mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-02-06 03:40:04 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,704 Commits 170 Branches 263 Tags
Commit Graph

30704 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ronald Cron
e739892cf8 ssl-opt.sh: Rework m->m resumption tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:21:35 +01:00
Ronald Cron
3cf41457ee ssl-opt.sh: Move m->m resumption tests 
Move m->m resumption tests just
before resumption and early data tests
against GnuTLS and OpenSSL.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 09:41:03 +01:00
Ronald Cron
820199a2ef ssl-opt.sh: Rework O->m placeholder test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
1ccd7a72c8 ssp-opt.sh: Expand G->m resumption and early data tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
854df135ab ssl-opt.sh: Group TLS 1.3 resumption and early data G->m tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
00fa13bf78 ssl-opt.sh: Rework m->O resumption and early data tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
47d4a52483 ssl-opt.sh: Remove m->O early data test based on external PSK 
Eventually we do not support early data with
external PSK thus no point to do a positive
test on that basis.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
05210086c0 ssl-opt.sh: Expand m->G resumption and early data tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
c893779bb5 ssl-opt.sh: Remove redundant early data test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
c8d604d0a1 ssl-opt.sh: Group TLS 1.3 resumption and early data m->G tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
f1ad73f6ca ssl-opt.sh: Group TLS 1.3 resumption and early data compat tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:05 +01:00
Ronald Cron
74191a56e8 ssl_server2: Split early data enablement from max_early_data_size setting 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:00:42 +01:00
David Horstmann
24c269fd4a Rewrite section on PSA copy functions 
The finally implemented functions were significantly different from the
initial design idea, so update the document accordingly.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-14 18:03:35 +00:00
Ryan Everett
e1b50f38e4 Document unsupported concurrency scenario in psa_exercise_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 17:51:09 +00:00
Ryan Everett
6de38ac91c Add missing PSA_ASSERT in mbedtls_test_psa_raw_key_agreement_with_self 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 17:50:39 +00:00
Ryan Everett
3de040f62d Use TEST_FAIL in threaded tests 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 17:50:06 +00:00
Ryan Everett
6c488709d6 Fix typo in thread_import_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 17:49:44 +00:00
David Horstmann
abbf2c4835
Merge pull request #1191 from davidhorstmann-arm/psa-shared-memory-changelog 
Add ChangeLog for PSA buffer sharing fix
 2024-03-14 16:18:23 +00:00
David Horstmann
ea08045275
Merge pull request #1199 from davidhorstmann-arm/invert-buffer-protection-option 
Invert and rename buffer protection config option
 2024-03-14 16:17:18 +00:00
Gilles Peskine
7b333f1e88
Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime 
TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime
 2024-03-14 15:59:25 +00:00
Gilles Peskine
1c5ebf4352
Merge pull request #8697 from BensonLiou/random_bye_on_hrr 
Do not generate new random number while receiving HRR
 2024-03-14 15:59:21 +00:00
Paul Elliott
50da462fc8
Merge pull request #8829 from paul-elliott-arm/add_framework_meta_tests 
Add metatests for failing TEST_EQUAL and TEST_LE_*
 2024-03-14 15:55:14 +00:00
Ryan Everett
f6f973c235 Document security weakness in concurrent execution of psa_destroy_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 15:54:07 +00:00
Manuel Pégourié-Gonnard
e7c08af465
Merge pull request #8575 from lpy4105/issue/wrong-suite-name-in-check_test_cases_py 
Fix wrong suite name in check_test_cases.py
 2024-03-14 15:31:27 +00:00
Ryan Everett
d4d6a7a20d Rework and update psa-thread-safety.md 
I have restructured this file, and updated it to reflect changes in design/designs now being implemented.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 15:22:06 +00:00
David Horstmann
6f8c95ba1d Preserve alphabetical sorting of config options 
In the list that is excluded from the full config.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-14 14:52:45 +00:00
David Horstmann
5a71e76e65 Remove MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS from full 
This option removes a feature (buffer protection) so should not be
in the full config.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-14 14:47:48 +00:00
David Horstmann
0a8abdea8b Update wrapper generation script and regenerate 
Update the guards generated by the wrapper generation script to use
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS and regenerate the PSA test
wrappers.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-14 14:47:48 +00:00
David Horstmann
4a48becdba Invert and rename config option 
Replace MBEDTLS_PSA_COPY_CALLER_BUFFERS with inverse:
!MBEDTLS_PSA_ASSUME_EXCLUSIVE_BUFFERS. This ensures that buffer
protection is enabled by default without any change to the Mbed TLS
config file.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-14 14:47:48 +00:00
Gilles Peskine
93b305dc8e
tls13: Use a flag not a counter for CCS and HRR handling 
Reconcile with 5fbd27055d15c8ac234a229389ff4e31977487a0 on another branch

