Commit graph

20512 commits

Author SHA1 Message Date
Dave Rodgman
c95cb6d6e5 Add Changelog entry
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-07-20 14:37:08 +01:00
Dave Rodgman
103f8b6506 Spelling and grammar improvements
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-07-20 14:37:08 +01:00
Dave Rodgman
935154ef04 Don't increase failure count for dangling symlinks
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-07-20 14:37:07 +01:00
Eduardo Silva
e1bfffc4f6 x509_crt: handle properly broken links when looking for certificates
On non-windows environments, when loading certificates from a given
path through mbedtls_x509_crt_parse_path() function, if a symbolic
link is found and is broken (meaning the target file don't exists),
the function is returning MBEDTLS_ERR_X509_FILE_IO_ERROR which is
not honoring the default behavior of just skip the bad certificate file
and increase the counter of wrong files.

The problem have been raised many times in our open source project
called Fluent Bit which depends on MbedTLS:

https://github.com/fluent/fluent-bit/issues/843#issuecomment-486388209

The expected behavior is that if a simple certificate cannot be processed,
it should just be skipped.

This patch implements a workaround with lstat(2) and stat(2) to determinate
first if the entry found in the directory is a symbolic link or not, if is
a simbolic link, do a proper stat(2) for the target file, otherwise process
normally. Upon find a broken symbolic link it will increase the counter of
not processed certificates.

Signed-off-by: Eduardo Silva <eduardo@treaure-data.com>
2022-07-20 14:36:12 +01:00
Ronald Cron
d5b1eb51db
Merge pull request #6078 from yuhaoth/pr/add-tls13-paser-psk-kex-mode-ext
TLS 1.3: PSK: Add parser of psk kex mode ext on server side
2022-07-18 11:34:24 +02:00
Jerry Yu
854dd9e23f fix comment issue
Co-authored-by: Xiaokang Qian <53458466+xkqian@users.noreply.github.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-15 14:38:38 +08:00
Paul Elliott
0b5f4950cc
Merge pull request #5953 from tuvshinzayaArm/update-document-PSA_ALG_RSA_PSS
Update documentation of PSA_ALG_RSA_PSS
2022-07-14 10:40:21 +01:00
Jerry Yu
c52e3bd93b Improve comment
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-14 10:49:47 +08:00
Jerry Yu
299e31f10e fix various issue
- remove unused test case
- add alert message
- improve readabitlity

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-13 23:06:36 +08:00
Dave Rodgman
0dca5ef773
Merge pull request #6081 from daverodgman/assemble-cl-case
Fix case of Mbed TLS in assemble_changelog.py
2022-07-12 16:48:20 +01:00
Paul Elliott
72fa1c23ed
Merge pull request #960 from paul-elliott-arm/merge-into-3.2.1
Merge 3.2.1 into development
2022-07-12 16:24:10 +01:00
Paul Elliott
af4b90db3f Revert "Add missing library/psa_crypto_driver_wrappers.c"
This reverts commit c2a9387110

