Przemek Stekiel
9e30fc94f3
Remove redundant spaces
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-27 12:48:35 +02:00
Werner Lewis
fd8cfe4f8e
Replace parsing with outputting
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:23:43 +01:00
Werner Lewis
31ecb9600a
Add tests for exceeded buffer size
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:23:43 +01:00
Werner Lewis
b33dacdb50
Fix parsing of special chars in X509 DN values
...
Use escape mechanism defined in RFC 1779 when parsing commas and other
special characters in X509 DN values. Resolves failures when generating
a certificate with a CSR containing a comma in subject value.
Fixes #769 .
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 11:19:50 +01:00
Przemek Stekiel
6a5e01858f
ssl_tls13_parse_certificate_verify(): remove md dependency
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-27 11:53:13 +02:00
Przemek Stekiel
6230d0d398
mbedtls_x509_sig_alg_gets(): remove md dependency
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-27 11:19:04 +02:00
Werner Lewis
4abd7c2545
Minor phrasing changes
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 09:42:34 +01:00
Werner Lewis
129d6adc0e
Use mbedtls-2.28 branch for documentation link
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 09:42:34 +01:00
Werner Lewis
4b8aaa4e60
Add clarification on 2.x branch choice
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 09:41:54 +01:00
Werner Lewis
f5b86f3b16
Add clarification for 2.x section
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-27 09:20:01 +01:00
Ronald Cron
cf600bc07c
Comment fixes
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
e0d7367a9e
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
2b1a43c101
tls13: Add missing overread check in Certificate msg parsing.
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
e7b9b6b380
tls13: Add checks of overread check failures
...
In Certificate message parsing tests with
invalid vector lengths, add checks that the
parsing failed on the expected overread check.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
ad8c17b9c6
tls: Add overread/overwrite check failure tracking
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:49 +02:00
Ronald Cron
e3dac4aaa1
tls13: Add Certificate msg parsing tests with invalid vector lengths
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:28:42 +02:00
Ronald Cron
a8d79b9eb6
ssl-opt.sh: Remove one pattern check
...
In "Authentication: client cert not trusted,
server required" ssl-opt.sh test, depending
on client and server execution speed, the
handshake on the client side may complete
successfully: the TLS connection is aborted
by the server because it is not able to
authenticate the client but at that time
the client may have completed the handshake
on its side. Thus, do not check that the
client handshake failed.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-27 09:05:35 +02:00
Ronald Cron
07040bb179
Merge pull request #5951 from xkqian/tls13_add_alpn
...
Add ALPN extension to the server side
2022-06-27 08:33:03 +02:00
Ronald Cron
9738a8d0fd
Merge pull request #943 from ronald-cron-arm/tls13-fix-key-usage-checks
...
TLS 1.3: Fix certificate key usage checks
2022-06-27 08:32:17 +02:00
Gilles Peskine
0ff241a1ea
Remove largely useless bit of test log to silence GCC 12
...
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.
Fixes #5974 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-25 14:29:23 +02:00
Paul Elliott
668b31f210
Fix the wrong variable being used for TLS record size checks
...
Fix an issue whereby a variable was used to check the size of incoming
TLS records against the configured maximum prior to it being set to the
right value.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-06-24 20:09:37 +01:00
Werner Lewis
f8a478795c
Add guidance for generating deprecated list
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-24 11:10:48 +01:00
Ronald Cron
21a1b2d374
Enable "Sending app data" SSL unit tests for TLS 1.3
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
c78511b59a
ssl-opt.sh: Enable some authentication tests for TLS 1.3
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
1938588e80
tls13: Align some debug messages with TLS 1.2 ones
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
a4417c13a1
ssl-opt.sh: Add Small/Large packets TLS 1.3 tests
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
ba80d4d60b
ssl-opt.sh: Enable Event-driven I/O tests for TLS 1.3
...
The other "Event-driven I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
Ronald Cron
2cffd284bc
ssl-opt.sh: Enable Non-blocking I/O tests for TLS 1.3
...
