Re-introduce support of TLS 1.3 with various existing configuration options #15
Assignees
Labels
Comments
|
Most importantly, it should be possible to have an Mbed TLS build supporting both TLS 1.2 and TLS 1.3. |
yuhaoth
added a commit
to yuhaoth/mbedtls1.3
that referenced
this issue
Jul 5, 2021
Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to hannestschofenig#155. fix hannestschofenig#15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 CustomizedGitHooks: yes
yuhaoth
added a commit
to yuhaoth/mbedtls1.3
that referenced
this issue
Jul 5, 2021
Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to hannestschofenig#155. fix hannestschofenig#15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3
|
Sub tasks:
|
yuhaoth
added a commit
to yuhaoth/mbedtls1.3
that referenced
this issue
Jul 16, 2021
Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to hannestschofenig#155. fix hannestschofenig#15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3
yuhaoth
added a commit
to yuhaoth/mbedtls1.3
that referenced
this issue
Jul 16, 2021
Prepare for subtask 1 of hannestschofenig#15 Change-Id: I09dadc8b8800de72005620ec8c90612b7f784e29 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]>
yuhaoth
added a commit
to yuhaoth/mbedtls1.3
that referenced
this issue
Jul 16, 2021
It depends on MBEDTLS_SSL_PROTO_* . Compile Status : PASS Test Status : Fail issues: hannestschofenig#15 Change-Id: I4309976339e4272f297950f9a904d69245c0ea20 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]>
yuhaoth
added a commit
to yuhaoth/mbedtls1.3
that referenced
this issue
Jul 19, 2021
issues: hannestschofenig#15 compile-status: Fail Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]>
This was referenced Jul 20, 2021
yuhaoth
added a commit
to yuhaoth/mbedtls1.3
that referenced
this issue
Jul 21, 2021
According to hannestschofenig#15, different options report fail. To fix the issue we should not break passed options. The script is to make sure current status. If all relative issues are resolved, This patch should be removed or re-considered. issues: hannestschofenig#15, hannestschofenig#297,hannestschofenig#238,hannestschofenig#298 Change-Id: Iaebbdaa5861802f2a48e6bca238a94672ddfaf70 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]>
yuhaoth
added a commit
to yuhaoth/mbedtls1.3
that referenced
this issue
Jul 21, 2021
According to hannestschofenig#15, different options report fail. To fix the issue we should not break passed options. The script is to make sure current status. If all relative issues are resolved, This patch should be removed or re-considered. issues: hannestschofenig#15, hannestschofenig#297,hannestschofenig#238,hannestschofenig#298,hannestschofenig#301 Change-Id: Iaebbdaa5861802f2a48e6bca238a94672ddfaf70 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]>
yuhaoth
added a commit
to yuhaoth/mbedtls1.3
that referenced
this issue
Jul 22, 2021
According to hannestschofenig#15, different options report fail. To fix the issue we should not break passed options. The script is to make sure current status. If all relative issues are resolved, This patch should be removed or re-considered. issues: hannestschofenig#15, hannestschofenig#297,hannestschofenig#238,hannestschofenig#298,hannestschofenig#301 Change-Id: Iaebbdaa5861802f2a48e6bca238a94672ddfaf70 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]>
yuhaoth
added a commit
to yuhaoth/mbedtls1.3
that referenced
this issue
Jul 23, 2021
According to hannestschofenig#15, different options report fail. To fix the issue we should not break passed options. The script is to make sure current status. If all relative issues are resolved, This patch should be removed or re-considered. issues: hannestschofenig#15, hannestschofenig#297,hannestschofenig#238,hannestschofenig#298,hannestschofenig#301 Change-Id: Iaebbdaa5861802f2a48e6bca238a94672ddfaf70 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]>
yuhaoth
added a commit
to yuhaoth/mbedtls1.3
that referenced
this issue
Jul 25, 2021
issues: hannestschofenig#15 compile-status: Fail Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]>
yuhaoth
added a commit
to yuhaoth/mbedtls1.3
that referenced
this issue
Jul 25, 2021
issues: hannestschofenig#15 compile-status: Fail Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]>
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
May 17, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
May 17, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
May 17, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
May 17, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
May 17, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
May 17, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
May 17, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
May 17, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 12, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 13, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 13, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 14, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 14, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 14, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 14, 2023
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
pushed a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 6, 2024
Signed-off-by: Ronald Cron <[email protected]>
lhuang04
pushed a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 6, 2024
Signed-off-by: Ronald Cron <[email protected]>
lhuang04
pushed a commit
to lhuang04/mbedtls
that referenced
this issue
Jun 11, 2024
Signed-off-by: Ronald Cron <[email protected]>
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Dec 19, 2024
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Dec 20, 2024
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Dec 20, 2024
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Dec 20, 2024
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
lhuang04
added a commit
to lhuang04/mbedtls
that referenced
this issue
Dec 20, 2024
commit 3534dc3d8cedbd326569383677c5cc10e497c001 Merge: 471fc0ed17 17e162bc79 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 07:35:06 2021 +0100 Merge pull request #323 from yuhaoth/pr/add-conditional-for-dtls-cookies Add conditional compilation for mbedtls_ssl_conf_dtls_cookies commit 471fc0ed17864079b70c75fc9c0a248f213b5991 Merge: 4ddebafaaf fba68613d6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:36:13 2021 +0100 Merge pull request #325 from hanno-arm/mps_remove_ext_rd_wr MPS: Remove extended reader/writer from MPS, part 2 commit fba68613d69b1bea1cbbdc5c10760e733c4e38e5 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 06:33:49 2021 +0100 MPS: Be less wordy in comments... Signed-off-by: Hanno Becker <[email protected]> commit 4ddebafaaf6cefc89bef8a5f6b947c0ff9a5f514 Merge: 08b0522e0f 34d751dfa6 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:54:29 2021 +0100 Merge pull request #319 from yuhaoth/pr/fix-mbedtls_ssl_check_cert_usage-error fix mbedtls_ssl_check_cert_usage compile fail commit 08b0522e0f6b4650c93a12038fb87cd21757b75c Merge: 82436667b1 81c88ff7df Author: Hanno Becker <[email protected]> Date: Thu Jul 29 05:05:16 2021 +0100 Merge pull request #321 from yuhaoth/pr/fix-functions-undeclared-warnings fix functions undeclared warnings commit 82436667b1304628b77ad9eded10ccf250355fc6 Merge: 2556d8a1dd f9435bb0c2 Author: Hanno Becker <[email protected]> Date: Thu Jul 29 04:49:16 2021 +0100 Merge pull request #324 from yuhaoth/pr/fix-nss_keylog_export-duplicated-errors fix nss_keylog_export duplicate error commit 8a1348ca2ac075801777535bfa35d1179ec269e7 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:13 2021 +0100 MPS L4: Minor structural improvement Signed-off-by: Hanno Becker <[email protected]> commit 7a11ad03acaea247045dc5e41dc397b5b73a254d Author: Hanno Becker <[email protected]> Date: Wed Jul 28 21:26:00 2021 +0100 MPS Layer 4: Remove dead comments Signed-off-by: Hanno Becker <[email protected]> commit d77f6b32ab429cf764d01cd46869a56f8f3f7b76 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 20:07:28 2021 +0100 MPS Layer 3: Minor readability improvement Signed-off-by: Hanno