ARMmbed/mbedtls
1
0
Fork 0
mirror of https://github.com/ARMmbed/mbedtls.git synced 2025-06-01 02:11:23 +08:00
Code Issues Releases Wiki Activity
30,257 Commits 172 Branches 268 Tags
Commit Graph

30257 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Ronald Cron
233fcaadbf tls13: Do not initiate at all resumption if tickets not supported 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-04 15:52:40 +02:00
Ronald Cron
fe15d90f72 tls13: Fix doc of mbedtls_ssl_session_set() - 2 
Fix documentation of mbedtls_ssl_session_set()
regarding its dependency on MBEDTLS_SSL_SESSION_TICKETS
in TLS 1.3 case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-04 15:52:34 +02:00
Ronald Cron
d85eeae740 tls13: Fix doc of mbedtls_ssl_session_set() - 1 
It was eventually decided to not support multiple
tickets in TLS 1.3 ClientHello messages thus
removing the parts in mbedtls_ssl_session_set()
documentation that were anticipating that.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-04 15:39:20 +02:00
Ronald Cron
66a206c26c tls13: Fix doc of mbedtls_ssl_session_get() - 2 
Fix documentation of mbedtls_ssl_session_get()
regarding its interaction with session
ticket enablement.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-04 15:34:22 +02:00
Ronald Cron
81bb589090 tls13: Fix doc of mbedtls_ssl_session_get() - 1 
The API has eventually not been changed to
return multiple tickets through multiple
subsequent call to it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-04 15:30:55 +02:00
Ronald Cron
9314df617b tls: Fix doc of mbedtls_ssl_session_save() 
Fix documentation of mbedtls_ssl_session_save()
regarding its dependency on MBEDTLS_SSL_SESSION_TICKETS
in TLS 1.3 session case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-04 14:07:50 +02:00
Ronald Cron
cf47a15e96 ssl_msg.c: Rename _check_new_session_ticket to _is_new_session_ticket 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-02 17:46:52 +02:00
Ronald Cron
dd96c0a2df all.sh: Use full instead of default as the base for the new component 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-02 17:46:44 +02:00
Ronald Cron
d64fcee58c tests: ssl: Fix dependencies of SRV TLS 1.3 session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-04-02 12:25:56 +02:00
Ronald Cron
ceae4f85ea ssl-opt.sh: Add tests where tickets are ignored 
Add tests where we explicitely check that
tickets are ignored on client side when
the support is not enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Ronald Cron
7df18bc210 tls13: cli: Ignore tickets if not supported 
If a TLS 1.3 client receives a ticket and
the feature is not enabled, ignore it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Norbert Fabritius
4f1c9278cc ssl-opt.sh: Add missing MBEDTLS_SSL_SESSION_TICKETS dependencies 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Norbert Fabritius
d30e91150e all.sh: Add component testing default minus session tickets 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Ronald Cron
161e14faf6 tests: ssl: Fix dependencies of TLS 1.3 session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:37 +01:00
Ronald Cron
8d15e0114b tests: ssl: Add hostname checks in session serialization tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:37:31 +01:00
Ronald Cron
ad0ee1a7c4 tests: ssl: Remove redundant test 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:18:04 +01:00
Ronald Cron
18b92a1aec tests: ssl: Fix session field guards 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 09:07:50 +01:00
Norbert Fabritius
d36913a58f Constify parameter of ssl_tls13_session_load 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Norbert Fabritius
8ceeff95e9 Enable ssl_tls13_get_ciphersuite_hash_alg only if macro is active 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Norbert Fabritius
d60aef0f1b Unconditionally define session variable 
Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Ronald Cron
1f045f3a0c tls13: srv: Fix guards of _is_psk_(ephemeral_)available 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-27 08:22:53 +01:00
Norbert Fabritius
96eed725e1 Guard ticket specific TLS 1.3 function with macro 
Guard ssl_tls13_write_new_session_ticket_coordinate with
MBEDTLS_SSL_SESSION_TICKETS macro.

Signed-off-by: Norbert Fabritius <norbert.fabritius@esrlabs.com>
 2024-03-27 08:22:53 +01:00
Manuel Pégourié-Gonnard
611f899c0c
Merge pull request #8957 from valeriosetti/issue8836 
Unify consistency tests for mbedtls_pk_import_into_psa and mbedtls_pk_copy_from_psa
 2024-03-22 08:57:45 +00:00
Manuel Pégourié-Gonnard
e2925efa42
Merge pull request #8967 from ronald-cron-arm/improve-version-selection-tests-titles 
ssl-opt.sh: Improve version selection test titles
 2024-03-22 08:52:39 +00:00
Manuel Pégourié-Gonnard
2107feb7a6
Merge pull request #8586 from lpy4105/issue/fix-fake-case-listed-in-compat_sh 
Fix fake cases listed of compat.sh
 2024-03-21 15:05:11 +00:00
minosgalanakis
5a9020f5d4
Merge pull request #8941 from daverodgman/branches-3.6lts 
Update BRANCHES for 3.6
 2024-03-21 13:56:34 +00:00
Manuel Pégourié-Gonnard
32a96d656b
Merge pull request #8951 from valeriosetti/issue8938 
mbedtls_pk_setup_opaque always uses PKCS#1v1.5 for RSA keys
 2024-03-21 09:08:34 +00:00
Ronald Cron
35884a4301 ssl-opt.sh: Improve version selection test titles 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2024-03-21 09:44:28 +01:00
Valerio Setti
2833050bb6 test_suite_pk: fix guards in pk_psa_sign() 
If the public key is exported with mbedtls_pk_write_pubkey_der()
it should be re-imported with mbedtls_pk_parse_public_key().
