						When selecting the server certificate based on
the signature algorithms supported by the client,
check the signature algorithms as close as possible
to the way they are checked to compute the
signature for the server to prove it possesses
the private key associated to the certificate.
That way we minimize the odds of selecting a
certificate for which the server will not be
able to compute the signature to prove it
possesses the private key associated to the
certificate.
Signed-off-by: Ronald Cron <ronald.cron@arm.com> 
						
						
					 
					
						2022-09-20 14:26:32 +02:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							d4e7500a07 
							
						 
					 
					
						
						
							
							Enable multi session tickets on Server  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-19 14:24:03 +08:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							be0224aef3 
							
						 
					 
					
						
						
							
							Merge pull request  #6167  from yuhaoth/pr/finalize-tls13-session-tickets  
						
						
						
						
					 
					
						2022-09-18 21:18:13 +02:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							ad4d2bb3e1 
							
						 
					 
					
						
						
							
							Exclude pre_shared_key for HRR  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-16 18:16:49 +08:00 
						 
				 
			
				
					
						
							
							
								Gilles Peskine 
							
						 
					 
					
						
						
						
						
							
						
						
							945b23c46f 
							
						 
					 
					
						
						
							
							Include platform.h unconditionally: automatic part  
						
						... 
						
						
						
						We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.
There should be no change in behavior since just including the header should
not change the behavior of a program.
This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:
```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com> 
						
						
					 
					
						2022-09-15 20:33:07 +02:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							0a55cc647c 
							
						 
					 
					
						
						
							
							Remove unnecessary var and improve comment  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-15 16:15:06 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							f7dad3cfbe 
							
						 
					 
					
						
						
							
							fix various issues  
						
						... 
						
						
						
						- Naming
- format
- Reduce negative tolerance window
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-14 22:31:39 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							acff823846 
							
						 
					 
					
						
						
							
							Add negative tolerance window  
						
						... 
						
						
						
						If `now == session->start` or the timer of
client is faster than server, client age might
be bigger than server.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-14 14:50:44 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							4746b10c2e 
							
						 
					 
					
						
						
							
							fix various issues  
						
						... 
						
						
						
						- Format issues
- Possible memory leak
- Improve naming and comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-13 15:37:46 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							8d4bbbae4f 
							
						 
					 
					
						
						
							
							fix ticket age check issues  
						
						... 
						
						
						
						- Ticket age and ticket age add, obfuscated age
  use different unit. Align the units to million
  seconds.
- Add maximum ticket age check. Until now,
  ticket_lifetime is not recorded in server side.
  Check it with maximum ticket_lifetime.
- Free session when error found.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-13 15:37:46 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							466dda8553 
							
						 
					 
					
						
						
							
							Rename resumption master secret compute function  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-13 14:28:15 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							58af2335d9 
							
						 
					 
					
						
						
							
							Add possible group tests for psk with ECDHE  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-06 14:49:39 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							fd310ebf2d 
							
						 
					 
					
						
						
							
							fix coding style issues  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-09-06 09:16:35 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							8253486c4f 
							
						 
					 
					
						
						
							
							Add session ticket support for server  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-31 23:24:25 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							95699e72f3 
							
						 
					 
					
						
						
							
							Add session ticket identity check  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-31 23:24:25 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							1e05b6dd6d 
							
						 
					 
					
						
						
							
							fix coding style and unnecessary assignment  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-31 10:35:52 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							e5834fd0d7 
							
						 
					 
					
						
						
							
							remove unnecessary test  
						
						... 
						
						
						
						also optimize check sum
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-29 20:33:33 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							0baf907e11 
							
						 
					 
					
						
						
							
							remove select_ciphersuite  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-25 11:21:04 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							c5a23a0f12 
							
						 
					 
					
						
						
							
							fix various issues  
						
						... 
						
						
						
						- code style
- variable initialize
- update comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-25 11:09:35 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							f35ba384ff 
							
						 
					 
					
						
						
							
							Add select ciphersuite entry function  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-23 22:01:58 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							dd1bef788e 
							
						 
					 
					
						
						
							
							Add ciphersuite_info check  
						
						... 
						
						
						
						return null if no valid ciphersuite info
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-23 17:57:02 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							29d9faa468 
							
						 
					 
					
						
						
							
							fix various issues.  
						
						... 
						
						
						
						- comments issues
