mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-15 15:39:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,665 Commits 170 Branches 263 Tags
Commit Graph

30665 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ronald Cron
0e711e1ac0 Add RSA key certificates 
Add RSA key certificates using SHA256
instead of SHA1 for the signature
algorithm. Those are needed for some
TLS 1.3 compatibility tests with OpenSSL 3
to avoid having to enable in OpenSSL 3
the support for the deprecated SHA-1 based
signature algorithms.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-12 13:37:22 +02:00
Gilles Peskine
974006b00d
Merge pull request #9000 from tom-cosgrove-arm/fix-compilation-when-memcpy-is-function-like-macro-3.6 
Backport 3.6: Fix compilation when memcpy() is a function-like macro
 2024-04-09 11:34:51 +00:00
Gilles Peskine
79d25877ff
Merge pull request #9009 from mpg/fix-wrong-dep-test-case-3.6 
[Backport 3.6]   Fix wrong dependencies in test cases + follow-up
 2024-04-09 11:34:10 +00:00
Manuel Pégourié-Gonnard
f05f7066a1
Merge pull request #9014 from ronald-cron-arm/nofa_no_session_tickets-3.6 
[Backport 3.6] Guard ticket specific TLS 1.3 function with macro
 2024-04-08 08:56:28 +00:00
Ronald Cron
05c1ba22f0 Add change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
8d63084bd1 tls13: Do not initiate at all resumption if tickets not supported 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
fccfa69de8 tls13: Fix doc of mbedtls_ssl_session_set() - 2 
Fix documentation of mbedtls_ssl_session_set()
regarding its dependency on MBEDTLS_SSL_SESSION_TICKETS
in TLS 1.3 case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
7fb4343ee9 tls13: Fix doc of mbedtls_ssl_session_set() - 1 
It was eventually decided to not support multiple
tickets in TLS 1.3 ClientHello messages thus
removing the parts in mbedtls_ssl_session_set()
documentation that were anticipating that.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
e221f67f15 tls13: Fix doc of mbedtls_ssl_session_get() - 2 
Fix documentation of mbedtls_ssl_session_get()
regarding its interaction with session
ticket enablement.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
de4183f580 tls13: Fix doc of mbedtls_ssl_session_get() - 1 
The API has eventually not been changed to
return multiple tickets through multiple
subsequent call to it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
48e29a1271 tls: Fix doc of mbedtls_ssl_session_save() 
Fix documentation of mbedtls_ssl_session_save()
regarding its dependency on MBEDTLS_SSL_SESSION_TICKETS
in TLS 1.3 session case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
698c8e902e ssl_msg.c: Rename _check_new_session_ticket to _is_new_session_ticket 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
6a8e4eb8d1 all.sh: Use full instead of default as the base for the new component 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
f02af2d1c5 tests: ssl: Fix dependencies of SRV TLS 1.3 session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
54a9b11bb5 ssl-opt.sh: Add tests where tickets are ignored 
Add tests where we explicitely check that
tickets are ignored on client side when
the support is not enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
6071f611f6 tls13: cli: Ignore tickets if not supported 
If a TLS 1.3 client receives a ticket and
the feature is not enabled, ignore it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Norbert Fabritius
c93fc86517 ssl-opt.sh: Add missing MBEDTLS_SSL_SESSION_TICKETS dependencies 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Norbert Fabritius
06d9934b85 all.sh: Add component testing default minus session tickets 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
094f55333d tests: ssl: Fix dependencies of TLS 1.3 session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:32 +02:00
Ronald Cron
346b81877d tests: ssl: Add hostname checks in session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:31 +02:00
Ronald Cron
1fb585492d tests: ssl: Remove redundant test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:31 +02:00
Ronald Cron
819636994e tests: ssl: Fix session field guards 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:31 +02:00
Norbert Fabritius
93b2c32ece Constify parameter of ssl_tls13_session_load 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-04-05 14:16:31 +02:00
Norbert Fabritius
ba1de9fa4e Enable ssl_tls13_get_ciphersuite_hash_alg only if macro is active 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-04-05 14:16:31 +02:00
Norbert Fabritius
b6ff6101d9 Unconditionally define session variable 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-04-05 14:16:31 +02:00
Ronald Cron
5e297b984d tls13: srv: Fix guards of _is_psk_(ephemeral_)available 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-05 14:16:31 +02:00
Norbert Fabritius
da0d169fae Guard ticket specific TLS 1.3 function with macro 
Guard ssl_tls13_write_new_session_ticket_coordinate with
MBEDTLS_SSL_SESSION_TICKETS macro.

Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-04-05 14:16:31 +02:00
Bence Szépkúti
4ee6ddca86
Merge pull request #9004 from valeriosetti/issue8903-backport 
[Backport 3.6] Test gap: mbedtls_pk_check_pair with MBEDTLS_PK_OPAQUE
 2024-04-04 13:44:31 +00:00
Bence Szépkúti
ec17c1c1ab
Merge pull request #9005 from valeriosetti/issue8712-backport 
[Backport 3.6] Clarify the documentation of mbedtls_pk_setup_opaque
 2024-04-04 13:41:15 +00:00
Manuel Pégourié-Gonnard
87747c7a82 Fix closing comment to match opening guard 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-04 12:57:07 +02:00
Manuel Pégourié-Gonnard
5aa6a64b17 Fix style of preprocessor expression 
We use logical '&&' everywhere, let's be consistent.

(Unless I'm mistaken, binary '&' happens to give the same results for
booleans so this wasn't an actual bug, just style/readability issue.)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-04 12:57:06 +02:00
Pengyu Lv
3bb89dc935 Fix failures in psa_cryto_driver_wrappers suite 
- "in-driver" test should depend on the present
  of a driver.
- add new counter in key manangement driver test
  hook which counts the calls of generate_key.
- We only care about the hits when processing
  `psa_generate_key`.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:06 +02:00
Pengyu Lv
a44cab020e Add missing dependency of fallback test in driver wrappers suite 
To pass a fallback test, we need a dependency on built-in
implementation.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:06 +02:00
Pengyu Lv
b13c218b10 Add missing definition of AT_LEAST_ONE_BUILTIN_KDF 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:05 +02:00
Pengyu Lv
64b6e4dece Fix wrong dependency in psa_crypto_driver_wrappers suite 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:04 +02:00
Pengyu Lv
a9d3eaf4bb Fix wrong dependency in psa_crypto_pake suite 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:04 +02:00
Pengyu Lv
f3abbfe735 Fix typo in ssl test suite 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:04 +02:00
Pengyu Lv
0dfb5bbb31 Correct dependancy on MBEDTLS_X509_INFO for x509parse 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2024-04-04 12:57:04 +02:00
Tom Cosgrove
387aafff5b
Merge pull request #9007 from mpg/checkbox-3.6 
Add 3.6 backport checkbox to the PR template
 2024-04-04 10:33:22 +00:00
Manuel Pégourié-Gonnard
b76573c662 We now have two LTS branches to backport to. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2024-04-04 10:44:18 +02:00
Valerio Setti
fd0e2f3beb pk: fix documentation of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-04 09:42:01 +02:00
Valerio Setti
b2470d9bbf pk: fix typos in description of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-04 09:42:01 +02:00
Valerio Setti
320180f043 pk: add check_pair info to mbedtls_pk_setup_opaque() documentation 
This also updates use-psa-crypto.md accordingly.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-04 09:42:01 +02:00
Valerio Setti
b2840b0aac test_suite_pk: add failing check for sign_ext() in pk_psa_wrap_sign_ext() 
If the wrapped key has a PKCS1 v1.5 signature algorithm, then try
to call sign_ext() to perform PSA RSS. Of course this will fail
because it's not supported by the wrapped key.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-04 09:42:01 +02:00
Valerio Setti
a53f54350e pk: simplify mbedtls_pk_sign_ext() 
In case of opaque keys skip the check of the supported primary/enrollment
algorithms. Just try to perfom the signature and if the wrapped key
does not support RSA PSS the operation will fail automatically.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-04 09:42:01 +02:00
Valerio Setti
c26646c211 pk: fix description of mbedtls_pk_setup_opaque for sign_ext() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-04 09:42:01 +02:00
Valerio Setti
c51b08ca1d pk: fix indentation in description of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-04 09:42:01 +02:00
Valerio Setti
013fa95222 pk: fix description of mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-04 09:42:01 +02:00
Valerio Setti
872b8c4678 pk: update documentation of mbedtls_pk_setup_opaque() based on #8951 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-04 09:42:01 +02:00
Valerio Setti
3c5ea11284 pk: fix documentation for mbedtls_pk_setup_opaque() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-04-04 09:42:01 +02:00