Commit graph

20485 commits

Author SHA1 Message Date
Paul Elliott
20362cd1ca Bump library and so versions for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:56:01 +01:00
Paul Elliott
2238eed2d9 Update Changelog for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:55:59 +01:00
Paul Elliott
2089fd0ea9 Rename Changelog entries that don't have .txt extension
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:52:54 +01:00
Paul Elliott
237c87ba0e Add missing Changelog entries
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:52:28 +01:00
Paul Elliott
f518f81d41 Ensure return for mbedtls_ssl_write_alpn_ext() is checked
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 12:37:47 +01:00
Paul Elliott
9a8d78419f Fixup test tls13_server_certificate_msg_invalid_vector_len
The parameters for init_handshake_options had changed on the development
branch after this test was created, so fixing up this test in order to
correct build failures after merge.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 11:34:14 +01:00
Paul Elliott
20ccd6e8bb Merge remote-tracking branch 'origin/development' into mbedtls-3.2.0rc2-pr
Merge missing commits from development into release
2022-07-11 11:29:32 +01:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Paul Elliott
a343d34f0d
Merge pull request #6077 from paul-elliott-arm/fix_generate_debug_helpers_pylint
Fix formatting of generate_ssl_debug_helpers.py
2022-07-08 22:28:41 +01:00
Paul Elliott
4a49651860 Fix formatting of generate_ssl_debug_helpers.py
Satisfy pylint formatting errors

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-08 20:45:39 +01:00
Dave Rodgman
391e33ac93
Merge pull request #6076 from paul-elliott-arm/fix_generate_debug_helpers
Fix generation of ssl_debug_helpers
2022-07-08 17:55:51 +01:00
Paul Elliott
fe9d43c21d Fix generation of ssl_debug_helpers
File was being generated with tabs rather than spaces which breaks
release builds

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-08 17:27:25 +01:00
Paul Elliott
6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash
Fix DTLS 1.2 session resumption
2022-07-06 15:03:36 +01:00
Andrzej Kurek
1ce9ca0630 Changelog rewording
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-06 06:50:30 -04:00
Andrzej Kurek
21b50808cd Clarify the need for calling mbedtls_ssl_derive_keys after extension parsing
Use a more straightforward condition to note that session resumption
is happening.
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-06 03:26:55 -04:00
Paul Elliott
826762e315
Merge pull request #5765 from leorosen/fix-some-resource-leaks
Fix resource leaks
2022-07-05 23:12:02 +01:00
Andrzej Kurek
3a29e9cf57 Improve changelog wording
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-05 10:49:10 -04:00
Dave Rodgman
c6a4a1cc13
Merge pull request #6011 from gabor-mezei-arm/coverity_22_07_01
Fix uninitialised memory access in test
2022-07-05 13:59:34 +01:00
Andrzej Kurek
ddb8cd601d test_suite_ssl: Fix handshake options cleanup
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 16:07:28 -04:00
Manuel Pégourié-Gonnard
0358597589
Merge pull request #5757 from mpg/update-doc-use-psa
Update "use PSA" documentation (inc. strategy)
2022-07-04 17:59:00 +02:00
Andrzej Kurek
9dc4402afa test_suite_ssl: zeroize the cache pointer in case if the struct memory gets reused
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:40:15 -04:00
Andrzej Kurek
1e085686ec test_suite_ssl: remove unnecessary user data checks
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:40:09 -04:00
Andrzej Kurek
3d0d501517 test_suite_ssl: prefer ASSERT_ALLOC over malloc
Fix formatting for option initialization
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:39:34 -04:00
Andrzej Kurek
2e1a232261 Fix changelog wording
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
92d7417d89 Formatting fixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
e11acb2c9b test_suite_ssl: add proper cache cleanup
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
e8ad0d7d42 Disable bad session id length test in TLS 1.3
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
456a109edb test_suite_ssl: add required dependencies for default handshake parameters
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
6e518ab086 test_suite_ssl: add missing options cleanup
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
ed58b50ea6 test_suite_ssl: add missing MBEDTLS_SSL_SERVER_C dependency
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
626a931bb9 test_suite_ssl: Add missing arguments in endpoint initialization
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
9abad0c5ef Improve the changelog message to contain more details
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:18:29 -04:00
Andrzej Kurek
514683abdc Add a test with a bad session_id_len that makes cache setting fail
Force a bad session_id_len before handshake wrapup. This should
result in a forced jump to a clean up of a serialized session.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:18:29 -04:00
Andrzej Kurek
780dc18f74 Refactor test_suite_ssl tests to enable cache setting
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:18:28 -04:00
Paul Elliott
b7aba1a584 Improve Changelog
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-04 06:49:26 -04:00
Paul Elliott
072d2b094d Add pem_free() to other error paths in pk_parse_public_key()
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-04 06:49:26 -04:00
Leonid Rozenboim
56e01f37a8 Created customary ChangeLog.d entry.
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-07-04 06:49:26 -04:00
Leonid Rozenboim
116f50cd96 Fix resource leaks
These potential leaks were flagged by the Coverity static analyzer.

Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-07-04 06:49:26 -04:00
Manuel Pégourié-Gonnard
b5b27c1114 Misc clean-ups in docs/use-psa-crypto.md
Note: limitations of opaque PSKs changed from "TLS 1.2 only" to "none"
since TLS 1.3 does not support PSK at all so far, and it is expected to
support opaque PSKs as soon as it gains PSK support, it will be just a
matter of selecting between psa_key_derivation_input_bytes() and
psa_key_derivation_input_key() - and testing obviously.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
465341f438 Add ChangeLog entries for general Use PSA improvements
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
2dc436d6e7 Tune description of PSA crypto implementation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
0dba51cfad Fix list of what's common to TLS 1.2 and 1.3
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
9bf9b9e269 Link to restartable ECC EPIC
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
cbc03f5377 Update README about USE_PSA_CRYPTO
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
f3f79a00fc Now compatible with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
Also make a few general clarifications/improvements while at it.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
3e83098e01 Clarify the TLS 1.3 situation
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:32 +02:00
Manuel Pégourié-Gonnard
103b9929d1 Remove HKDF-Extract/Expand
Being resolved in https://github.com/Mbed-TLS/mbedtls/issues/5784

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
b2bd34ecdc Update docs/use-psa-crypto.md
The scope of the option has been expanded, now it makes more sense to
describe it as "everything except ...".

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
ff43ff6e78 Remove stability waiver from USE_PSA
It was initially motivated by the fact that the PSA Crypto APIs
themselves were not stable. In the meantime, PSA Crypto has reached
1.0.0 so this no longer applies.

If we want user to be able to fully benefit from PSA in order to
isolate long-term secrets, they need to be able to use the new APIs with
confidence. There is no reason to think those APIs are any more likely
to change than any of our other APIs, and if they do, we'll follow the
normal process (deprecated in favour of a new variant).

For reference, the APIs in question are:

mbedtls_pk_setup_opaque() // to use PSA-held ECDSA/RSA keys in TLS

mbedtls_ssl_conf_psk_opaque()   // for PSA-held PSKs in TLS
mbedtls_ssl_set_hs_psk_opaque() // for PSA-held PSKs in TLS

mbedtls_cipher_setup_psa() (deprecated in 3.2)
mbedtls_pk_wrap_as_opaque() (documented internal, to be removed in 3.2)

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
97ec0b7bfa Clarify effect of USE_PSA on TLS 1.3
The previous wording was wrong, there are parts that are affected.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00