Pengyu Lv
06cf66d2ab
unroll test cases to improve coverage of check_test_cases in all.sh
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:58 +08:00
Pengyu Lv
1735ba30ea
fix review comments
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:57 +08:00
Pengyu Lv
9eacb44a5e
improve code format and readability
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:57 +08:00
Pengyu Lv
302feb3955
add cases to test session resumption with different ticket_flags
...
This commit add test cases to test if the check of kex change mode
in SessionTicket works well.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:56 +08:00
Pengyu Lv
9356678047
filter the tickets with tls13_kex_mode on client side.
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:56 +08:00
Pengyu Lv
e6487fe3c2
guard tls13_kex_modes related function calls with macro
...
Handshake parameter field, tls13_kex_mode is only valid when
MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED is set.
So, any functions / calls should be guarded by this macros.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:55 +08:00
Pengyu Lv
3eb49be6a8
move kex mode check in ticket_flags to psks_check_identity_match_ticket
...
Move the kex mode check in ticket_flags to
ssl_tls13_offered_psks_check_identity_match_ticket and add new error
'MBEDTLS_ERR_SSL_TICKET_INVALID_KEX_MODE' to indicate the check
failure.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:55 +08:00
Pengyu Lv
c7af2c4f8c
tls13: send new session ticket only when client supports psk
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:54 +08:00
Pengyu Lv
c55eeb682d
tls13: check if the session ticket is compatible with key exchange modes
...
The server check if the ticket_flags is compatible with the advertised
key exchange modes in Pre-Shared Key Exchange Modes extension. The
incompatible ticket should be mark as not matched.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:53 +08:00
Pengyu Lv
9f92695c8d
tls13: set key exchange mode in ticket_flags on client/server
...
Set the ticket_flags when:
- server: preparing NST (new session ticket) message
- client: postprocessing NST message
Clear the ticket_flags when:
- server: preparing NST message
- client: parsing NST message
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:53 +08:00
Pengyu Lv
b7d50acb37
tls13: add helpers to manipulate ticket_flags
...
Add helper functions to get/set/clear ticket_flags.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:52 +08:00
Pengyu Lv
5b8dcd2097
Add debug helper to print ticket_flags status
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:52 +08:00
Valerio Setti
48fdbb3940
programs: cert_write: fixed bug in parsing dec serial
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
856cec45eb
test: x509: add more tests for checking certificate serial
...
- added 2 new certificates: 1 for testing a serial which is full lenght
and another one for a serial which starts with 0x80
- added also proper Makefile and openssl configuration file to generate
these 2 new certificates
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
791bbe629d
programs: improved cert_write serial management
...
Now it can accept serial both as decimal and hex number (only one format
at a time, of course, not simultaneously).
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
4752aac11d
x509: enhancement and fixes
...
- enhance mbedtls_x509write_crt_set_serial(): avoid use of useless
temporary buffer
- fix mbedtls_x509write_crt_der(): add an extra 0x00 byte at the
beginning of serial if the MSb of serial is 1, as required from
ASN.1
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
b8dc18f3b6
test: fix: remove invalid comment
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
746def5ade
x509: renaming of buffer variables in new serial setting function
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
ea19d2db73
changelog: fixed typos
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
aad8dbd38d
test: fix tests for x509write_crt_set_serial(_new)
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
acf12fb744
x509: fix endianness and input data format for x509write_crt_set_serial_new
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
41b5fb6536
test: ensure X509 has no dependency on BIGNUM when built without MBEDTLS_DEPRECATED_REMOVED
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
5d164c4e23
fix: add missing deprecation guards
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
903b6aa87d
Changelog: list changes in x509write_crt module
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
da0afcc2fb
x509: remove direct dependency from BIGNUM_C
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Gilles Peskine
d449cedd3a
Fix example command
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-12 15:45:32 +01:00
Dave Rodgman
656a81ecf8
Merge pull request #6890 from daverodgman/vs2013
...
Update paths and VS solution file to VS2013
2023-01-12 11:01:42 +00:00
Jerry Yu
38257491aa
Add milliseconds time function
...
We provide windows and posix implementation for it.
