search

Mbed-TLS / mbedtls

An open source, portable, easy to use, readable and flexible TLS library, and reference implementation of the PSA Cryptography API. Releases are on a varying cadence, typically around 3 - 6 months between releases.
https://www.trustedfirmware.org/projects/mbed-tls/
Other
5.22k stars 2.56k forks source link

Allow ChaChaPoly for TLS session tickets #1917

Open gilles-peskine-arm opened 6 years ago

gilles-peskine-arm commented 6 years ago

Type: Enhancement
Priority: Minor

From code inspection (context: https://github.com/ARMmbed/mbedtls/pull/1915), we only allow GCM and CCM modes to wrap SSL session tickets. (mbedtls_ssl_ticket_setup checks that cipher_info->mode is MBEDTLS_MODE_CCM or MBEDTLS_MODE_GCM.) We should allow any AEAD mode, including ChaChaPoly.

More generally, instead of having to enumerate the authenticated modes all the time, the cipher module should expose a function mbedtls_cipher_mode_is_authenticated.

ciarmcom commented 6 years ago

ARM Internal Ref: IOTSSL-2465