mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-21 15:41:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,104 Commits 173 Branches 263 Tags
Commit Graph

30104 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ronald Cron
00fa13bf78 ssl-opt.sh: Rework m->O resumption and early data tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
47d4a52483 ssl-opt.sh: Remove m->O early data test based on external PSK 
Eventually we do not support early data with
external PSK thus no point to do a positive
test on that basis.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
05210086c0 ssl-opt.sh: Expand m->G resumption and early data tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
c893779bb5 ssl-opt.sh: Remove redundant early data test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
c8d604d0a1 ssl-opt.sh: Group TLS 1.3 resumption and early data m->G tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
f1ad73f6ca ssl-opt.sh: Group TLS 1.3 resumption and early data compat tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:05 +01:00
Ronald Cron
74191a56e8 ssl_server2: Split early data enablement from max_early_data_size setting 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:00:42 +01:00
Gilles Peskine
7b333f1e88
Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime 
TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime
 2024-03-14 15:59:25 +00:00
Gilles Peskine
1c5ebf4352
Merge pull request #8697 from BensonLiou/random_bye_on_hrr 
Do not generate new random number while receiving HRR
 2024-03-14 15:59:21 +00:00
Paul Elliott
50da462fc8
Merge pull request #8829 from paul-elliott-arm/add_framework_meta_tests 
Add metatests for failing TEST_EQUAL and TEST_LE_*
 2024-03-14 15:55:14 +00:00
Manuel Pégourié-Gonnard
e7c08af465
Merge pull request #8575 from lpy4105/issue/wrong-suite-name-in-check_test_cases_py 
Fix wrong suite name in check_test_cases.py
 2024-03-14 15:31:27 +00:00
Gilles Peskine
93b305dc8e
tls13: Use a flag not a counter for CCS and HRR handling 
Reconcile with 5fbd27055d15c8ac234a229389ff4e31977487a0 on another branch

Signed-off-by: Gilles Peskine <gilles.peskine@arm.com>
 2024-03-14 15:05:09 +01:00
Manuel Pégourié-Gonnard
93071cfeec
Merge pull request #8920 from valeriosetti/issue8919 
Generalize some PK functions from MBEDTLS_PSA_CRYPTO_C to MBEDTLS_PSA_CRYPTO_CLIENT
 2024-03-14 11:32:23 +00:00
BensonLiou
7b8b696790 Add change log 
Signed-off-by: BensonLiou <momo1208@gmail.com>
 2024-03-14 18:11:09 +08:00
BensonLiou
719c2ed9cb Bugfix 
* In TLS 1.3 clients, fix an interoperability problem due to the client
     generating a new random after a HelloRetryRequest. Fixes #8669.

Signed-off-by: BensonLiou <momo1208@gmail.com>
 2024-03-14 11:47:38 +08:00
BensonLiou
3720809d19
Merge branch 'development' into random_bye_on_hrr 
Signed-off-by: BensonLiou <momo1208@gmail.com>
 2024-03-14 11:44:21 +08:00
BensonLiou
368debd384 Merge branch 'development' of https://github.com/Mbed-TLS/mbedtls into random_bye_on_hrr 2024-03-14 11:42:25 +08:00
Gilles Peskine
5c77ad0f4f
Merge pull request #8926 from gilles-peskine-arm/lcov-cannot-write-investigation 
Work around a bug in ancient lcov
 2024-03-13 17:52:15 +00:00
Gilles Peskine
539d7d54af Work around a bug in ancient lcov 
lcov had a bug whereby it tries to create the output file relative to /
if it has emitted a warning. We do CI runs on Ubuntu 16.04 which is too
old to have the fix. As a quick fix for the CI, work around the bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-13 17:19:17 +01:00
Dave Rodgman
775c7768ee
Merge pull request #8877 from gilles-peskine-arm/split-minimal-3.6 
Create a minimal framework submodule
 2024-03-13 14:30:09 +00:00
BensonLiou
bedd2519e6 fix code style 
Signed-off-by: BensonLiou <momo1208@gmail.com>
 2024-03-13 20:31:24 +08:00
Gilles Peskine
93b282232f missing word 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-13 13:08:57 +01:00
Ronald Cron
40043d03a5
Merge pull request #8884 from ronald-cron-arm/improve-early-data-status 
TLS 1.3: CLI: Split early data user status and internal state
 2024-03-13 11:59:49 +00:00
Dave Rodgman
e95bf79754
Merge pull request #8922 from daverodgman/gcc-o3 
Fix gcc -O3 warnings
 2024-03-13 11:47:14 +00:00
Manuel Pégourié-Gonnard
fb84c7681c
Merge pull request #8889 from gilles-peskine-arm/pk-psa-bridge-3.6-doc 
Document PK-PSA bridge functions
 2024-03-13 10:55:36 +00:00
Dave Rodgman
60c2f47f98
Merge pull request #8888 from minosgalanakis/features/add_ssl_session_accessor_8529 
[MBEDTLS_PRIVATE] Add accessor for session and ciphersuite_id
 2024-03-13 10:02:15 +00:00
Dave Rodgman
386c39f2d5 Check gcc version 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-13 09:55:33 +00:00
Paul Elliott
4de4cc4a29
Merge pull request #8891 from Ryan-Everett-arm/document-SE_C-not-threadsafe 
Officially document non thread-safety of MBEDTLS_PSA_CRYPTO_SE_C
 2024-03-13 09:42:49 +00:00
Valerio Setti
864a50b7c8 pk: uniformly guard set/get enrollment algorithm calls with CRYPTO_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-13 09:52:36 +01:00
Valerio Setti
13beaa2e60 psa_crypto_stubs: extend stub functions for the CRYPTO_CLIENT tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-13 09:52:36 +01:00
Valerio Setti
63097759f8 all.sh: modify/add test components for CRYPTO_CLIENT 
The already existing component_test_psa_crypto_client() is renamed
as component_test_default_psa_crypto_client_without_crypto_provider()
while component_build_full_psa_crypto_client_without_crypto_provider()
was added.