Becker <[email protected]> commit ea207b40bdffc9793c53312aae7dabdd761611db Author: Hanno Becker <[email protected]> Date: Wed Jul 28 13:02:05 2021 +0100 Some more readability improvements Signed-off-by: Hanno Becker <[email protected]> commit dc3adeddee06e0b9ecf25e669de780593c18771b Author: Hanno Becker <[email protected]> Date: Wed Jul 28 11:39:37 2021 +0100 MPS Layer 3: Some readability improvements Signed-off-by: Hanno Becker <[email protected]> commit 2a75e56087db85845241734fd248f0ec501377b6 Author: Hanno Becker <[email protected]> Date: Wed Jul 28 09:48:18 2021 +0100 Remove extended reader/writer from MPS altogether Signed-off-by: Hanno Becker <[email protected]> commit f9435bb0c2fb7dd95b32897d567ccfca3aae2163 Author: Jerry Yu <[email protected]> Date: Sun Jul 25 22:23:06 2021 +0800 fix nss_keylog_export duplicate error nss_keylog_export is defined in TLS1.2 and TLS1.3 with different prototype. Rename it for TLS1.3 to fix it. Change-Id: I63e218070e96637a15242fec3a66b5e448986287 Signed-off-by: Jerry Yu <[email protected]> commit 17e162bc79da8c856b1b08ef373051d87163c421 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:44:55 2021 +0800 Add conditional compilation for mbedtls_ssl_conf_dtls_cookies mbedtls_ssl_conf_dtls_cookies depends on MBEDTLS_SSL_DTLS_HELLO_VERIFY. Not all place is wrapped with it. CustomizedGitHooks: yes Change-Id: I603cbaeabccf969c2785198409c0d59f3afa889f Signed-off-by: Jerry Yu <[email protected]> commit 5471952d409eea62843268272ae46969dcf78e60 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 11:15:15 2021 +0100 MPS Layer 3: Don't rely on extended writer to learn HS msg size This is another step towards removing the extended reader/writer from Layer 3 altogether. Signed-off-by: Hanno Becker <[email protected]> commit 81c88ff7df372ba4c2671f3a7065482152b40310 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:06:56 2021 +0800 fix functions undeclared warnings With TLS1.2 enabled, those functions report undeclared warning Change-Id: Ie20e9e9e9cee3fe8561c368c24042096b0b36320 Signed-off-by: Jerry Yu <[email protected]> commit f85747efb1a1035124aada3245dcec7ddb8d3597 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:47:19 2021 +0100 MPS L3: Simplify handshake message writing Signed-off-by: Hanno Becker <[email protected]> commit f540b0fc79af402f0176477df0c6f79c26857e88 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 09:42:03 2021 +0100 MPS Layer 3: Simplify logic for writing of handshake header Signed-off-by: Hanno Becker <[email protected]> commit 34d751dfa6e5e88ef7efd17e412f05cae52fa38c Author: Jerry Yu <[email protected]> Date: Tue Jul 27 14:02:40 2021 +0800 fix mbedtls_ssl_check_cert_usage compile fail `mbedtls_ssl_check_cert_usage` is redefined in TLS1.3. That's due to different of `key_exchange` field. The function only use `key_exchange` field of `ciphersuite_info`. To keep consistency, we change the prototype of it. Change-Id: I1905866e3e5dbfbdbff760896fce8b8eb40502c4 Signed-off-by: Jerry Yu <[email protected]> commit 2556d8a1dd0d2cab0ca2fa08ded3fabe160be83f Merge: 0e367ad306 3430517266 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:57:55 2021 +0100 Merge pull request #318 from hanno-arm/mps_simplify MPS: Numerous minor simplifications and improvements commit 0e367ad306e20d7eed02775d0c581828da937cb2 Merge: 246c820430 d8f19321d7 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:13:13 2021 +0100 Merge pull request #317 from yuhaoth/pr/fix-two-duplicate-define-errors fix two duplicate define errors commit 246c820430aed5412c6cba0e911c1a1ca13ade60 Merge: 49f76369ad 12a8dfe7d2 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:12:15 2021 +0100 Merge pull request #316 from yuhaoth/pr/fix-update_checksum-errors fix update_checksum errors commit 12a8dfe7d2701bf4959b0f073e4969e8b1d4d816 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:11:45 2021 +0100 Apply suggestions from code review commit 49f76369ad5d9e92fe3d6b4ceb70df857ccab3b2 Merge: 0b7e1b6759 638484855b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 06:06:44 2021 +0100 Merge pull request #314 from hanno-arm/mps_l3_remove_hs_abort MPS Layer 3: Remove unused handshake abort function commit 3430517266a9e7d0ab43cf08730064608190fbd6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:51:53 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit da378914efe9bae8a84ca59604b4651efd562401 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:47:54 2021 +0100 MPS: Some more uses of assertion macro Signed-off-by: Hanno Becker <[email protected]> commit 1b8feeeac9fc6376ff60debd5ed18be995d2540a Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:42:58 2021 +0100 MPS: Add helper macro for readability Signed-off-by: Hanno Becker <[email protected]> commit f8fc90c0e58bb81ae4fc5d6003b368974a4580b5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:35 2021 +0100 Shorten some doc'n for MPS Signed-off-by: Hanno Becker <[email protected]> commit fe135af06c138ac3ffbc077c6357961d2c895c6b Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:36:21 2021 +0100 MPS: Use helper macro for DTLS HS header debugging Signed-off-by: Hanno Becker <[email protected]> commit 8144fea4a5b03c773ffaa48325663145aca58ff6 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:15 2021 +0100 MPS: Use assertion macro instead of manual return of INTERNAL_ERROR Signed-off-by: Hanno Becker <[email protected]> commit 648d1835ce61480023fbb856d5044b6218f5af90 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:29:07 2021 +0100 MPS: Shorten some code Signed-off-by: Hanno Becker <[email protected]> commit 2818d2fbc65a2e31afe729046264171680356ae5 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:21:53 2021 +0100 MPS L4: Add comment on potential simplification Signed-off-by: Hanno Becker <[email protected]> commit 1ec166036cfda847db076c567a94de474d009041 Author: Hanno Becker <[email protected]> Date: Tue Jul 27 05:19:18 2021 +0100 MPS: Remove dead code and shorten comments Signed-off-by: Hanno Becker <[email protected]> commit 1100e4b72bf26746970af57244787e3b43f852c8 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:32:31 2021 +0100 MPS L3: Improve readability through introduction of debug macros Signed-off-by: Hanno Becker <[email protected]> commit 028414d0c81fd42772a33308953bf011da87584f Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:44 2021 +0100 MPS: Add shorter trace commands Signed-off-by: Hanno Becker <[email protected]> commit ab03dd35e3e62ec6b984a90b16e27602e1b9bbef Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:25:28 2021 +0100 MPS: Fix typo in common.h Signed-off-by: Hanno Becker <[email protected]> commit 0b43c2410f9f7528d99cdb83ac7c8ff39ade266b Author: Hanno Becker <[email protected]> Date: Mon Jul 26 19:20:27 2021 +0100 MPS L3: Add helper function for handling of incomplete headers Signed-off-by: Hanno Becker <[email protected]> commit d8f19321d70182ada99f421e56ea00c2100313f3 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:03:13 2021 +0800 Rename mbedtls_ssl_handshake_wrapup for TLS1.3 `mbedtls_ssl_handshake_wrapup` was defined in both cases. `duplicate defined` error is reported. Add tls13 suffix for TLS1.3 to fix it. Change-Id: I2ca9dbc00e3b98ecd1d7aab212130dc661d79f91 Signed-off-by: Jerry Yu <[email protected]> commit 40825315251e967b6bbca82b6a12b4cd875e04b5 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 15:00:50 2021 +0800 move mbedtls_ssl_transform_free to ssl_msg.c `mbedtls_ssl_transform_free` is defined in `ssl_msg.c`. With TLS1.2, it reports duplicate error. Remove function in ssl_tls.c to fix it. Change-Id: Ibc2301a2ce6803d262f6328e3977e1fdfa2b3ce3 Signed-off-by: Jerry Yu <[email protected]> commit 7f0fb121f9d308b75d0f4a602623696fa9215505 Author: Jerry Yu <[email protected]> Date: Mon Jul 26 19:41:09 2021 +0800 fix update_checksum_start/sha384 duplicate error `ssl_update_checksum_start/sha384` is redefined for TLS1.3. Both enable case raises duplicate error. Fix it with version check. Change-Id: I3aec21c70fbf7893bb32e237691d47ce9e24c4af Signed-off-by: Jerry Yu <[email protected]> commit 297c71b70f2967e25d6370f7f16c9ec80fb2a988 Author: Jerry Yu <[email protected]> Date: Mon Jul 19 14:04:37 2021 +0800 fix calc_verify parameter warning `calc_verify` prototype defined by TLS1.3 is not used. And other two functions are same. So, the declaration should be removed. Change-Id: I13c62299dbf9c50ac25ddd9a6e9db79ca3b05785 Signed-off-by: Jerry Yu <[email protected]> commit 0b7e1b6759bcc89283d1557c0f98c9a8e0f52ded Merge: 7b2d90f8dc d30cdb6ddc Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:50:53 2021 +0100 Merge pull request #313 from yuhaoth/pr/fix-ssl_extract_add_data_from_record fix ssl_extract_add_data_from_record arguments error commit 638484855b831d0ddf66aef225fbed0eb2cf0cbd Author: Hanno Becker <[email protected]> Date: Mon Jul 26 07:02:46 2021 +0100 MPS Layer 3: Remove unused handshake abort function Signed-off-by: Hanno Becker <[email protected]> commit d30cdb6ddc904147465191da04dfedfb689c377c Author: Jerry Yu <[email protected]> Date: Sun Jul 25 19:00:48 2021 +0800 fix ssl_extract_add_data_from_record arguments error With TLS1.2, compiler report below error ``` too few arguments to function ‘ssl_extract_add_data_from_record’ ``` The function is changed in TLS1.3. Add `transform->taglen` to error call place to fix that. Change-Id: I40ffe8a68213d507c8c16700027b1084aa14f1a8 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 7b2d90f8dc3fceccdae16d8207d6ee0cf8625082 Merge: 387e0c7b8d b83b1f6e40 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:58 2021 +0100 Merge pull request #312 from yuhaoth/pr/fix-ssl-reset-undefine fix ssl_reset_retrnsmit_timeout undefine warning commit 387e0c7b8d7e064785368b2ea99e4b5facf91ad8 Merge: d1c0451231 85b184f243 Author: Hanno Becker <[email protected]> Date: Mon Jul 26 06:09:36 2021 +0100 Merge pull request #311 from yuhaoth/pr/fix-pmslen-premaster-error fix pmslen and premaster undefined error commit b83b1f6e40630f283c9672d240fd32e89181a30f Author: Jerry Yu <[email protected]> Date: Mon Jul 26 12:28:20 2021 +0800 fix ssl_reset_retrnsmit_timeout undefine warning ssl_reset_retrnsmit_timeout has been added prefix. Here is missing Change-Id: Iae962c189f7841d4ab216500108af7921ff73b3a CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 85b184f243f7a54076527cae3c7e943670a562de Author: Jerry Yu <[email protected]> Date: Mon Jul 19 13:57:23 2021 +0800 fix pmslen and premaster undefined error With MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER, compiler report pmslen and premaster underfined error. CustomizedGitHooks: yes Change-Id: I73f989ffe29efb1d6936e599230a8cbe121bbcc4 Signed-off-by: Jerry Yu <[email protected]> commit d1c0451231b6ea2c547906210095ad755a106cfd Merge: 602827ad13 cd4d2854cf Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:50:26 2021 +0100 Merge pull request #307 from yuhaoth/pr/fix-ecdh-compile-errors fix errors for ecdh context commit cd4d2854cf9cf3e0564d2f783f73dfd817308734 Author: Hanno Becker <[email protected]> Date: Sun Jul 25 07:42:13 2021 +0100 Minor improvements to TLS 1.3 client-side key share ext writer Signed-off-by: Hanno Becker <[email protected]> commit 4e2ed4dad052a121a79228dde3fdd1bb881d6dae Author: Jerry Yu <[email protected]> Date: Sat Jul 24 16:20:32 2021 +0800 fix ECDH context build errors Remove multi ecdh share keys support. When build with TLS1.2 , it reports compile error Change-Id: Ibc147e9cacbd5593ec02a14cd887ad5e278c0955 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 602827ad138ba3ca09198f02d9145c4237e2488c Merge: 42499d48be 9e071d8f87 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:12:34 2021 +0100 Merge pull request #309 from hanno-arm/ssl_ciphersuite_conf_tls13 Rename TLS 1.3 ciphersuite identifiers and improve documentation commit 9e071d8f87d30d60002741e364eec58c15ede851 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 19:09:32 2021 +0100 Fix a bunch of typos Signed-off-by: Hanno Becker <[email protected]> commit bfee374e9b6f5053abcaa3b948ad2e60a0a40099 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 16:12:09 2021 +0100 Rename TLS 1.3 ciphersuite identifiers - Move the C-macros to MBEDTLS_ namespace - Adjust the naming scheme for the string-identifiers to "TLS1-3-XXX", aligning to the existing "TLS-XXX" identifiers for TLS 1.2. Signed-off-by: Hanno Becker <[email protected]> commit 32ea0b5dcb3aa4f420d620db0d72c203848c60d9 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 15:48:13 2021 +0100 Move TLS 1.3 ciphersuite identifiers to MBEDTLS_ namespace Signed-off-by: Hanno Becker <[email protected]> commit 42499d48be73a0abdfaedf13175e057875bb3e17 Merge: 22b07e166e acf09b1982 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 13:01:09 2021 +0100 Merge pull request #306 from hanno-arm/mps_fix_bio MPS: Interpret ret val 0 from BIO as connection closure commit 22b07e166ec611d726fbb7007d57d9fc33c6ab50 Merge: 91e0d5b3f9 407985f39b Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:58 2021 +0100 Merge pull request #300 from yuhaoth/pr/remove-tls1_2_or_earlier-from-ssl.h remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h commit 91e0d5b3f92e30e5f06898ada0324b1e12faefb7 Merge: db53f99dd7 230bf9cdc0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 09:40:34 2021 +0100 Merge pull request #294 from lhuang04/tls13_mismatched_sig_algs_test_case Add test for mismatched sig_algs commit db53f99dd7134c6784ed7b4eea82a21f74b171ef Merge: e75e462c07 fcb0270f62 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:46:03 2021 +0100 Merge pull request #305 from yuhaoth/pr/modify-tls13-undefine-condition replace `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` commit acf09b1982ee70468177447ca9d85310164e1df0 Author: Hanno Becker <[email protected]> Date: Fri Jul 23 07:08:38 2021 +0100 MPS: Interpret ret val 0 from BIO as connection closure Signed-off-by: Hanno Becker <[email protected]> commit e75e462c0761a1a607c64d53217b7441c522b8d1 Merge: 3aa1c4ae79 93f1aaabc0 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 11:21:28 2021 +0100 Merge pull request #276 from zhihan/fix-minor_ver Assign minor_ver when loading session commit fcb0270f626dad2efe9518aed3fecfeefff2f4fc Author: Jerry Yu <[email protected]> Date: Thu Jul 22 12:57:31 2021 +0800 Modify TLS1.3 undefined condition Available protocol defines are TLS1.3 only ,TLS1.2 only and both. `!defined(MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL)` is not correct condition. It make both case fail. If TLS1.3 is not defined , that means TLS1.2 must be defined. So replace it with `defined(MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER)` Change-Id: I79bee93602f439b04f4b3268f65a78c1242698f1 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 407985f39b175b925bd63630e9959bf8d4e03db4 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 17:52:45 2021 +0800 remove MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER from ssl.h MBEDTLS_SSL_PROTO_TLS1_2_OR_EARLIER is defined in ssl_internal.h. It is for inside usage only. `ssl.h` does not include `ssl_internal.h` . It should not appear here. It will cause transform* undefined error. Change-Id: Iedc65ca1287db1a4accad9a89e83e8ab1612e65b CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 3aa1c4ae79d7f22265676070bceb2f54da8172f6 Merge: 85083dcf6c 4084ab2613 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:18:14 2021 +0100 Merge pull request #213 from zhihan/tls13-prototype-nst-ext Add functions to parse NST extensions. commit 4084ab2613bd1249e1158aa5b75ebf96200ad306 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 08:14:46 2021 +0100 Minor improvements Signed-off-by: Hanno Becker <[email protected]> commit 7d4e0e7d0a56a006053da5eabe70c9b31614621d Author: Zhi Han <[email protected]> Date: Fri Apr 23 14:29:23 2021 -0400 Add functions to parse NST extensions. commit 85083dcf6c9811692a32e2a859b9452f3831b3c6 Merge: 824adea413 12ccbb61b1 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:53:03 2021 +0100 Merge pull request #257 from lhuang04/tls13_prototype_issue_194_NewSessionTicket_Parsing_Client Review fix for ssl_new_session_ticket_parse commit 12ccbb61b13dba436a2eb6c21033e7ef73f5ef3b Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:50:43 2021 +0100 Update library/ssl_tls13_client.c commit 824adea413c5f271f12e222f37e28d1a09b85385 Merge: 91ca1d38a0 4395af15a9 Author: Hanno