- code format style issues
- naming improvement.
- error return improvements
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-23 17:53:43 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							5725f1cf3a 
							
						 
					 
					
						
						
							
							Align ciphersuite with overwrite.  
						
						... 
						
						
						
						Selected ciphersuite MUST be same with ciphsersuite of PSK.
Overwrite the old ciphersuite with the one of PSK.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-21 17:50:27 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							9f7f646b11 
							
						 
					 
					
						
						
							
							Revert "remove psk key when ephemeral selected"  
						
						... 
						
						
						
						This reverts commit 5c28e7aa0ebfa3d025e7802ae29eb86e43b0e92f.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-21 12:59:17 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							e9d4fc09a3 
							
						 
					 
					
						
						
							
							fix binder value security issue  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-21 12:59:17 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							24b8c813c4 
							
						 
					 
					
						
						
							
							fix comments and wrong initial value issues  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-21 12:55:45 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							6cf6b47b5c 
							
						 
					 
					
						
						
							
							fix format and comment issues  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-21 12:54:53 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							5c28e7aa0e 
							
						 
					 
					
						
						
							
							remove psk key when ephemeral selected  
						
						... 
						
						
						
						ephemeral is selected, `handshake->psk` must be removed.
Otherwise the encrypt key will be caculate fail.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-11 21:25:35 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							56acc9421c 
							
						 
					 
					
						
						
							
							Write key_share base on key_exchange mode.  
						
						... 
						
						
						
						In ServerHello, write key share should base on key_exchange mode, not
base on configuration.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-11 21:25:35 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							f0bad2554a 
							
						 
					 
					
						
						
							
							Continue check next psk key when binder mismatch  
						
						... 
						
						
						
						with matched identity and mismatch binder, should check next psk key.
Exit with error will break multi-psk cases.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-11 21:25:35 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							32e1370fbc 
							
						 
					 
					
						
						
							
							Add config check for pre_shared_key parser  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-11 21:25:35 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							e95c8af266 
							
						 
					 
					
						
						
							
							Align ciphersuite with psk key  
						
						... 
						
						
						
						With OpenSSL and GnuTLS client, if the MAC of ciphersuite
does not match selected binder, client will reject connection.
This change is to select ciphersuite base on algo of psk binder.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-11 21:25:35 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							40f3771e18 
							
						 
					 
					
						
						
							
							Add handshake psk export function.  
						
						... 
						
						
						
						Rename `ssl_tls13_get_psk` and export the
function.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-08-11 21:25:35 +08:00 
						 
				 
			
				
					
						
							
							
								Thomas Daubney 
							
						 
					 
					
						
						
						
						
							
						
						
							31e03a8e15 
							
						 
					 
					
						
						
							
							Replace hard-coded zeroes for constant  
						
						... 
						
						
						
						Replace two occurances of hard-coded zero for
MBEDTLS_SSL_COMPRESS_NULL in TLS 1.3 code.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com> 
						
						
					 
					
						2022-07-26 16:13:23 +01:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							e579ece305 
							
						 
					 
					
						
						
							
							Merge pull request  #6087  from yuhaoth/pr/add-tls13-serialize_session_save_load  
						
						... 
						
						
						
						TLS 1.3: Add serialize session save load
I can see that https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r927935696  and https://github.com/Mbed-TLS/mbedtls/pull/6087#discussion_r924252403  are addressed in  #6123 . Thus I am ok to merge it as it is. 
						
						
					 
					
						2022-07-23 08:57:11 +02:00 
						 
				 
			
				
					
						
							
							
								Ronald Cron 
							
						 
					 
					
						
						
							
							
						
						
						
							
						
						
							340c559cb3 
							
						 
					 
					
						
						
							
							Merge pull request  #6079  from yuhaoth/pr/add-tls13-parse-pre_shared_key_offered_psks  
						
						... 
						
						
						
						TLS 1.3: PSK: Add parser/writer of pre_shared_key extension on server side. 
						
						
					 
					
						2022-07-23 08:50:45 +02:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							13ab81d5ac 
							
						 
					 
					
						
						
							
							Add handshake failure in pre_shared_key withou psk_kex_modes  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-07-22 23:17:11 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							a66fecebe7 
							
						 
					 
					
						
						
							
							Add endpoint/ticket_flag field for session  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-07-22 23:08:43 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							6f1db3fc92 
							
						 
					 
					
						
						
							
							fix format and potential non-PSK fail issue  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-07-22 23:05:59 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							ce6ed7076a 
							
						 
					 
					
						
						
							
							Change the order of key_exchange determine  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-07-22 21:49:53 +08:00 
						 
				 
			
				
					
						
							
							
								Jerry Yu 
							
						 
					 
					
						
						
						
						
							
						
						
							ba9b6e9e53 
							
						 
					 
					
						
						
							
							fix unkown identity case  
						
						... 
						
						
						
						Signed-off-by: Jerry Yu <jerry.h.yu@arm.com> 
						
						
					 
					
						2022-07-22 21:45:05 +08:00