mirror/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-01-31 00:32:50 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
30,628 Commits 170 Branches 263 Tags
Commit Graph

30628 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ronald Cron
a9bdc8fbb8 Improve tls13-support.md 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 15:52:04 +01:00
Ronald Cron
3996ebc037 Fix documentation about anti-replay defenses 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 15:49:11 +01:00
Ronald Cron
582865fbfb Improve the change log 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 15:49:05 +01:00
Manuel Pégourié-Gonnard
62ac993d89
Merge pull request #8918 from ronald-cron-arm/improve-tls-srv-version-nego-testing 
TLS: Improve server version negotiation testing
 2024-03-15 14:29:56 +00:00
Ronald Cron
933aec86fd Remove experimental warnings related to early data 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 14:52:10 +01:00
Paul Elliott
78279962d6 Fix minor style issues 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2024-03-15 13:34:01 +00:00
Bence Szépkúti
567591eec7
Merge pull request #8923 from bensze01/drop-old-compilers 
Drop Support for MSVC 2013, 2015 and Arm Compiler 5
 2024-03-15 12:56:21 +00:00
Gilles Peskine
a69572b437 pk_import_into_psa: test persistent keys 
Test the behavior of mbedtls_pk_get_psa_attributes() and
mbedtls_pk_import_into_psa() with respect to lifetime. In particular, test
that they work with persistent keys as documented.

Test cases generated by the following script:
```
for old in [('transparent', '0:0:1'),
            ('opaque volatile [export]', '1:0:1'),
            ('opaque volatile [copy]', '1:0:0'),
            ('opaque persistent [export]', '1:1:1'),
            ('opaque persistent [copy]', '1:1:0')]:
    for to_public in [('pair', '0'),
                      ('public', '1')]:
        for to_persistent in [('volatile', '0'),
                              ('persistent', '1')]:
            depends = ('\ndepends_on:MBEDTLS_USE_PSA_CRYPTO'
                       if old[0].startswith('opaque')
                       else '')
            print(f"""\
PSA import into PSA: {old[0]} -> {to_persistent[0]} {to_public[0]}{depends}
pk_import_into_psa_lifetime:{old[1]}:{to_public[1]}:{to_persistent[1]}
""")
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2024-03-15 13:25:28 +01:00
Ronald Cron
0edef1cf6d
Merge pull request #8914 from ronald-cron-arm/resumption-early-data-compat-tests 
TLS 1.3: Resumption and early data compatibility tests
 2024-03-15 12:22:25 +00:00
Waleed Elmelegy
4dfb0e7c90 Add ALPN checking when accepting early data 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-15 12:12:15 +00:00
Waleed Elmelegy
131b2ffd89 Fix bug in ALPN negotiating 
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
 2024-03-15 12:12:15 +00:00
Bence Szépkúti
e05b54229f Drop reference to Visual Studio 2013 from config 
All supported versions of Visual Studio support AESNI, so drop the
version number.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-03-15 12:19:39 +01:00
Bence Szépkúti
a32546c96e Update changelog 
Expand MSVC to Visual Studio and announce the moving of the solution
files.

Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
 2024-03-15 12:14:39 +01:00
Paul Elliott
44ccc8764b
Merge pull request #8924 from Ryan-Everett-arm/threading-same-key-tests 
Add testing for concurrently loading/using/destroying the same key
 2024-03-15 10:24:44 +00:00
Ronald Cron
6bee910dbd
Merge pull request #8858 from waleed-elmelegy-arm/add_alpn_to_session 
Add ALPN information in session tickets
 2024-03-15 09:50:24 +00:00
Ronald Cron
1987a7c068 Document that we do not implement the anti-replay defenses 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:46:04 +01:00
Ronald Cron
d514d9c798 tls13-early-data.md: Fix reading early data documentation 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
Ronald Cron
0fce958f17 tls13-early-data.md: Adapt code examples to new coding style 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
Ronald Cron
b372b2e5bb docs: Move TLS 1.3 early data doc to a dedicated file 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
Ronald Cron
d76a2d8b98 tls13-support.md: Stop referring to the prototype 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
Ronald Cron
1b606d8835 tls13-support.md: Early data supported now 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
Ronald Cron
124ed8a775 tls13-support.md: Some fixes 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
Ronald Cron
e40e42cf21 Add change log for early data feature 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:41:52 +01:00
Ronald Cron
dd2dc1578a ssl-opt.sh: Add m->m resumption and early data tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:21:40 +01:00
Ronald Cron
e739892cf8 ssl-opt.sh: Rework m->m resumption tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 10:21:35 +01:00
Ronald Cron
3cf41457ee ssl-opt.sh: Move m->m resumption tests 
Move m->m resumption tests just
before resumption and early data tests
against GnuTLS and OpenSSL.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-15 09:41:03 +01:00
Ronald Cron
820199a2ef ssl-opt.sh: Rework O->m placeholder test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
1ccd7a72c8 ssp-opt.sh: Expand G->m resumption and early data tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
854df135ab ssl-opt.sh: Group TLS 1.3 resumption and early data G->m tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
00fa13bf78 ssl-opt.sh: Rework m->O resumption and early data tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
47d4a52483 ssl-opt.sh: Remove m->O early data test based on external PSK 
Eventually we do not support early data with
external PSK thus no point to do a positive
test on that basis.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
05210086c0 ssl-opt.sh: Expand m->G resumption and early data tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
c893779bb5 ssl-opt.sh: Remove redundant early data test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
c8d604d0a1 ssl-opt.sh: Group TLS 1.3 resumption and early data m->G tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:07 +01:00
Ronald Cron
f1ad73f6ca ssl-opt.sh: Group TLS 1.3 resumption and early data compat tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:04:05 +01:00
Ronald Cron
74191a56e8 ssl_server2: Split early data enablement from max_early_data_size setting 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-14 20:00:42 +01:00
David Horstmann
24c269fd4a Rewrite section on PSA copy functions 
The finally implemented functions were significantly different from the
initial design idea, so update the document accordingly.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-14 18:03:35 +00:00
Ryan Everett
e1b50f38e4 Document unsupported concurrency scenario in psa_exercise_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 17:51:09 +00:00
Ryan Everett
6de38ac91c Add missing PSA_ASSERT in mbedtls_test_psa_raw_key_agreement_with_self 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 17:50:39 +00:00
Ryan Everett
3de040f62d Use TEST_FAIL in threaded tests 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 17:50:06 +00:00
Ryan Everett
6c488709d6 Fix typo in thread_import_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 17:49:44 +00:00
David Horstmann
abbf2c4835
Merge pull request #1191 from davidhorstmann-arm/psa-shared-memory-changelog 
Add ChangeLog for PSA buffer sharing fix
 2024-03-14 16:18:23 +00:00
David Horstmann
ea08045275
Merge pull request #1199 from davidhorstmann-arm/invert-buffer-protection-option 
Invert and rename buffer protection config option
 2024-03-14 16:17:18 +00:00
Gilles Peskine
7b333f1e88
Merge pull request #8913 from ronald-cron-arm/tls13-ticket-lifetime 
TLS 1.3: Enforce ticket maximum lifetime and discard tickets with 0 lifetime
 2024-03-14 15:59:25 +00:00
Gilles Peskine
1c5ebf4352
Merge pull request #8697 from BensonLiou/random_bye_on_hrr 
Do not generate new random number while receiving HRR
 2024-03-14 15:59:21 +00:00
Paul Elliott
50da462fc8
Merge pull request #8829 from paul-elliott-arm/add_framework_meta_tests 
Add metatests for failing TEST_EQUAL and TEST_LE_*
 2024-03-14 15:55:14 +00:00
Ryan Everett
f6f973c235 Document security weakness in concurrent execution of psa_destroy_key 
Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 15:54:07 +00:00
Manuel Pégourié-Gonnard
e7c08af465
Merge pull request #8575 from lpy4105/issue/wrong-suite-name-in-check_test_cases_py 
Fix wrong suite name in check_test_cases.py
 2024-03-14 15:31:27 +00:00
Ryan Everett
d4d6a7a20d Rework and update psa-thread-safety.md 
I have restructured this file, and updated it to reflect changes in design/designs now being implemented.

Signed-off-by: Ryan Everett <ryan.everett@arm.com>
 2024-03-14 15:22:06 +00:00
David Horstmann
6f8c95ba1d Preserve alphabetical sorting of config options 
In the list that is excluded from the full config.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2024-03-14 14:52:45 +00:00