Becker <[email protected]> Date: Thu Jul 22 07:34:12 2021 +0100 Merge pull request #302 from hannestschofenig/pr/fix-two-errors Pr/fix two errors commit 4395af15a94b281865b67fa17ea56d90dc01609a Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:14:28 2021 +0800 fix ssl-opt test fail Test report fail at test case 33. "TLS_AES_128_CCM_SHA256 with ECDHE-ECDSA" "Key Exchange Mode is ECDHE-ECDSA" is not found in client output. That is due to `get_key_exchange_name` is removed. Remove the check to fix that. Change-Id: Ic647e7fdaa52bbdabd65b972a27a6356db142f30 CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 9ef29e4d823cf66016f51e310516a4ca5203669f Author: Jerry Yu <[email protected]> Date: Wed Jul 21 13:11:52 2021 +0800 fix compile fail without MPS if undefine MBEDTLS_SSL_USE_MPS, it report error. Change-Id: I81701c4f7ed053222545705bdaa77508e633179e CustomizedGitHooks: yes Signed-off-by: Jerry Yu <[email protected]> commit 91ca1d38a06f4dfb7e3932bed7122716a9b997a2 Merge: c021ddc27d 2aebccdec6 Author: Jerry Yu <[email protected]> Date: Tue Jul 20 15:26:11 2021 +0800 Merge pull request #296 from hanno-arm/ssl_opt_compat_sh_openssl_fix Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman commit 2aebccdec6234a44a0a5da580b505ea7fc09cc01 Author: Gilles Peskine <[email protected]> Date: Thu Apr 1 14:00:11 2021 +0200 Fix SSL tests scripts with recent OpenSSL server with Diffie-Hellman Our interoperability tests fail with a recent OpenSSL server. The reason is that they force 1024-bit Diffie-Hellman parameters, which recent OpenSSL (e.g. 1.1.1f on Ubuntu 20.04) reject: ``` 140072814650688:error:1408518A:SSL routines:ssl3_ctx_ctrl:dh key too small:../ssl/s3_lib.c:3782: ``` We've been passing custom DH parameters since 6195767554da332e9f81e6510b07f7565ff8a538 because OpenSSL <=1.0.2a requires it. This is only concerns the version we use as OPENSSL_LEGACY. So only use custom DH parameters for that version. In compat.sh, use it based on the observed version of $OPENSSL_CMD. This way, ssl-opt.sh and compat.sh work (barring other issues) for all our reference versions of OpenSSL as well as for a modern system OpenSSL. Signed-off-by: Gilles Peskine <[email protected]> commit c021ddc27d94e54c7413ac22e15cd705981ed2a5 Merge: 7b3f70dd27 661584dfa1 Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:19:46 2021 +0100 Merge pull request #288 from yuhaoth/pr/fix-15 Re-enable ssl test suite commit 661584dfa1bc48dadd4f65cf2174e74d8c1f129e Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:18:16 2021 +0100 Temporarily disable more session serialization tests Will be fixed as part of #155 Signed-off-by: Hanno Becker <[email protected]> commit 7b3f70dd27be888d85dd04e69b6bee5b643dade7 Merge: 41fb09d9cf 3ed71fee0b Author: Hanno Becker <[email protected]> Date: Tue Jul 20 05:13:17 2021 +0100 Merge pull request #286 from yuhaoth/pr/move-key-exchange-to-handshake move key_exchange members to handshake structure commit 230bf9cdc08e518dfacda03de42feb9d659a7491 Author: lhuang04 <[email protected]> Date: Sun Jun 27 08:09:05 2021 -0700 Add test for mismatched sig_algs Summary: * Send alert when there is no common signature algorithm between client and server * Add test case for mismatched sig_algs Test Plan: ``` ssl-opt.sh ``` Reviewers: Subscribers: Tasks: Tags: commit 41fb09d9cf5bc11b77850ee10073d6159c2f0ffd Merge: 1327fd4720 41c9509314 Author: Hannes Tschofenig <[email protected]> Date: Wed Jul 7 14:25:25 2021 +0200 Merge pull request #289 from zhihan/revert-281-0-rtt-ciphersuite Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 41c9509314e1c8c320462acbfcd317418e06f346 Author: Zhi Han <[email protected]> Date: Tue Jul 6 14:00:44 2021 -0400 Revert "Only use one single ciphersuite if 0-rtt is actually enabled" commit 1ad52b7edc1eb604a0930ee35ba1dbd348a2ad71 Author: Jerry Yu <[email protected]> Date: Mon Jul 5 16:47:29 2021 +0800 Re-enable ssl test suite Ssl test is disabled in TLS. This patch is to enable it. And "Session serilization*" tests are skipped due to #155. fix #15 Signed-off-by: Jerry Yu <[email protected]> Change-Id: If08e16d01a29aa4ec086acc5fa12627edc84c6d3 commit 3ed71fee0be95e0c6a1e08354606e9652e2188ad Author: Jerry Yu <[email protected]> Date: Wed Jun 30 15:14:25 2021 +0800 Remove get_key_exchange_name mbedtls_ssl_get_key_exchange_name is debug only function. It is useless now. Change-Id: Id38c81e799dca8c8df7473b9dc869560b6541e2a Signed-off-by: Jerry Yu <[email protected]> commit 1327fd47207970a042897465e832c7bde30d5f5c Merge: e2920b1927 6ef820f789 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:20:17 2021 +0100 Merge pull request #281 from zhihan/0-rtt-ciphersuite Only use one single ciphersuite if 0-rtt is actually enabled commit e2920b1927ff847a349947e4aef96b6557326816 Merge: fd741711fc fdca48d6a0 Author: Hanno Becker <[email protected]> Date: Thu Jun 24 06:12:10 2021 +0100 Merge pull request #278 from lhuang04/tls13_prototype_220_CertificateRequest_Parsing Review fix for #220 certificate request parsing commit fdca48d6a0dd1d74b48c73f2dec71880aef79fa4 Author: lhuang04 <[email protected]> Date: Sun Jun 20 15:27:09 2021 -0700 Use stack allocated received_signature_schemes_list. Summary: I choose `MBEDTLS_SIGNATURE_SCHEMES_SIZE` after looking at [the list of Signature Algorithm Extension](https://datatracker.ietf.org/doc/html/rfc8446#appendix-B.3.1.3) Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit fd741711fcab3ad49015a78ab3b72de7419bac55 Merge: 4fcd693b80 88e4a1b36a Author: Hanno Becker <[email protected]> Date: Mon Jun 21 09:24:39 2021 +0100 Merge pull request #283 from zhihan/review-0-rtt-server 0-RTT Server Review Change commit ce6adde5f7f75a4ec447dbc0e3d76c01de866e40 Author: Jerry Yu <[email protected]> Date: Mon Jun 21 13:52:01 2021 +0800 move key_exchange members to handshake structure Key_exchange and key_exchange_modes should be part of mbedtls_ssl_handshake_params. fix #13 Change-Id: I6c028765487e30f56f18a643795b2b3bde8583c8 Signed-off-by: Jerry Yu <[email protected]> commit 713d3e34ee6c6e719583e4a3763986bbd8911bfd Author: lhuang04 <[email protected]> Date: Wed Jun 2 09:22:46 2021 -0700 Follow up on review comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 94f03c184bbeb27a20383dcf109ef1ce751984f5 Author: lhuang04 <[email protected]> Date: Sun May 23 09:36:55 2021 -0700 Review fix of mbedtls_ssl_parse_signature_algorithms_ext Summary: * Add boundary check for i * Set received_signature_schemes_list to null after free * Typo * Sizeof style Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14ad89ab231e8a4ca8588dd2ec30e1d931e23ce4 Author: lhuang04 <[email protected]> Date: Sun May 23 08:58:12 2021 -0700 Review: CertificateRequest parsing Summary: * buf_len check * unsigned char* ext -> const unsigned char* ext * int -> size_t * space and long line Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ed74c68ee7aa3276cf0fc2802dea5584eb1de87b Author: lhuang04 <[email protected]> Date: Sun Jun 20 09:40:21 2021 -0700 Remove ticket_nonce from mbedtls_ssl_session Summary: `ticket_nonce` and `ticket_nonce_len` are only used once to [compute the resumption key](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_generic.c#L3021-L3023). They can be removed from `mbedtls_ssl_session`. Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 719c79217da5d8209855d857e790400ab0ed2f4c Author: lhuang04 <[email protected]> Date: Sun Jun 20 07:21:48 2021 -0700 Rename resumption_key_len to key_len Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 895eb0d2108d9bed2ce540efd255a28711a9c929 Author: lhuang04 <[email protected]> Date: Fri May 7 11:51:11 2021 -0700 Move ssl_new_session_ticket_parse to client.c Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7e2b00fdeab5300fae2a2f1d46020e14d41c6883 Author: lhuang04 <[email protected]> Date: Fri May 7 11:32:43 2021 -0700 Add index for buffer in ssl_new_session_ticket_parse Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 65e16e91159a0e5dd754593a10874a49b682d4a0 Author: lhuang04 <[email protected]> Date: Fri May 7 06:20:23 2021 -0700 Review comments follow up Summary: * change to size_t * break long line * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 469a714ff5960968734c4baab983791511cc0a06 Author: lhuang04 <[email protected]> Date: Wed May 5 08:44:42 2021 -0700 Review fix for ssl_new_session_ticket_parse Summary: * printf format for unsigned int * cast to unsigned before combine digits * remove unncessary cast * remove redundnant hash size calc * remove space for return Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 6ef820f78988703e0f66fa18a03030bba2e82a9f Author: Zhi Han <[email protected]> Date: Fri Jun 18 15:11:57 2021 -0400 Add test. Remove resumption condition. commit 68f8f228b0ba0246ab17fd8425a6299d9bf2d33e Merge: 3a3754787c 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:39:15 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into 0-rtt-ciphersuite commit 88e4a1b36a2c148f10ceb55ff7df1a7a4bec41b1 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:20:05 2021 -0400 Review feebacks commit 758c8ca724bd9acf74263b709e2d85620ea7ea28 Merge: 94240b5d12 4fcd693b80 Author: Zhi Han <[email protected]> Date: Fri Jun 18 14:13:04 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into review-0-rtt-server commit 4fcd693b8041b4e759e756989e72e60466e60376 Merge: 609a95c8d5 637d615692 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 12:14:39 2021 +0100 Merge pull request #284 from yuhaoth/pr/fix-extension-namespace fix namespace of extensions in ssl.h commit 637d615692b6838a4779fada1c9cc01e0c6c3247 Author: Jerry Yu <[email protected]> Date: Fri Jun 18 13:49:07 2021 +0800 fix namespace of extensions in ssl.h fixes #17 Change-Id: Ide9d78bdfae9c5c851f990f8c9988c1dd888bc20 Signed-off-by: Jerry Yu <[email protected]> commit 609a95c8d58f876cd49c0f03fa991c9a59d265ae Merge: 4f29740112 038eb366c4 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 06:30:53 2021 +0100 Merge pull request #285 from yuhaoth/pr/fix-out-of-box-makefile fix out-of-box Makefile build fail commit 4f297401126f5f28010e619524d900712fafa35b Merge: 67f1eba3df 966240df91 Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:43:11 2021 +0100 Merge pull request #270 from lhuang04/tls13_prototype_early_data_test_case Add new test case for early data commit 67f1eba3df16136b8d0e8fd1206afd1cbd7fa998 Merge: 9e5be82034 27c58e4f5f Author: Hanno Becker <[email protected]> Date: Fri Jun 18 05:04:41 2021 +0100 Merge pull request #279 from zhihan/review-0-rtt Some small refactor and style fixes for 0-RTT code commit 038eb366c4bea057b1b226dbee3d3f34643d2026 Author: Jerry Yu <[email protected]> Date: Wed Jun 16 10:25:12 2021 +0800 fix out-of-box Makefile build fail fix #165 Change-Id: I64d6deb3fdc1516c41a98014f2a3a67f09b17370 Signed-off-by: Jerry Yu <[email protected]> commit 27c58e4f5fa064e71f8d10d8aa72301958dc9e2d Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:12:33 2021 -0400 Use MBEDTLS_ERR_SSL_INTERNAL_ERROR since MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED is not yet defined. commit cf91aff1be63027943ab95b7914c8deca5912cc5 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:09:04 2021 -0400 Review feedback commit 1790fa932641b50a8354b2950bca83bcc53736bf Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:06:32 2021 -0400 Update library/ssl_tls13_generic.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 7825f2a8367c2e884a33c3f5570f3b1989938256 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:36 2021 -0400 Update library/ssl_tls13_keys.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 975f211f1206a18ce1e5c0ed7d97527d388e1721 Author: Zhi Han <[email protected]> Date: Tue Jun 8 15:02:20 2021 -0400 Update library/ssl_tls.c Review feedback Co-authored-by: Hanno Becker <[email protected]> commit 9e5be8203454962428e7059a25d47388750b5cec Merge: b39a1f38d7 808732ce17 Author: Hanno Becker <[email protected]> Date: Tue Jun 8 05:41:22 2021 +0100 Merge pull request #277 from lhuang04/tls13_prototype_186_CertificateVerify_Writing Review fix for #186 certificate verify writing commit 94240b5d12db58d7c8873f380d402c5cfa034fa4 Author: Zhi Han <[email protected]> Date: Mon Jun 7 15:37:47 2021 -0400 0-RTT server review changes commit ae55ed262e3d00ff4192165787e9ac38ebd44817 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:40:21 2021 -0400 Change 'early data' to 'early_data' in debug log to be consistent. commit 0871ccb623b5799e51713730d3a53d9afd78eb00 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:26:00 2021 -0400 Add <= to log commit 3a3754787c9533bcebf85e48ab18a40e71effc61 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:18:23 2021 -0400 Only use one single ciphersuite if 0-rtt is enabled commit 8b62a6c5a2910fe54b9398addff6254e15d1db94 Author: Zhi Han <[email protected]> Date: Fri Jun 4 11:04:03 2021 -0400 Change the order of code blocks for client and server to make it consistent commit e8360308773b072478ff5dd04c0617a8acd7fdde Author: Zhi Han <[email protected]> Date: Thu Jun 3 16:06:33 2021 -0400 More small fixes. commit 07b1d5744fdaf5ed167664cc939b511d26d98c97 Author: Zhi Han <[email protected]> Date: Thu Jun 3 12:48:43 2021 -0400 Some small refactor and style fixes. commit 808732ce17954756a9280dab5b3d8b0438534598 Author: lhuang04 <[email protected]> Date: Sun May 30 08:18:43 2021 -0700 own_key Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit fd94789067e5d4a93c7dd7bcd80306e20c230c04 Author: lhuang04 <[email protected]> Date: Sun May 30 08:00:17 2021 -0700 Remove signature_scheme_client from struct mbedtls_ssl_handshake_params Summary: * signature_scheme_client * signature_scheme Test Plan: Reviewers: Subscribers: Tasks: Tags: commit bf812366daed86a4d6bc7a6377c1c0430c214190 Author: lhuang04 <[email protected]> Date: Sun May 30 07:55:13 2021 -0700 Review of ssl_certificate_verify_write Summary: * indentation Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 726e41077419b14f768303a93f7e0e314ed7c8a7 Author: lhuang04 <[email protected]> Date: Sun May 30 07:09:10 2021 -0700 Rename mbedtls_ssl_certificate_verify_process Summary: * mbedtls_ssl_certificate_verify_process -> mbedtls_ssl_write_certificate_verify_process * ssl_certificate_verify_process -> ssl_write_certificate_verify_process * SSL_CERTIFICATE_VERIFY_SKIP -> SSL_WRITE_CERTIFICATE_VERIFY_SKIP * SSL_CERTIFICATE_VERIFY_SEND -> SSL_WRITE_CERTIFICATE_VERIFY_SEND Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 93f1aaabc03f8a31a9ca5cf3e4a4669be185c27b Author: Zhi Han <[email protected]> Date: Tue Jun 1 10:35:20 2021 -0400 Assign minor_ver when loading session commit 966240df91ed8204113068b58afdd2b2bf8cbf06 Author: lhuang04 <[email protected]> Date: Sun May 23 08:21:34 2021 -0700 Summary: Follow up test case for PR [118](https://github.com/hannestschofenig/mbedtls/pull/118). * Server disable early data * Client enable early data * No external PSK Test Plan: ``` tests/ssl-opt.sh -s -p -f "SRV disables early data, client enables early data" ``` Reviewers: Subscribers: Tasks: Tags: commit b39a1f38d75d930c1db4faf4d9b23f19b0e92f33 Merge: 38a3de888b dec316b63c Author: Hanno Becker <[email protected]> Date: Wed May 26 05:23:52 2021 +0100 Merge pull request #268 from zhihan/tls13-prototype-0rtt-conf-split Restore mbedtls_ssl_conf_early_data() function. commit dec316b63c501336776a49b2ff0b2ed14cd7fcbf Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:43 2021 +0100 Alloc specification of 0-RTT limit on the ssl_server2 cmdline Signed-off-by: Hanno Becker <[email protected]> commit 05c63336e2448394b694e99a211f459db41a947f Author: Hanno Becker <[email protected]> Date: Wed May 26 05:17:25 2021 +0100 Cap size of 0-RTT buffer at a compile-time configurable limit Signed-off-by: Hanno Becker <[email protected]> commit 34cab4e40fd98a10d1204b80807c1db5f0e6bafc Author: Hanno Becker <[email protected]> Date: Wed May 26 05:04:30 2021 +0100 Update library/ssl_tls13_server.c commit 6e7bf11f6381e84ab6ad8fbef9cc8db0be0d1f5b Author: Zhi Han <[email protected]> Date: Mon May 24 16:21:33 2021 -0400 error message uses wrong buffer size commit 93055a1ce74938c40b90088d7014eb7a7fbdb319 Author: Zhi Han <[email protected]> Date: Sun May 23 12:12:30 2021 -0400 Address feedback. commit 38a3de888bbbca7cd7394e81bf7617ac716327fa Merge: 22e52d2cf1 79afde5f5a Author: Hanno Becker <[email protected]> Date: Sun May 23 06:10:49 2021 +0100 Merge pull request #269 