Handshake parameter field, tls13_kex_mode is only valid when
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED is set.
So, any functions / calls should be guarded by this macros.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
Move the kex mode check in ticket_flags to
ssl_tls13_offered_psks_check_identity_match_ticket and add new error
'MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE' to indicate the check
failure.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
The server check if the ticket_flags is compatible with the advertised
key exchange modes in Pre-Shared Key Exchange Modes extension. The
incompatible ticket should be mark as not matched.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
We're including psa/crypto_values.h, which defines the necessary error
codes. Remove redundant definitions, which hurt because they need to be
styled in exactly the same way (same presence/absence of spaces between
tokens).
This completes the fix of https://github.com/Mbed-TLS/mbedtls/issues/6875.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Modify generate_errors.pl such that it can now handle
opening files where the file path includes a directory
name containing spaces.
Raised in issue #6879. Fix provided by
@tom-cosgrove-arm in aforementioned issue.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.
From test result of #6712, this can improve the fail rate from 4%
to 92%.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Reject "weird" characters in text files, especially control characters that
might be escape sequences or that might cause other text to appear garbled
(as in https://trojansource.codes/).
Also reject byte sequences that aren't valid UTF-8.
Accept only ASCII (except most control characters), letters, some non-ASCII
punctuation and some mathematical and technical symbols. This covers
everything that's currently present in Mbed TLS ( §áèéëñóöüłŽ–—’“”…≥).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
Move the *INDENT-ON* annotation to the end of the file so that
uncrustify does not restyle the later sections (since it introduces a
risk of future problems).
Signed-off-by: David Horstmann <david.horstmann@arm.com>
Some preprocessor macro definitions must have a specific expansion so that
the same macro name can be defined in different products. The definition of
having the same expansion (per the C language specification) means the same
sequence of tokens, and also the same absence/presence of spacing between
tokens.
Two macros are also defined in headers in the PSA Compliance test suite, so
the test suite would fail to build if we changed the definitions. Preserve
those definitions. Technically this is a bug in the test suite, since having
extra spaces (or even a completely different constant expression with the
same value) would still be compliant. Bug reported as
https://github.com/ARM-software/psa-arch-tests/issues/337
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
