mbedtls

Author	SHA1	Message	Date
Pengyu Lv	80270b2151	rename ticket_flags helper functions to generic ones Ticket flags is quite generic and may make sense in the future versions of TLS or even in TLS 1.2 with new extensions. This change remane the ticket_flags helper functions with more generic `mbedtls_ssl_session` prefix instead of `mbedtls_ssl_tls13_session`. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:59 +08:00
Pengyu Lv	a1aa31b8b1	fix review comments Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:58 +08:00
Pengyu Lv	06cf66d2ab	unroll test cases to improve coverage of check_test_cases in all.sh Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:58 +08:00
Pengyu Lv	1735ba30ea	fix review comments Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:57 +08:00
Pengyu Lv	9eacb44a5e	improve code format and readability Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:57 +08:00
Pengyu Lv	302feb3955	add cases to test session resumption with different ticket_flags This commit add test cases to test if the check of kex change mode in SessionTicket works well. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:56 +08:00
Pengyu Lv	9356678047	filter the tickets with tls13_kex_mode on client side. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:56 +08:00
Pengyu Lv	e6487fe3c2	guard tls13_kex_modes related function calls with macro Handshake parameter field, tls13_kex_mode is only valid when MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED is set. So, any functions / calls should be guarded by this macros. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:55 +08:00
Pengyu Lv	3eb49be6a8	move kex mode check in ticket_flags to psks_check_identity_match_ticket Move the kex mode check in ticket_flags to ssl_tls13_offered_psks_check_identity_match_ticket and add new error 'MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE' to indicate the check failure. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:55 +08:00
Pengyu Lv	c7af2c4f8c	tls13: send new session ticket only when client supports psk Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:54 +08:00
Pengyu Lv	c55eeb682d	tls13: check if the session ticket is compatible with key exchange modes The server check if the ticket_flags is compatible with the advertised key exchange modes in Pre-Shared Key Exchange Modes extension. The incompatible ticket should be mark as not matched. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:53 +08:00
Pengyu Lv	9f92695c8d	tls13: set key exchange mode in ticket_flags on client/server Set the ticket_flags when: - server: preparing NST (new session ticket) message - client: postprocessing NST message Clear the ticket_flags when: - server: preparing NST message - client: parsing NST message Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:53 +08:00
Pengyu Lv	b7d50acb37	tls13: add helpers to manipulate ticket_flags Add helper functions to get/set/clear ticket_flags. Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:52 +08:00
Pengyu Lv	5b8dcd2097	Add debug helper to print ticket_flags status Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>	2023-01-13 11:05:52 +08:00
Gilles Peskine	449bd8303e	Switch to the new code style Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-11 14:50:10 +01:00
Gilles Peskine	fd13a0f851	Merge pull request #6905 from gilles-peskine-arm/code-style-casts-psa-headers-more Remove redundant error code definitions	2023-01-11 14:40:42 +01:00
Gilles Peskine	c55c343670	Merge pull request #6884 from gilles-peskine-arm/check-files-unicode Reject bad characters in source code	2023-01-11 13:46:59 +01:00
Gilles Peskine	03e99cf14d	Remove redundant error code definitions We're including psa/crypto_values.h, which defines the necessary error codes. Remove redundant definitions, which hurt because they need to be styled in exactly the same way (same presence/absence of spaces between tokens). This completes the fix of https://github.com/Mbed-TLS/mbedtls/issues/6875. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-11 11:15:18 +01:00
Ronald Cron	83c5ad4873	Merge pull request #6787 from yuhaoth/pr/workaround-gnutls_anti_replay_fail TLS 1.3: EarlyData: Workaround anti replay fail from GnuTLS	2023-01-11 09:05:36 +01:00
Gilles Peskine	3900bddd77	Merge pull request #6823 from mpg/unify-openssl-variables Use OPENSSL everywhere, not OPENSSL_CMD	2023-01-10 22:10:19 +01:00
Gilles Peskine	f9c8d76db6	Merge pull request #6893 from tom-daubney-arm/modify_generate_errors_script Make generate_errors.pl handle directory names containing spaces when opening files	2023-01-10 22:09:58 +01:00
Gilles Peskine	b4ffe781ed	Merge pull request #6878 from gilles-peskine-arm/code-style-casts-psa-headers Don't restyle some PSA macros	2023-01-10 22:09:13 +01:00
Gilles Peskine	0770efe4e1	Merge pull request #6888 from daverodgman/iar-bignum-warning Fix IAR warning	2023-01-10 22:08:37 +01:00
Dave Rodgman	bbbd803c2e	Add Changelog Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-01-10 10:08:12 +00:00