from zhihan/tls13-prototype-0rtt-review Clean up 0-RTT, fix compiler error when MBEDTLS_ZERO_RTT is disabled commit 79afde5f5a7cbcd0b833834490b52fcfaf1fce6f Author: Zhi Han <[email protected]> Date: Fri May 21 15:16:12 2021 -0400 Fix typo commit 7f541bef183517bb9024132b042b9a5461660432 Author: Zhi Han <[email protected]> Date: Fri May 21 15:05:53 2021 -0400 Some clean up for 0-RTT commit 8bbdd2756366a5419f6a6b5d0d450a88d5925ff8 Author: Zhi Han <[email protected]> Date: Fri May 21 06:38:46 2021 -0400 Change unsigned int to size_t commit f4ea9d32f35908eb1060edb0fd2c1eade85c003c Author: Zhi Han <[email protected]> Date: Thu May 20 16:03:22 2021 -0400 format commit 7ddaa1aedeb7001dd35faa2b40391955376f6b41 Author: Zhi Han <[email protected]> Date: Thu May 20 16:01:04 2021 -0400 Address PR review feedback. commit 64d4eff24130bea004c8d2b880dcb72af1f280c8 Author: Zhi Han <[email protected]> Date: Wed May 19 15:57:44 2021 -0400 Restore mbedtls_ssl_conf_early_data() function. commit 22e52d2cf1865bf638269fbc5334119a68db9603 Merge: e3d5eca29a 80dbfc0091 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:25 2021 +0100 Merge pull request #265 from lhuang04/tls13_prototype_switch_style Fix switch style commit e3d5eca29ada314616341242152ac7515607e718 Merge: d02fd9ba1f c501899a74 Author: Hanno Becker <[email protected]> Date: Wed May 19 05:17:07 2021 +0100 Merge pull request #266 from lhuang04/tls13_prototype_fix_typo_for_mps Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS commit d02fd9ba1f71d45bc81a89b4031c9c51ac38eb09 Merge: f1560c6d0f 169f542b7b Author: Hanno Becker <[email protected]> Date: Wed May 19 05:16:53 2021 +0100 Merge pull request #267 from lhuang04/tls13_prototype_if_statment_style Fix if statement style commit 169f542b7b89ce55bf438f5b9bbce663314d7257 Author: lhuang04 <[email protected]> Date: Mon May 17 12:00:40 2021 -0700 Fix if style Summary: Change `if (` to `if(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit c501899a748840659c1e4450929e0e72dcdb39b1 Author: lhuang04 <[email protected]> Date: Mon May 17 11:36:33 2021 -0700 Fix typo: MBEDTLS_SSL_US_EMPS -> MBEDTLS_SSL_USE_MPS Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 80dbfc00915ace7db2301fb897847514a2ee2b5a Author: lhuang04 <[email protected]> Date: Mon May 17 11:44:26 2021 -0700 Fix switch style Summary: change `switch (` to `switch(` Test Plan: Reviewers: Subscribers: Tasks: Tags: commit f1560c6d0f3a5258bd4d52b0ea6b3229945746df Merge: 5f3860971b 73b4aa2e96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:55:49 2021 +0100 Merge pull request #258 from lhuang04/tls13_prototype_issue_184_CertificateVerify_Parsing Fix for review of ssl_read_certificate_verify_parse commit 5f3860971b76ac33884db05aadc5e1ae59cbff7f Merge: 6c527b9e2d 2272fccb96 Author: Hanno Becker <[email protected]> Date: Tue May 18 06:54:48 2021 +0100 Merge pull request #264 from hanno-arm/srv_0rtt_conf_fix Fix misplaced 0-RTT configuration call in ssl_server2 commit 2272fccb9664ff0734f0e5a9197ed779ca416adc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:41:48 2021 +0100 Fix misplaced 0-RTT configuration call in ssl_server2 Previously, 0-RTT configuration happened as part of the SSL config. Now, it's part of the SSL context configuration, which must come after the context has been reset with `mbedtls_ssl_reset()`. Signed-off-by: Hanno Becker <[email protected]> commit 73b4aa2e962d6bd4cc32aaa81c5a0a48d15d78dc Author: Hanno Becker <[email protected]> Date: Tue May 18 06:02:16 2021 +0100 Minor code improvements in ssl_create_verify_structure() Signed-off-by: Hanno Becker <[email protected]> commit 514c80ebe1a654c14b06a3a07f04ebcfde7f8249 Merge: 7c88bbd2e2 f451f0ef99 Author: lhuang04 <[email protected]> Date: Mon May 17 09:18:00 2021 -0700 Diff review follow up * switch style * change to mbedtls_ssl_tls13_key_exchange_with_psk * rename i to buffer_idx * move comments for ssl_create_verify_structure to definition of MBEDTLS_SSL_VERIFY_STRUCT_MAX_SIZE * reuse MBEDTLS_SSL_TLS1_3_LBL_LEN in MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN commit f451f0ef99247bcd8007397406060b5de0be10cd Author: lhuang04 <[email protected]> Date: Mon May 17 09:12:56 2021 -0700 Use mbedtls_ssl_tls13_key_exchange_with_psk() instead. Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0d0e75597219d2f2c874afcfcdc769b7709c4c95 Author: lhuang04 <[email protected]> Date: Mon May 17 08:59:48 2021 -0700 style for switch Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 7c88bbd2e2dc009e6cf9c19b181ac40e84f0cc1e Author: lhuang04 <[email protected]> Date: Wed May 12 06:07:40 2021 -0700 Break long line in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 0814cb6a515b1196ffbb635f53343f476acb5c79 Author: lhuang04 <[email protected]> Date: Tue May 11 09:21:25 2021 -0700 Move the label to the ssl_tls13_keys.h Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5a6badfee551e5082b4e24fa26620faed755602b Author: lhuang04 <[email protected]> Date: Tue May 11 09:11:57 2021 -0700 Remove magic index Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 75f4bf446fb3b9cf0a5a562aff32a8ed197e2d7b Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit dd15a7235952b63130ff4d2f933f87824de5f2d9 Author: lhuang04 <[email protected]> Date: Tue May 11 09:00:04 2021 -0700 Replace mbedtls_sha256_ret by mbedtls_md Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6bdf1857bd1809e3a061d3c85f83453d8c3e3c28 Author: lhuang04 <[email protected]> Date: Fri May 7 08:16:26 2021 -0700 Style in ssl_certificate_verify_coordinate Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e5a23e31cc75241ec0ddea009e8268059aadb541 Author: lhuang04 <[email protected]> Date: Fri May 7 08:01:10 2021 -0700 Change mbedtls_ssl_create_verify_structure to ssl_create_verify_structure Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 5b3299016a7a8a7436e7814868bc70a625e1d33b Author: lhuang04 <[email protected]> Date: Fri May 7 07:45:03 2021 -0700 Follow up on review comments Summary: * space after switch * line too long Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9f7c6ce6f551e7f1eeae070e2339b6f6935a7939 Author: lhuang04 <[email protected]> Date: Thu May 6 10:51:29 2021 -0700 Fix for review of ssl_read_certificate_verify_parse Summary: * Remove empty line * Remove out-of-date comments Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 6c527b9e2d5c58c12e7452b47f0aedee7029a7eb Merge: 5e09eb428d a5c8909e61 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:56:52 2021 +0100 Merge pull request #256 from zhihan/tls13-prototype-0RTT-fix-client-rejected Do not write EndOfEarlyData if early_data is rejected by server. commit a5c8909e61a76609ab8f8c3153f543b828abc571 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:45 2021 +0100 Update programs/ssl/ssl_client2.c commit 4c779e8cd8c3474c5db61e4177e107b463ab8a59 Author: Hanno Becker <[email protected]> Date: Sat May 15 05:55:04 2021 +0100 Add reference to RFC 8446 when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit bea87dde0071ad98d3beb81070a9bd399227c66a Author: Hanno Becker <[email protected]> Date: Sat May 15 05:51:44 2021 +0100 Print debug line when skipping EndOfEarlyData Signed-off-by: Hanno Becker <[email protected]> commit 3255f964343b3599b25b76c536fade23df0885ff Author: Zhi Han <[email protected]> Date: Fri May 14 16:20:42 2021 -0400 Fix indentation commit 4ecbbc3100ab26be688829f5a388bd56d479992b Author: Zhi Han <[email protected]> Date: Fri May 14 16:17:17 2021 -0400 Address feedback from PR commit 516255927d25e4b896a243846a51346f9718db2b Author: Zhi Han <[email protected]> Date: Fri May 14 13:39:10 2021 -0400 Add test for rejecting early data commit 779a9248334492990912c13941a6b8f3428c4d61 Merge: e5d72ef6bc 5e09eb428d Author: Zhi Han <[email protected]> Date: Fri May 14 12:18:20 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit 5e09eb428d3ac8e51e19bdcf3e43b2dbb0db1af3 Merge: 21c911ccae 3d078a5c18 Author: Hanno Becker <[email protected]> Date: Fri May 14 17:15:38 2021 +0100 Merge pull request #118 from lhuang04/tls13_prototype_client_crash_early_no_psk Fix client crash when use early data without psk commit 3d078a5c180585b76a917599d8a471c4f724fd0e Author: lhuang04 <[email