Alternative options (when PK_WRITE is not defined), i.e.
mbedtls_ecp_point_write_binary() and mbedtls_rsa_write_pubkey(),
export the key in a different format which cannot be parsed by
pk_parse module so mbedtls_ecp_point_read_binary() and
mbedtls_rsa_parse_pubkey() should be used respectively in this
case.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-21 05:24:12 +01:00
Valerio Setti
ea01efa589 add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 17:19:08 +01:00
Valerio Setti
144c27b0f3 pkwrite: add new internal symbol for the max supported public key DER length 
This is also used in pk_psa_sign() to properly size buffers holding
the public key.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 17:10:35 +01:00
Valerio Setti
027796c0cc test_suite_pk: uniformly generate RSA and EC keys in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 16:55:35 +01:00
Valerio Setti
6fb2586dfd test_suite_pk: fix guards in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 16:55:14 +01:00
Valerio Setti
1b533ab205 test_suite_pk: test also RSA OAEP in pk_wrap_rsa_decrypt_test_vec() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 15:43:33 +01:00
Valerio Setti
d45836a1c3 pk_wrap: fix algorithm selection in rsa_opaque_decrypt() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 15:42:55 +01:00
Valerio Setti
480dfc7ad7 test_suite_pk: fix guards in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 12:24:29 +01:00
Valerio Setti
237424b84f test_suite_pk: simplify pk_copy_from_psa_success() 
Use mbedtls_test_key_consistency_psa_pk() to verify that the
generated PK contexts match with the original PSA keys instead
of doing sign/verify and encrypt/decrypt.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-20 12:10:38 +01:00
Valerio Setti
f71c060cb2 test_suite_pk: properly size buffers for public keys in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 19:35:37 +01:00
Valerio Setti
aa9cc49879 test_suite_pk: test also RSA keys with PKCS1 v2.1 padding mode in pk_psa_sign() 
Previously only only PKCS1 v1.5 was tested.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 19:03:55 +01:00
Valerio Setti
4f3262de2d pk_wrap: fix algorithm selection in rsa_opaque_sign_wrap() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Valerio Setti
d971b7834b test_suite_pk: fix RSA issue in pk_psa_sign() when !PK_[PARSE|WRITE]_C are defined 
This bug was not found until now because:
- !PK_[WRITE|PARSE]_C is only tested in component_full_no_pkparse_pkwrite()
- the test only case concerning RSA key had MBEDTLS_PK_WRITE_C as dependency
  so it was not executed in that component.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Valerio Setti
c262561424 test_suite_pk: rename some variables in pk_psa_sign() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Valerio Setti
d38480b0e0 test_suite_pk: reshape pk_psa_sign() 
The behavior of the functions is kept intact. Changes concern:
- generate the initial PK context using PSA parameters only; this
  allows to remove 1 input parameter for the test function.
- add/fix comments.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 15:55:32 +01:00
Gilles Peskine
b2b9068264
Merge pull request #8942 from valeriosetti/fix-null-dereference 
[Bugfix] Fix null dereference in `mbedtls_pk_verify_ext()`
 2024-03-19 10:47:29 +00:00
Manuel Pégourié-Gonnard
af14b89824
Merge pull request #8932 from ronald-cron-arm/enable-tls13-by-default 
Enable TLS 1.3 by default
 2024-03-19 09:51:49 +00:00
Valerio Setti
da47518554 test_suite_pk: always test verify_ext with opaque keys in pk_psa_wrap_sign_ext() 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-19 09:54:46 +01:00
Valerio Setti
8ad5be0e5d add changelog 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-18 17:22:52 +01:00
Paul Elliott
92152dc746
Merge pull request #8940 from paul-elliott-arm/add_fixes_to_threading_changelog 
Add issues fixed to threading MVP changelog entry
 2024-03-18 15:30:11 +00:00
Dave Rodgman
0da8c514c3 Replace reference to master 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2024-03-18 15:25:53 +00:00
Valerio Setti
07500fd874 pk: check PK context type in mbedtls_pk_verify_ext() before trying RSA PSS 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2024-03-18 16:22:33 +01:00