Thomas Daubney	1efe4a874d	Add ChangeLog entry Add ChangeLog entry documenting bugfix. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2023-01-10 09:35:39 +00:00
Manuel Pégourié-Gonnard	28d4d43416	Merge pull request #6863 from valeriosetti/issue6830 Remove uses of mbedtls_ecp_curve_info in TLS (with USE_PSA)	2023-01-10 10:01:17 +01:00
Manuel Pégourié-Gonnard	6e666c2e79	Remove obsolete comment Was explaining why we didn't use the OPENSSL name, but we are using it now... Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2023-01-10 09:38:58 +01:00
Manuel Pégourié-Gonnard	3368724ade	Merge pull request #6870 from valeriosetti/issue6831 Document/test dependencies on ECP & Bignum	2023-01-10 09:25:41 +01:00
Jerry Yu	3e60cada5d	Improve comment and changlog Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-01-10 14:58:08 +08:00
Thomas Daubney	33878ed30b	Modify generate errors script Modify generate_errors.pl such that it can now handle opening files where the file path includes a directory name containing spaces. Raised in issue #6879. Fix provided by @tom-cosgrove-arm in aforementioned issue. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2023-01-09 18:28:10 +00:00
Valerio Setti	a0b97bc803	fix wrong type in debug message Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-09 19:10:32 +01:00
Valerio Setti	2c12185b88	test: fix dependencies on function and data files Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-09 18:00:39 +01:00
Valerio Setti	1e868ccbac	fix several typos and extra blank spaces Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-09 17:59:46 +01:00
Valerio Setti	2b5d3ded1f	remove remaining occurencies of mbedtls_ecc_group_to_psa() from TLS Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-09 11:04:52 +01:00
Jerry Yu	99e902f479	Add changlog entry. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-01-07 20:20:35 +08:00
Jerry Yu	bdb936b7a5	Workaround anti replay fail of GnuTLS Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-01-07 20:19:55 +08:00
Jerry Yu	a15af37867	Change time resolution of reco_delay from second to millionseconds Per gnutls anti replay issue, it needs millionsecond time delay for improve the fail rate. From test result of #6712, this can improve the fail rate from 4% to 92%. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-01-07 13:01:42 +08:00
Jerry Yu	f05b6eed0c	Revert "Skip early data basic check temp" This reverts commit `4e83173bb7`. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2023-01-07 13:01:42 +08:00
Glenn Strauss	14db51224e	Fix IAR warning Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2023-01-06 14:20:14 +00:00
Manuel Pégourié-Gonnard	b17803682e	Merge pull request #6873 from mpg/fix-derive-key-exercise Fix test function derive_key_exercise()	2023-01-06 11:50:05 +01:00
Gilles Peskine	d11bb47fe0	Reject invalid UTF-8 and weird characters in text files Reject "weird" characters in text files, especially control characters that might be escape sequences or that might cause other text to appear garbled (as in https://trojansource.codes/). Also reject byte sequences that aren't valid UTF-8. Accept only ASCII (except most control characters), letters, some non-ASCII punctuation and some mathematical and technical symbols. This covers everything that's currently present in Mbed TLS ( §áèéëñóöüłŽ–—’“”…≥). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-05 20:31:14 +01:00
Gilles Peskine	b389743ace	Pass line number to issue_with_line Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-05 20:28:30 +01:00
Gilles Peskine	0ed9e78bf7	Treat more *.bin files as binary Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2023-01-05 20:27:35 +01:00
Gilles Peskine	cd0a565644	Merge pull request #6703 from yuhaoth/pr/tls13-misc-from-prototype TLS 1.3: Upstream misc fix from prototype	2023-01-05 14:35:54 +01:00
Gilles Peskine	f07ddde980	Merge pull request #6876 from davidhorstmann-arm/disable-code-style-for-bn-asm Check for Uncrustify errors in `code_style.py`	2023-01-05 14:35:16 +01:00
David Horstmann	78d566b216	Fix pylint warnings about comparison to True Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-01-05 10:02:09 +00:00
David Horstmann	8d1d6edb0b	Fix incorrect typing of function in code_style.py Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-01-05 09:59:35 +00:00
David Horstmann	bec95320ba	Don't restyle end of file Move the INDENT-ON annotation to the end of the file so that uncrustify does not restyle the later sections (since it introduces a risk of future problems). Signed-off-by: David Horstmann <david.horstmann@arm.com>	2023-01-05 09:50:47 +00:00
Valerio Setti	8e45cdd440	fix wrong dependency for X509_TRUSTED_CERTIFICATE_CALLBACK Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-05 09:33:38 +01:00
Valerio Setti	8841d6b2f6	add missing dependency documentation for SSL_ASYNC_PRIVATE Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2023-01-05 08:40:24 +01:00

1 2 3 4 5 ...

22973 commits