Signed-off-by: Gilles Peskine <gilles.peskine@arm.com>
 2024-03-14 15:05:09 +01:00
Ryan Everett
c9515600fd Fix state transition diagram 
This now represents the implemented model

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 13:22:05 +00:00
Gilles Peskine
91f7e07c63
Merge pull request #1196 from davidhorstmann-arm/buffer-sharing-merge 
Update development-restricted after buffer-sharing work
 2024-03-14 13:28:35 +01:00
Janos Follath
8564f78c89
Merge pull request #1201 from yanesca/add-cve-ids-to-changelog 
Add CVE IDs to Changelog
 2024-03-14 11:41:30 +00:00
Manuel Pégourié-Gonnard
93071cfeec
Merge pull request #8920 from valeriosetti/issue8919 
Generalize some PK functions from MBEDTLS_PSA_CRYPTO_C to MBEDTLS_PSA_CRYPTO_CLIENT
 2024-03-14 11:32:23 +00:00
BensonLiou
7b8b696790 Add change log 
Signed-off-by: BensonLiou <momo1208@gmail.com>
 2024-03-14 18:11:09 +08:00
Janos Follath
9edd7fd002 Add CVE IDs to Changelog 
Signed-off-by: Janos Follath <janos.follath@arm.com>
 2024-03-14 09:38:03 +00:00
BensonLiou
719c2ed9cb Bugfix 
* In TLS 1.3 clients, fix an interoperability problem due to the client
     generating a new random after a HelloRetryRequest. Fixes #8669.

Signed-off-by: BensonLiou <momo1208@gmail.com>
 2024-03-14 11:47:38 +08:00
BensonLiou
3720809d19
Merge branch 'development' into random_bye_on_hrr 
Signed-off-by: BensonLiou <momo1208@gmail.com>
 2024-03-14 11:44:21 +08:00
BensonLiou
368debd384 Merge branch 'development' of https://github.com/Mbed-TLS/mbedtls into random_bye_on_hrr 2024-03-14 11:42:25 +08:00
Gilles Peskine
5c77ad0f4f
Merge pull request #8926 from gilles-peskine-arm/lcov-cannot-write-investigation 
Work around a bug in ancient lcov
 2024-03-13 17:52:15 +00:00
Waleed Elmelegy
b28ab0a45a Fix code style in ssl_tls.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
daa4da781a Increase ALPN length in saved session to 2 bytes 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
5bc5263b2c Add code improvments and refactoring in dealing with ALPN 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
7dfba34475 Fix possible overflow in ALPN length when saving session 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
75e33fa12e Fix code style in ssl_tls.c 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
fe9ae085e3 Update serialized session description with ALPN information 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
1102563685 Add ALPN bit flag to session header 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
883f77cb08 Add mbedtls_ssl_session_set_alpn() function 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Waleed Elmelegy
2824a209bc Add ALPN information in session tickets 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-13 16:50:01 +00:00
Gilles Peskine
539d7d54af Work around a bug in ancient lcov 
lcov had a bug whereby it tries to create the output file relative to /
if it has emitted a warning. We do CI runs on Ubuntu 16.04 which is too
old to have the fix. As a quick fix for the CI, work around the bug.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-13 17:19:17 +01:00