The other "Non-blocking I/O" tests are not relevant
to TLS 1.3 yet: no ticket and session resumption
support.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-24 12:06:46 +02:00
XiaokangQian
0b776e282a
Change some comments for alpn
...
Change-Id: Idf066e94cede9d26aa41d632c3a81dafcee38587
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-24 09:04:59 +00:00
Manuel Pégourié-Gonnard
93a7f7d7f8
Merge pull request #5954 from wernerlewis/x509_next_merged
...
Add mbedtls_x509_dn_get_next function
2022-06-24 09:59:22 +02:00
Manuel Pégourié-Gonnard
fc425ee9a4
Merge pull request #5838 from mprse/HKDF_2
...
HKDF 2: Use HKDF-Expand/Extract from PSA in TLS 1.3
2022-06-24 09:28:17 +02:00
XiaokangQian
95d5f549f1
Fix coding styles
...
Change-Id: I0ac8ddab13767b0188112dfbbdb2264d36ed230a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-24 05:42:15 +00:00
Werner Lewis
016cec17e8
Add deprecated macros to migration guide
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 16:55:52 +01:00
Werner Lewis
745fcde406
Add reference to 2.x docs to migration guide
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 16:51:45 +01:00
Werner Lewis
3e5585b45d
Replace TEST_ASSERT macro uses
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 15:12:10 +01:00
Werner Lewis
ac80a66395
Reduce buffer sizes to expected size
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-06-23 15:11:50 +01:00
Andrzej Kurek
5708b45154
Add a changelog entry for the session resumption + CID bug
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-23 08:00:14 -04:00
Manuel Pégourié-Gonnard
4f799fc333
Merge pull request #941 from mpg/buf-overread-use-psa-static-ecdh-dev
...
Fix potential heap buffer overread with `USE_PSA_CRYPTO`
2022-06-23 11:57:33 +02:00
Manuel Pégourié-Gonnard
4cfaae5b6b
Save code size by calling get_type only once
...
This is an external function, so in the absence of link-time
optimisation (LTO) the compiler can't know anything about it and has to
call it the number of times it's called in the source code.
This only matters for pk_ec, but change pk_rsa as well for the sake of
uniformity.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-06-23 09:43:39 +02:00
Przemek Stekiel
1b0ebdf363
Zeroize hkdf_label buffer
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-23 09:22:49 +02:00
Przemek Stekiel
38ab400dc4
Adapt code to be consistent with the existing code
...
- init status to error
- use simple assignment to status
- fix code style (spaces)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-23 09:05:40 +02:00
XiaokangQian
c740345c5b
Adress review comments
...
Change Code styles
Add test cases
Change-Id: I022bfc66fe509fe767319c4fe5f2541ee05e96fd
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-23 03:24:12 +00:00
Ronald Cron
f9c13fe69f
ssl-opt.sh: Add positive check in successful "keyUsage client-auth" tests
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-22 17:36:21 +02:00
Ronald Cron
ba65fbbe30
Fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-22 17:36:12 +02:00
Gabor Mezei
96ec831385
Do not encrypt CCS records
...
According to the TLS 1.3 standard the CCS records must be unencrypted.
When a record is not encrypted the counter, used in the dynamic IV
creation, is not incremented.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-22 17:07:21 +02:00
Gabor Mezei
7e2dbafe2d
Add test for dummy CCS records
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-22 17:07:21 +02:00
Gabor Mezei
7b39bf178e
Send dummy change_cipher_spec records from TLS 1.3 server
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-06-22 17:07:21 +02:00
XiaokangQian
acb3992251
Add ALPN extension to the server side
...
CustomizedGitHooks: yes
Change-Id: I6fe1516963e7b5727710872ee91fea7fc51d2776
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-06-22 06:34:58 +00:00
Przemek Stekiel
b33bd19197
Enable HKDF EXTRACT/EXPAND algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-21 09:58:51 +02:00
Przemek Stekiel
d5ae365b97
Use PSA HKDF-Extrat/Expand algs instead mbedtls_psa_hkdf_extract(), mbedtls_psa_hkdf_xpand()
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-06-21 07:22:33 +02:00