- Both of them check that the missing symbols at link time (if any)
  belong to the psa_xxx() family.
- The former builds with default config + CRYPTO_CLIENT - CRYPTO_C and
  then runs test suites.
- The latter only perform the builds using the full config and then
  it checks that PK-PSA bridge functions are present.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-13 09:52:36 +01:00
Valerio Setti
c4c1d3af34 pk: use CRYPTO_CLIENT as guard for PK-PSA bridge functions instead of CRYPTO_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-13 09:52:36 +01:00
Gilles Peskine
e29b4b42b7 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-13 09:33:03 +01:00
Manuel Pégourié-Gonnard
3b20bda352
Merge pull request #8899 from gilles-peskine-arm/pk_copy_public_from_psa 
New function mbedtls_pk_copy_public_from_psa
 2024-03-13 06:56:17 +00:00
Gilles Peskine
68f46414cb
Merge pull request #8894 from daverodgman/quietbuild2 
Follow-up non-verbose logs
 2024-03-13 00:50:42 +00:00
Ronald Cron
840de7ff2f tls13: cli: Rename STATUS_NOT_SENT to STATUS_NOT_INDICATED 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
fd4c0c8b3d tls13: cli: Fix comment 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
aa3593141b tls13: cli: Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz 
Move definition of MBEDTLS_SSL_EARLY_DATA_STATE_xyz
from ssl.h(public) to ssl_misc.h(private) even if
that means we cannot use the enum type for
early_data_state in ssl.h.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
894df384f4 tls13: cli: Re-order early data states 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
3641df2980 tls13: cli: Rename STATE_SENT to STATE_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
3c5a68339b tls13: cli: Rename STATE_NOT_SENT to STATE_NO_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
0c80dc1ed5 tls13: cli: Rename STATUS_NOT_SENT to STATUS_NO_IND_SENT 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
05d7cfbd9c tls13: cli: Rename STATE_UNKNOWN to STATE_IDLE 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:18 +01:00
Ronald Cron
d2884662c1 tls13: cli: Split early data user status and internal state 
Do not use the return values of
mbedtls_ssl_get_early_data_status()
(MBEDTLS_SSL_EARLY_DATA_STATUS_ macros)
for the state of the negotiation and
transfer of early data during the
handshake.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-12 17:48:15 +01:00
Dave Rodgman
4faa34dc86 Fix gcc -O3 warnings 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-12 16:34:43 +00:00
Gilles Peskine
d6a710a397 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
0dc79a754d Fix and test pk_copy_from_psa with an unsupported algorithm 
Fix mbedtls_pk_copy_from_psa() and mbedtls_pk_copy_public_from_psa() to
still work when the algorithm in the key policy is not an RSA
algorithm (typically PSA_ALG_NONE). Add a dedicated test case and adjust the
test code. Fixes the test case "Copy from PSA: non-exportable -> public, RSA"
when MBEDTLS_PKCS1_V15 is disabled.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
17d5b6bda2 Test mbedtls_pk_copy_public_from_psa on non-exportable keys 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:47 +01:00
Gilles Peskine
bf69f2e682 New function mbedtls_pk_copy_public_from_psa 
Document and implement mbedtls_pk_copy_public_from_psa() to export the
public key of a PSA key into PK.

Unit-test it alongside mbedtls_pk_copy_from_psa().

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-12 15:06:45 +01:00
Manuel Pégourié-Gonnard
d7e7f48323
Merge pull request #8774 from valeriosetti/issue8709 
Implement mbedtls_pk_copy_from_psa
 2024-03-12 13:45:27 +00:00