With MBEDTLS_PLATFORM_MS_TIME_ALT, user can provide
their own implementation.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-12 18:01:14 +08:00
Jerry Yu
eba0ab5db2
Add million seconds time type.
...
From RFC8446, the unit of ticket age is million seconds
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-12 18:01:14 +08:00
Yanray Wang
ef5ec8f5ba
Rename static functions in ssl_tls13_keys.c
...
As some static functions are only used inside ssl_tls13_keys.c,
the prefix mbedtls_ should be removed. Furthermore, code format is
also maintained to fix code style.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 15:11:03 +08:00
Yanray Wang
0540211078
Enhancement: change some functions to static in ssl_tls13_keys.c
...
Since some functions are only used in ssl_tls13_keys.c not by any
other modules, those functions are changed to static.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 14:54:26 +08:00
Yanray Wang
16c895dff3
TLS1.3: zeroize tls13_early_secrets after its lifetime
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 14:27:06 +08:00
Yanray Wang
bae9e74d39
Enhancement: change tls13_early_secrets to local variable
...
Since tls13_early_secrets is only temperately used in the function,
there is no need to keep it in the handshake context.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-01-12 14:27:06 +08:00
Dave Rodgman
7a75d22274
Update solution template to require VS2013
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-11 18:56:11 +00:00
Dave Rodgman
05bdb13be3
Update README and add changelog entry
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-11 18:56:11 +00:00
Dave Rodgman
0f459d75b8
Update some comments & error messages
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-11 18:56:11 +00:00
Dave Rodgman
378ecdd859
Rename VS2010 directory to VS2013 and update Makefiles etc
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-11 18:56:11 +00:00
Gilles Peskine
6b4cb63aed
Merge pull request #6907 from Mbed-TLS/features/new-code-style/development
...
Switch to new code style: development
2023-01-11 19:26:55 +01:00
Gilles Peskine
c848d226bf
Switch code style check to enforcement mode
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:14 +01:00
Gilles Peskine
449bd8303e
Switch to the new code style
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Gilles Peskine
fd13a0f851
Merge pull request #6905 from gilles-peskine-arm/code-style-casts-psa-headers-more
...
Remove redundant error code definitions
2023-01-11 14:40:42 +01:00
Gilles Peskine
c55c343670
Merge pull request #6884 from gilles-peskine-arm/check-files-unicode
...
Reject bad characters in source code
2023-01-11 13:46:59 +01:00
Gilles Peskine
03e99cf14d
Remove redundant error code definitions
...
We're including psa/crypto_values.h, which defines the necessary error
codes. Remove redundant definitions, which hurt because they need to be
styled in exactly the same way (same presence/absence of spaces between
tokens).
This completes the fix of https://github.com/Mbed-TLS/mbedtls/issues/6875 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 11:15:18 +01:00
Ronald Cron
83c5ad4873
Merge pull request #6787 from yuhaoth/pr/workaround-gnutls_anti_replay_fail
...
TLS 1.3: EarlyData: Workaround anti replay fail from GnuTLS
2023-01-11 09:05:36 +01:00
Gilles Peskine
3900bddd77
Merge pull request #6823 from mpg/unify-openssl-variables
...
Use OPENSSL everywhere, not OPENSSL_CMD
2023-01-10 22:10:19 +01:00
Gilles Peskine
f9c8d76db6
Merge pull request #6893 from tom-daubney-arm/modify_generate_errors_script
...
Make generate_errors.pl handle directory names containing spaces when opening files
2023-01-10 22:09:58 +01:00
Gilles Peskine
b4ffe781ed
Merge pull request #6878 from gilles-peskine-arm/code-style-casts-psa-headers
...
Don't restyle some PSA macros
2023-01-10 22:09:13 +01:00
Gilles Peskine
0770efe4e1
Merge pull request #6888 from daverodgman/iar-bignum-warning
...
Fix IAR warning
2023-01-10 22:08:37 +01:00
Dave Rodgman
bbbd803c2e
Add Changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-01-10 10:08:12 +00:00
Thomas Daubney
1efe4a874d
Add ChangeLog entry
...
Add ChangeLog entry documenting bugfix.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-01-10 09:35:39 +00:00