Ensure that session save and load functions are not scattered
throughout ssl_tls.c but are in the same part of the file.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Add config bits for server name indication, early data and record size
limit, which all cause the serialized session to be structured
differently.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
This config option decides whether the session stores the entire
certificate or just a digest of it, but was missing from the
serialization config bitflag.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
When reseting an SSL context with
mbedtls_ssl_session_reset() reset
the TLS maximum negotiable version
as configured.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
The main purpose of the change is to
know from the status, at any point in
the handshake, if early data can be
sent or not and why.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Add discard_early_data_record in SSL context for
the record layer to know if it has to discard
some potential early data record and how.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Due to the scope reduction for
mbedtls_ssl_read_early_data(), on
server as early data state variable
we now only need a flag in the
handshake context indicating if
the server has accepted early data
or not.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
This reverts commit 0883b8b625a5531f2fc8a61b6b0417f00f76f91e.
Due to the scope reduction of mbedtls_ssl_read_early_data()
it is not necessary anymore to refine the usage
of early_data_status/state rather the opposite.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Introduce early_data_state SSL context field to
distinguish better this internal state from
the status values defined for the
mbedtls_ssl_get_early_data_status() API.
Distinguish also between the client and
server states. Note that the client state
are going to be documented and reworked
as part of the implementation of
mbedtls_ssl_write_early_data().
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Move the save/load of session endpoint and
ciphersuite that are common to TLS 1.2 and
TLS 1.3 serialized data from the
specialized ssl_{tls12,tls13}_session_{save,load}
functions to ssl__session_{save,load}.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Revert back checking on handshake messages length due to
limitation on our fragmentation support of handshake
messages.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
MbedTLS currently does not support maximum fragment length
during handshake so we skip it for now.
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