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 11:30:17 +01:00
Paul Elliott
81c69b547a Revert "Revert "Revert "Add generated files for 3.2.0 release"""
This reverts commit 185d24ba0e.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 11:29:34 +01:00
Jerry Yu
fe52e55301 redirect stderr output in ubuntu22.04
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-12 09:53:37 +00:00
Jerry Yu
e36397d13b add tests for psk_key_exchange_mode
To confirm, psk_key_exchange_modes were received and
parsed.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-12 09:53:36 +00:00
Jerry Yu
e19e3b9eb8 Add psk_key_exchange_modes parser
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-12 09:53:35 +00:00
Paul Elliott
869298bffe Add 3.2.1 Changelog
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 10:51:55 +01:00
Paul Elliott
cd08ba0326 Bump version to 3.2.1
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 10:51:55 +01:00
Dave Rodgman
c2a9387110 Add missing library/psa_crypto_driver_wrappers.c
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-07-12 10:51:55 +01:00
Dave Rodgman
185d24ba0e Revert "Revert "Add generated files for 3.2.0 release""
This reverts commit 7adb8cbc0e.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-12 10:51:44 +01:00
Paul Elliott
6dc7cdfdd1
Merge pull request #959 from paul-elliott-arm/merge-into-3.2.0
Merge 3.2.0 into development
2022-07-11 20:01:18 +01:00
Paul Elliott
7adb8cbc0e Revert "Add generated files for 3.2.0 release"
This reverts commit cb21f2eab3.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 18:18:30 +01:00
Paul Elliott
3aef7670b7
Merge pull request #957 from paul-elliott-arm/mbedtls-3.2.0rc0-pr
Mbedtls 3.2.0rc0 PR
2022-07-11 15:45:03 +01:00
Paul Elliott
cb21f2eab3 Add generated files for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:56:01 +01:00
Paul Elliott
f14b742689 Update BRANCHES.md for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:56:01 +01:00
Paul Elliott
20362cd1ca Bump library and so versions for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:56:01 +01:00
Paul Elliott
2238eed2d9 Update Changelog for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:55:59 +01:00
Paul Elliott
2089fd0ea9 Rename Changelog entries that don't have .txt extension
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:52:54 +01:00
Paul Elliott
237c87ba0e Add missing Changelog entries
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:52:28 +01:00
Paul Elliott
f518f81d41 Ensure return for mbedtls_ssl_write_alpn_ext() is checked
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 12:37:47 +01:00
Dave Rodgman
ca9556bff1 Fix case of Mbed TLS in assemble_changelog.py
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-07-11 11:39:21 +01:00
Paul Elliott
9a8d78419f Fixup test tls13_server_certificate_msg_invalid_vector_len
The parameters for init_handshake_options had changed on the development
branch after this test was created, so fixing up this test in order to
correct build failures after merge.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 11:34:14 +01:00
Paul Elliott
20ccd6e8bb Merge remote-tracking branch 'origin/development' into mbedtls-3.2.0rc2-pr
Merge missing commits from development into release
2022-07-11 11:29:32 +01:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Paul Elliott
a343d34f0d
Merge pull request #6077 from paul-elliott-arm/fix_generate_debug_helpers_pylint
Fix formatting of generate_ssl_debug_helpers.py
2022-07-08 22:28:41 +01:00
Paul Elliott
4a49651860 Fix formatting of generate_ssl_debug_helpers.py
Satisfy pylint formatting errors

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-08 20:45:39 +01:00
Dave Rodgman
391e33ac93
Merge pull request #6076 from paul-elliott-arm/fix_generate_debug_helpers
Fix generation of ssl_debug_helpers
2022-07-08 17:55:51 +01:00
Paul Elliott
fe9d43c21d Fix generation of ssl_debug_helpers
File was being generated with tabs rather than spaces which breaks
release builds

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-08 17:27:25 +01:00
Paul Elliott
6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash
Fix DTLS 1.2 session resumption
2022-07-06 15:03:36 +01:00
Andrzej Kurek
1ce9ca0630 Changelog rewording
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-06 06:50:30 -04:00
Andrzej Kurek
21b50808cd Clarify the need for calling mbedtls_ssl_derive_keys after extension parsing
Use a more straightforward condition to note that session resumption
is happening.
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-06 03:26:55 -04:00
Paul Elliott
826762e315
Merge pull request #5765 from leorosen/fix-some-resource-leaks
Fix resource leaks
2022-07-05 23:12:02 +01:00
Andrzej Kurek
3a29e9cf57 Improve changelog wording
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-05 10:49:10 -04:00
Dave Rodgman
c6a4a1cc13
Merge pull request #6011 from gabor-mezei-arm/coverity_22_07_01
Fix uninitialised memory access in test
2022-07-05 13:59:34 +01:00
Andrzej Kurek
ddb8cd601d test_suite_ssl: Fix handshake options cleanup
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 16:07:28 -04:00
Manuel Pégourié-Gonnard
0358597589
Merge pull request #5757 from mpg/update-doc-use-psa
Update "use PSA" documentation (inc. strategy)
2022-07-04 17:59:00 +02:00
Andrzej Kurek
9dc4402afa test_suite_ssl: zeroize the cache pointer in case if the struct memory gets reused
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:40:15 -04:00
Andrzej Kurek
1e085686ec test_suite_ssl: remove unnecessary user data checks
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:40:09 -04:00
Andrzej Kurek
3d0d501517 test_suite_ssl: prefer ASSERT_ALLOC over malloc
Fix formatting for option initialization
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:39:34 -04:00
Andrzej Kurek
2e1a232261 Fix changelog wording
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00