Paul Elliott
fe9d43c21d
Fix generation of ssl_debug_helpers
...
File was being generated with tabs rather than spaces which breaks
release builds
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-08 17:27:25 +01:00
Paul Elliott
6e80e09bd1
Merge pull request #5915 from AndrzejKurek/cid-resumption-clash
...
Fix DTLS 1.2 session resumption
2022-07-06 15:03:36 +01:00
Andrzej Kurek
1ce9ca0630
Changelog rewording
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-06 06:50:30 -04:00
Andrzej Kurek
21b50808cd
Clarify the need for calling mbedtls_ssl_derive_keys after extension parsing
...
Use a more straightforward condition to note that session resumption
is happening.
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-06 03:26:55 -04:00
Paul Elliott
826762e315
Merge pull request #5765 from leorosen/fix-some-resource-leaks
...
Fix resource leaks
2022-07-05 23:12:02 +01:00
Andrzej Kurek
3a29e9cf57
Improve changelog wording
...
Co-authored-by: Ronald Cron <ronald.cron@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-05 10:49:10 -04:00
Dave Rodgman
c6a4a1cc13
Merge pull request #6011 from gabor-mezei-arm/coverity_22_07_01
...
Fix uninitialised memory access in test
2022-07-05 13:59:34 +01:00
Andrzej Kurek
ddb8cd601d
test_suite_ssl: Fix handshake options cleanup
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 16:07:28 -04:00
Manuel Pégourié-Gonnard
0358597589
Merge pull request #5757 from mpg/update-doc-use-psa
...
Update "use PSA" documentation (inc. strategy)
2022-07-04 17:59:00 +02:00
Andrzej Kurek
9dc4402afa
test_suite_ssl: zeroize the cache pointer in case if the struct memory gets reused
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:40:15 -04:00
Andrzej Kurek
1e085686ec
test_suite_ssl: remove unnecessary user data checks
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:40:09 -04:00
Andrzej Kurek
3d0d501517
test_suite_ssl: prefer ASSERT_ALLOC over malloc
...
Fix formatting for option initialization
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:39:34 -04:00
Andrzej Kurek
2e1a232261
Fix changelog wording
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
92d7417d89
Formatting fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
e11acb2c9b
test_suite_ssl: add proper cache cleanup
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
e8ad0d7d42
Disable bad session id length test in TLS 1.3
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
456a109edb
test_suite_ssl: add required dependencies for default handshake parameters
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
6e518ab086
test_suite_ssl: add missing options cleanup
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
ed58b50ea6
test_suite_ssl: add missing MBEDTLS_SSL_SERVER_C dependency
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
626a931bb9
test_suite_ssl: Add missing arguments in endpoint initialization
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:21:59 -04:00
Andrzej Kurek
9abad0c5ef
Improve the changelog message to contain more details
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:18:29 -04:00
Andrzej Kurek
514683abdc
Add a test with a bad session_id_len that makes cache setting fail
...
Force a bad session_id_len before handshake wrapup. This should
result in a forced jump to a clean up of a serialized session.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:18:29 -04:00
Andrzej Kurek
780dc18f74
Refactor test_suite_ssl tests to enable cache setting
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-07-04 10:18:28 -04:00
Paul Elliott
b7aba1a584
Improve Changelog
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-04 06:49:26 -04:00
Paul Elliott
072d2b094d
Add pem_free() to other error paths in pk_parse_public_key()
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-04 06:49:26 -04:00
Leonid Rozenboim
56e01f37a8
Created customary ChangeLog.d entry.
...
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-07-04 06:49:26 -04:00
Leonid Rozenboim
116f50cd96
Fix resource leaks
...
These potential leaks were flagged by the Coverity static analyzer.
Signed-off-by: Leonid Rozenboim <leonid.rozenboim@oracle.com>
2022-07-04 06:49:26 -04:00
Manuel Pégourié-Gonnard
b5b27c1114
Misc clean-ups in docs/use-psa-crypto.md
...