protected]> Date: Fri May 14 09:03:23 2021 -0700 Change to mbedtls_ssl_get_psk_to_offer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit ebfc4983648f649a8f357409a2e35080bd081355 Author: lhuang04 <[email protected]> Date: Fri May 14 08:48:30 2021 -0700 Change to mbedtls_ssl_conf_tls13_some_psk_enabled Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 14e9296bb09e7a07e0edd778a13431ef9ac6b623 Author: lhuang04 <[email protected]> Date: Tue May 4 08:05:38 2021 -0700 Add null check in mbedtls_ssl_tls1_3_key_schedule_stage_early_data Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit af91d01f00b5159884396453169961e0247b8726 Author: lhuang04 <[email protected]> Date: Thu Jan 14 08:15:43 2021 -0800 Check `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON Summary: In early data mode, the `ssl->handshake->ciphersuite_info` is [set](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L1007) in `mbedtls_ssl_write_pre_shared_key_ext` after check [mbedtls_ssl_get_psk](https://github.com/hannestschofenig/mbedtls/blob/tls13-prototype/library/ssl_tls13_client.c#L976). If psk is not configured, then `ssl->handshake->ciphersuite_info` will not be set. However, `mbedtls_ssl_generate_early_data_keys` assumes that should be always be set. This PR checks `mbedtls_ssl_get_psk` before we set MBEDTLS_SSL_EARLY_DATA_ON in `mbedtls_ssl_write_early_data_ext`. This avoid calling into `mbedtls_ssl_generate_early_data_keys` and other functions that are running in early data mode. Test Plan: ``` ../programs/ssl/ssl_server2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 ``` ``` ../programs/ssl/ssl_client2 server_addr=127.0.0.1 server_port=11252 allow_sha1=1 debug_level=5 force_version=tls1_3 force_ciphersuite=TLS_AES_128_CCM_SHA256 early_data=1 ``` Reviewers: Subscribers: Tasks: Tags: commit 21c911ccae28a563af8de662dc24e419194f2c87 Merge: f178632390 98eeb27c91 Author: Hanno Becker <[email protected]> Date: Fri May 14 16:44:02 2021 +0100 Merge pull request #263 from hanno-arm/psk-negotiation Fix client-side behaviour if PSK is offered but rejected by the server commit 98eeb27c912871202ae8d696c8cf934f03d28041 Merge: 56f6110c45 20bb2a019c Author: Hanno Becker <[email protected]> Date: Fri May 14 11:04:44 2021 +0100 Merge branch 'psk-negotiation' of https://github.com/hanno-arm/mbedtls into psk-negotiation commit 56f6110c45636ea34ebf07249a9d2e8f5c58b7dc Author: Hanno Becker <[email protected]> Date: Fri May 14 10:54:31 2021 +0100 Clarify logic for setting/clearing of handshake PSK The previous code set the handshake PSK during PSK extension writing, even if the client doesn't use 0-RTT. Instead, the handshake PSK should evolve as follows: 1) Initially, it's NULL. 2) If the client uses 0-RTT, it sets the handshake PSK to the first offered PSK when preparing to write 0-RTT data. 3) If the client uses 0-RTT, it clears the handshake PSK after writing the early data. 4) If the server chooses a PSK in its ServerHello, the client sets the handshake PSK to this PSK. If the client uses 0-RTT and the server accepts it, steps (3) and (4) could be removed. This, however, can be left for a later optimization. This commit adjusts the handshake PSK evolution to follow the steps (1)-(4) above. Signed-off-by: Hanno Becker <[email protected]> commit c5b1ffcf410437350fce4059b1f9b66b5f92f5ac Author: Hanno Becker <[email protected]> Date: Fri May 14 10:59:25 2021 +0100 Give function for removing handshake PSK global visibility Signed-off-by: Hanno Becker <[email protected]> commit 20bb2a019c70ba8a96b92e00860bc8985a4705ae Author: Hanno Becker <[email protected]> Date: Fri May 14 10:05:01 2021 +0100 Update library/ssl_tls13_server.c commit 78bddbf8f33ceeb8758b92797c6cb2f6340b24cf Author: Hanno Becker <[email protected]> Date: Fri May 14 10:04:40 2021 +0100 Update library/ssl_tls13_server.c commit 45c3417ac8f5d1bdd1222c19052b7b416c6b5bd4 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:54:06 2021 +0100 Remove uses of mbedtls_ssl_get_psk() `mbedtls_ssl_get_get_psk()` currently blurs two things: (a) access to the (potentially multiple) PSKs configured prior to the handshake (b) access to the _single_ PSK (potentially `NULL`) that has been negotiated for use during the current handshake. If we offer a PSK but don't use it, this leads to functionally wrong behavior in the current version of the prototype. The fact that we currently only allow to configure a single PSK to offer doesn't help the separation of (a) and (b). There doesn't seem to be a place for `mbedtls_ssl_get_psk()` in the TLS 1.3 prototype. Instead, we want to either iterate over the configured PSKs -- external or resumption/ticket or both, each potentially multiple times -- or we want to use _the_ specific PSK that the handshake is going to use. To better separate (a) and (b), this commit modifies the prototype to _always_ set `ssl->handshake->psk` to the PSK we're using for the current handshake, potentially `NULL`. Then, `mbedtls_ssl_tls1_3_key_schedule_stage_early_data()` can unconditionally use this PSK to initiate the key schedule. Further, while fo (a) we will ultimately need an iterator over the configured PSKs, for now this commit introduces a getter `mbedtls_ssl_get_psk_to_offer()` which checks if a PSK should be offered, and if so returns this PSK + its PSK identity. This can be used by the client when writing the ClientHello. Signed-off-by: Hanno Becker <[email protected]> commit f178632390ec3313f8772a8cffd1ed3f7d39d224 Merge: b1004e5352 8f71a23957 Author: Hanno Becker <[email protected]> Date: Fri May 14 09:51:35 2021 +0100 Merge pull request #262 from hanno-arm/fixup_261 Fixup #261 commit 8f71a239577887dc40f670c58bb13b3b44e4050b Author: Hanno Becker <[email protected]> Date: Fri May 14 09:43:05 2021 +0100 Fixup https://github.com/hannestschofenig/mbedtls/pull/261 Signed-off-by: Hanno Becker <[email protected]> commit b1004e535275464c14a84b306890a47aa15ef14b Merge: 8db2b19d0f 5d7fa778f4 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:54:58 2021 +0100 Merge pull request #259 from lhuang04/tls13_prototype_merge_from_2_25_0 Tls13 prototype merge from 2 25 0 commit 5d7fa778f4a103c75dd5cfe707b6372da3a58d80 Author: Hanno Becker <[email protected]> Date: Fri May 14 05:50:02 2021 +0100 Fixup: Merge in ssl_client2.c & ssl_server2.c Signed-off-by: Hanno Becker <[email protected]> commit 8db2b19d0fef088ca353a866498eb399bfb4fc21 Merge: f3f78d471b d4b52420d2 Author: Hanno Becker <[email protected]> Date: Fri May 14 04:37:44 2021 +0100 Merge pull request #261 from zhihan/tls13-protopyte-move-0rtt-config Rename mbedtls_ssl_conf_early_data() to mbedtls_ssl_set_early_data() commit d4b52420d264e84b7249eb16859a6e59aa5ac6b5 Author: Zhi Han <[email protected]> Date: Wed May 12 11:52:08 2021 -0400 Move report of early data status to reconnect commit d78681553790fdb3e31665b0f71367dc2198b24a Author: Zhi Han <[email protected]> Date: Wed May 12 11:38:02 2021 -0400 Move early_data from conf to context. commit 5cc8d8ddccd41a64fac803f9cf3b4cdf71d8f45b Merge: f3f78d471b 1c54b5410f Author: lhuang04 <[email protected]> Date: Sun May 9 08:03:57 2021 -0700 Merge branch 'mbedtls-2.25.0-branch' into tls13_prototype_merge_from_2_25_0 commit e5d72ef6bc9c36d33dbd8ce871bf9237169c1f44 Merge: 2ac26234c9 f3f78d471b Author: Zhi Han <[email protected]> Date: Fri May 7 09:56:31 2021 -0400 Merge branch 'tls13-prototype' of https://github.com/hannestschofenig/mbedtls into tls13-prototype-0RTT-fix-client-rejected commit f3f78d471b1bf3669ed84d77504e39c49147ca6d Merge: 79215a6a2d c797da9279 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:17 2021 +0100 Merge pull request #253 from zhihan/tls13-prototype-0RTT-cleanup [Review 0-RTT write] Reuse the _coordinate function to in postprocess function. commit c797da927932d52c96ae243e0def2aa753a5bb90 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:11:03 2021 +0100 Update library/ssl_tls13_keys.h commit af06a4a37cbd9de9674c66b6b5def00f1b384929 Author: Hanno Becker <[email protected]> Date: Fri May 7 07:10:13 2021 +0100 Update library/ssl_tls13_keys.h commit a1f734907da114e4b28f918e320361a6b0d4e6aa Author: Hanno Becker <[email protected]> Date: Fri May 7 07:07:23 2021 +0100 