Note: limitations of opaque PSKs changed from "TLS 1.2 only" to "none"
since TLS 1.3 does not support PSK at all so far, and it is expected to
support opaque PSKs as soon as it gains PSK support, it will be just a
matter of selecting between psa_key_derivation_input_bytes() and
psa_key_derivation_input_key() - and testing obviously.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
465341f438
Add ChangeLog entries for general Use PSA improvements
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
2dc436d6e7
Tune description of PSA crypto implementation
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
0dba51cfad
Fix list of what's common to TLS 1.2 and 1.3
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
9bf9b9e269
Link to restartable ECC EPIC
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
cbc03f5377
Update README about USE_PSA_CRYPTO
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
f3f79a00fc
Now compatible with MBEDTLS_PSA_CRYPTO_KEY_ID_ENCODES_OWNER
...
Also make a few general clarifications/improvements while at it.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:37 +02:00
Manuel Pégourié-Gonnard
3e83098e01
Clarify the TLS 1.3 situation
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:44:32 +02:00
Manuel Pégourié-Gonnard
103b9929d1
Remove HKDF-Extract/Expand
...
Being resolved in https://github.com/Mbed-TLS/mbedtls/issues/5784
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
b2bd34ecdc
Update docs/use-psa-crypto.md
...
The scope of the option has been expanded, now it makes more sense to
describe it as "everything except ...".
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
ff43ff6e78
Remove stability waiver from USE_PSA
...
It was initially motivated by the fact that the PSA Crypto APIs
themselves were not stable. In the meantime, PSA Crypto has reached
1.0.0 so this no longer applies.
If we want user to be able to fully benefit from PSA in order to
isolate long-term secrets, they need to be able to use the new APIs with
confidence. There is no reason to think those APIs are any more likely
to change than any of our other APIs, and if they do, we'll follow the
normal process (deprecated in favour of a new variant).
For reference, the APIs in question are:
mbedtls_pk_setup_opaque() // to use PSA-held ECDSA/RSA keys in TLS
mbedtls_ssl_conf_psk_opaque() // for PSA-held PSKs in TLS
mbedtls_ssl_set_hs_psk_opaque() // for PSA-held PSKs in TLS
mbedtls_cipher_setup_psa() (deprecated in 3.2)
mbedtls_pk_wrap_as_opaque() (documented internal, to be removed in 3.2)
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
97ec0b7bfa
Clarify effect of USE_PSA on TLS 1.3
...
The previous wording was wrong, there are parts that are affected.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
2a47d23927
Update strategy.md
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
83c538869e
Update psa-limitations
...
- misc updates about on-going/recent work
- removal of the section about mixed-PSK: being done in #5762
- clarifications in some places
- some typo fixes
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
b8a6c2320e
Update testing.md
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
2ffb93a83b
Rm tasks-g2.md
...
That document was always temporary (said so at the top). Now superseded
by https://github.com/orgs/Mbed-TLS/projects/1#column-18338322
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-07-04 12:38:43 +02:00
Manuel Pégourié-Gonnard
4d7af2aee0
Merge pull request #5835 from superna9999/5831-tls-1-2-ciphersuite-selection
...
Permissions 2a: TLS 1.2 ciphersuite selection
2022-07-04 12:37:02 +02:00
Ronald Cron
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk
...
Refactor signature algorithm chooser
2022-07-04 09:10:08 +02:00
Paul Elliott
7c6b0e4464
Merge pull request #5972 from wernerlewis/migration_guide_removals
...
Add guidance for deprecated functions and macros to migration guide
2022-07-01 17:40:21 +01:00
Neil Armstrong
6931e439e4
Fix Handshake select ECDH-RSA- test dependencies
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-01 18:30:10 +02:00
Paul Elliott
bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints
...
Add accessors to config DN hints for cert request
2022-07-01 17:23:14 +01:00
Ronald Cron
7922bfbd47
Merge pull request #6005 from ronald-cron-arm/tls13-changelogs-doc-update
...
TLS 1.3: Add missing change logs and update doc for 3.2 release
Validated by the internal CI, ready to be merged.
2022-07-01 17:27:33 +02:00
Neil Armstrong
971f30d917
Fix mbedtls_ssl_get_ciphersuite_sig_alg() by returning MBEDTLS_PK_NONE for MBEDTLS_KEY_EXCHANGE_RSA
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-07-01 16:23:50 +02:00