Update library/ssl_tls13_client.c commit 79215a6a2d4b48fa886f42ed691eb3e56ff16dce Merge: dad9ef834f 9d8225e916 Author: Hanno Becker <[email protected]> Date: Fri May 7 06:52:16 2021 +0100 Merge pull request #251 from hanno-arm/tls13_keys_pt5 Key schedule rework: Add documentation commit 2ac26234c9ea9356df18872a0f75418f8a38d80a Author: Zhi Han <[email protected]> Date: Wed May 5 11:16:40 2021 -0400 Do not write EndOfEarlyData if early_data is rejected by server. commit 929e51bfc8aa3aa0ab3b6cc677120773c68517cf Merge: de531140dc dad9ef834f Author: Zhi Han <[email protected]> Date: Tue May 4 12:18:08 2021 -0400 Merge branch 'tls13-prototype' into tls13-prototype-0RTT-cleanup commit de531140dcb57c1ff059e116fdb4baa164dc4276 Author: Zhi Han <[email protected]> Date: Tue May 4 11:47:01 2021 -0400 Revert changes to ssl_tls13_keys.h commit 05b068ea4cb6ded1e32148f28c4519284d4566ce Author: Zhi Han <[email protected]> Date: Tue May 4 11:44:25 2021 -0400 Add MBEDTLS_SSL_TLS13_COMPATIBILITY_MODE back commit 6cfe517d141c495889484aeea300e105cf7f41d4 Merge: 6ea4123527 9e4c78bd6f Author: Zhi Han <[email protected]> Date: Tue May 4 11:41:47 2021 -0400 Merge branch 'tls13-prototype-0RTT-cleanup' of https://github.com/zhihan/mbedtls into tls13-prototype-0RTT-cleanup commit dad9ef834f0763899ad689905fa9b7560e424aa6 Merge: 944b99795b bc3ca0d1c7 Author: Hanno Becker <[email protected]> Date: Tue May 4 16:36:20 2021 +0100 Merge pull request #252 from zhihan/patch-3 Update ssl_tls13_keys.h to fix compiler warning. commit bc3ca0d1c78a8b62427eee45b6b9432a77a68ae3 Author: Zhi Han <[email protected]> Date: Tue May 4 11:34:52 2021 -0400 Add back application_secret commit 9e4c78bd6fdd3dc5fd19a3db31c9f83e08567360 Author: Zhi Han <[email protected]> Date: Tue May 4 11:25:18 2021 -0400 Reuse the _coordinate function to in postprocess. commit 6ea4123527963686c15f1e34ced8ea28c57429f5 Author: Zhi Han <[email protected]> Date: Tue May 4 11:01:46 2021 -0400 Update ssl_tls13_keys.h to fix compiler warning. In file included from /Users/zhih/github/mbedtls/library/ssl_tls13_client.c:40: /Users/zhih/github/mbedtls/library/ssl_tls13_keys.h:325:11: error: parameter 'master_secret' not found in the function declaration [-Werror,-Wdocumentation] * \param master_secret The master secret from which the resumption master ^~~~~~~~~~~~~ 1 error generated. commit 9d8225e916dddbff8a5b0feccec7dbe862cf6a24 Author: Hanno Becker <[email protected]> Date: Tue May 4 10:03:30 2021 +0100 Share buffers for 0-RTT, handshake and application master secrets Signed-off-by: Hanno Becker <[email protected]> commit f32e3b30f5c1edbb7356ebb9755b3976c64a5fee Author: Hanno Becker <[email protected]> Date: Tue May 4 09:55:56 2021 +0100 Document all TLS 1.3 key schedule functions Signed-off-by: Hanno Becker <[email protected]> commit 944b99795b8b7a2185993f96d335480e9bc252c8 Merge: 740d829337 0dbddcffaf Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:57 2021 +0100 Merge pull request #248 from lhuang04/tls13_prototype_debug_level_5_to_4 Change debug level from 5 to 4 commit 0dbddcffaf028bcd548e12e70d53a36fa9880a57 Merge: 70cfe4bf11 740d829337 Author: Hanno Becker <[email protected]> Date: Tue May 4 07:52:42 2021 +0100 Merge branch 'tls13-prototype' into tls13_prototype_debug_level_5_to_4 commit 740d8293374c6f5443aa951be2ac88d12cf206e1 Merge: 5c51532213 82ca5bce5a Author: Hanno Becker <[email protected]> Date: Tue May 4 07:51:12 2021 +0100 Merge pull request #237 from lhuang04/tls13_prototype_issue_189_Review_EE_Parsing_Client Review fix for client side EncryptedExtensions parsing commit 5c5153221387d9fa571d12fce10c947270742165 Merge: 1471e12437 2f66cecb0e Author: Hanno Becker <[email protected]> Date: Tue May 4 07:50:08 2021 +0100 Merge pull request #247 from zhihan/patch-1 Fix compiler warning for mps.c commit 1471e124378840bd89a848f261e4ec8e824b0c61 Merge: c21b8df7c3 a7553c2d1f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:44:21 2021 +0100 Merge pull request #245 from hanno-arm/tls13_keys_pt4 TLS 1.3 Key schedule, pt4: Share code between PSK binder and Finished calculation commit a7553c2d1fa247e6ad1177f8d202c0870b96110f Author: Hanno Becker <[email protected]> Date: Tue May 4 07:37:40 2021 +0100 Fix PSK binder calculation The PSK binder calculation routine does no longer overwrite the handshake early secret but uses a local buffer. Signed-off-by: Hanno Becker <[email protected]> commit 81ebea8fdde7472ca99e69a6123caae38d7c1ced Author: Hanno Becker <[email protected]> Date: Sun May 2 06:35:43 2021 +0100 Add documentation for mbedtls_ssl_tls1_3_derive_xxx_secrets() Signed-off-by: Hanno Becker <[email protected]> commit 6cd79d8093828db3cff78855a9022d06d4142d7f Author: Hanno Becker <[email protected]> Date: Sun May 2 06:01:32 2021 +0100 Streamline signature of PSK binder calculation helper Buffer sizes are always given by the size of the hash provided to the function. Signed-off-by: Hanno Becker <[email protected]> commit 2f70231d95f49d2f47bdf6c2f94c7f7401c585c5 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:53:18 2021 +0100 Share cryptographic core of PSK binder and Finished calculation Signed-off-by: Hanno Becker <[email protected]> commit c21b8df7c36bd3dccb0830cd45a3353093e2089f Merge: 8036e15f17 528f7df3dc Author: Hanno Becker <[email protected]> Date: Tue May 4 06:52:00 2021 +0100 Merge pull request #246 from lhuang04/tls13_prototype_ssl_opt_sh_resumption_with_openssl Tls13 prototype ssl opt sh resumption with openssl commit 70cfe4bf1144568b3c959386ac6f677af6f2e597 Author: lhuang04 <[email protected]> Date: Mon May 3 08:58:55 2021 -0700 Change debug level from 5 to 4 Summary: Update the debug level for the following calls: * MBEDTLS_SSL_DEBUG_BUF * MBEDTLS_SSL_DEBUG_MSG Test Plan: `ssl-opt.sh` Reviewers: Subscribers: Tasks: Tags: commit 2f66cecb0ed78a659760bc7a5566f14f48c461db Author: Zhi Han <[email protected]> Date: Mon May 3 11:35:31 2021 -0400 Fix compiler warning for mps.c /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: error: unannotated fall-through between switch labels [-Werror,-Wimplicit-fallthrough] default: ^ /Users/zhih/github/mbedtls/library/mps/mps.c:2259:13: note: insert 'break;' to avoid fall-through default: ^ break; 1 error generated. commit 82ca5bce5a1e3ed66d1559f53513f4aad43fde46 Author: lhuang04 <[email protected]> Date: Sun May 2 06:08:34 2021 -0700 cast before calculate number from buffer Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 8036e15f17fe1991b2c0e7ff84fc4db127624ac8 Merge: e85f1dfa90 da2b07e5bb Author: Hanno Becker <[email protected]> Date: Sun May 2 05:33:10 2021 +0100 Merge pull request #239 from hanno-arm/tls13_key_pt3 Key schedule rework, pt3: API structure commit e85f1dfa90343361c251372776e838ac130c9f3c Merge: 858b98e9f1 524c925dc1 Author: Hanno Becker <[email protected]> Date: Sun May 2 05:20:55 2021 +0100 Merge pull request #240 from zhihan/patch-2 Review cleanup for writing early_data extension commit 528f7df3dc665ca94d94678432c2017c24ac55c2 Author: lhuang04 <[email protected]> Date: Sat May 1 06:28:39 2021 -0700 Add require filter for OpenSSL TLS 1.3 Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit a6de330b4ce6294fbea3df8202bfbe6005d7cf10 Author: lhuang04 <[email protected]> Date: Fri Apr 30 08:23:17 2021 -0700 Add resumption test with OpenSSL to ssl-opt.sh Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 4504ac9525450bd187019b975d513cab985c788a Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:55:29 2021 -0700 break ret from parser Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit e14038925ddca9fc7fb7539b300fa2897c29ba80 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:30:04 2021 -0700 debug msgs and comments Summary: Test Plan: Reviewers: Subscribers: Tasks: Tags: commit 9ec22a288acca7fe91f8ad4c45e86fd78ad017f4 Author: lhuang04 <[email protected]> Date: Wed Apr 28 06:24:44 2021 -0700 change unsigned char* buf to const …
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current TLS 1.3 prototype is incompatible with most SSL options. We need to go through them one-by-one and understand what needs to be done to re-introduce them.
The text was updated successfully, but these errors were encountered: