Hanno Becker
64ce974180
Don't check ciphersuite and compression in SSL session cache lookup
...
Session-ID based session resumption requires that the resumed session
is consistent with the client's ClientHello in terms of choice of
ciphersuite and choice of compression.
This check was previously assumed to be performed in the session cache
implementation, which seems wrong: The session cache should be an id-based
lookup only, and protocol specific checks should be left to Mbed TLS.
This commit
- adds an explicit ciphersuite and compression consistency check after
the SSL session cache has been queried
- removes the ciphersuite and compression consistency check from
Mbed TLS' session cache reference implementation.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-04-15 10:47:40 +01:00
Gilles Peskine
fce7061a51
Merge pull request #4324 from chris-jones-arm/remove-default-ticket-lifetime
...
Remove MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME
2021-04-14 14:01:19 +02:00
Chris Jones
9c6356881f
Remove MBEDTLS_SSL_DEFAULT_TICKET_LIFETIME
...
This config option has been unused for >5 years and so should be removed.
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-09 16:10:48 +01:00
Manuel Pégourié-Gonnard
e991aa48c5
Merge pull request #4311 from gilles-peskine-arm/move-internal-headers-doxygen
...
[3.0] Remove obsolete reference to internal headers under include/
2021-04-09 14:40:19 +02:00
Dave Rodgman
2fdd5afc29
Merge pull request #4305 from daverodgman/development_new
...
Merge development onto development_3.0
2021-04-08 15:45:35 +01:00
Dave Rodgman
bd069163be
Fix line lengths in changelog
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-07 16:38:31 +01:00
Dave Rodgman
3b5e6f0b30
Fix some errors relating to header file renames
...
Fix some errors due to renaming of header files in the 3.0 branch.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-07 16:36:53 +01:00
Dave Rodgman
73e3e2cb1a
Merge remote-tracking branch 'origin/development' into development_new
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
Conflicts:
include/mbedtls/check_config.h: nearby edits
library/entropy.c: nearby edits
programs/random/gen_random_havege.c: modification vs. removal
programs/ssl/ssl_test_lib.h: nearby edits
programs/test/cpp_dummy_build.cpp: nearby edits
visualc/VS2010/mbedTLS.vcxproj: automatically generated file,
regenerated with scripts/generate_visualc_files.pl
2021-04-07 16:31:09 +01:00
Dave Rodgman
6741fc9148
Merge pull request #4306 from daverodgman/fix_mps_trace_macros
...
Capitalise MPS trace macros
2021-04-07 16:07:50 +01:00
Dave Rodgman
38ff9adacb
Merge pull request #4308 from daverodgman/checknames-grep
...
Forwardport 3.0: Make check-names.sh accept FreeBSD grep
2021-04-07 15:28:08 +01:00
Dave Rodgman
0708974d85
Merge pull request #4309 from daverodgman/check-names-grep-backport
...
Make check-names.sh accept any grep
2021-04-07 15:27:44 +01:00
Gilles Peskine
0ff0ff776a
Remove obsolete reference to internal headers under include/
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-07 16:16:37 +02:00
Dave Rodgman
95caad3743
Make check-names.sh accept any grep
...
check-names.sh works fine with GNU and with modern FreeBSD grep
so remove the check for GNU grep.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-07 15:01:28 +01:00
Dave Rodgman
6341c068bc
Make check-names.sh accept any grep
...
check-names.sh works fine with GNU and with modern FreeBSD grep
so remove the check for GNU grep.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-07 14:54:33 +01:00
Dave Rodgman
add60da95b
Scan library for enums in list-enum-consts.sh
...
Add library/*.h to the list of files scanned for enums in
list-enum-consts.sh, consistent with the changes made to
list-macros.sh.
This is needed to ensure that check-names.sh passes for the MPS
trace enums.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-07 14:48:14 +01:00
Dave Rodgman
b746825418
Capitalise MPS trace macros
...
Capitalise the MPS trace macros, as per the coding style (and make a slight
change to naming convention to avoid a name collision).
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2021-04-07 12:45:35 +01:00
Gilles Peskine
b420259777
Merge pull request #4174 from gilles-peskine-arm/psa-eddsa-spec
...
PSA Encodings for EdDSA
2021-04-07 11:20:27 +02:00
Gilles Peskine
7bc6a3749c
Merge pull request #3183 from meuter/development
...
RSA PSS signature generation with the option to specify the salt length
2021-04-06 21:36:06 +02:00
Gilles Peskine
889828d0b4
Merge pull request #4279 from ronald-cron-arm/fix-invalid-id-error-code
...
Fix error code when creating/registering a key with invalid id
2021-04-06 18:46:30 +02:00
Gilles Peskine
5ef0b97f87
Don't comment out dependencies
...
This was a mistake, there's no reason for the dependencies to be
commented out. The dependencies on PSA_WANT_ALG_EDDSA aren't actually
necessary at the moment, but they might be in certain configurations
if some macros are simplified to save code size.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-04-06 12:49:56 +02:00
Manuel Pégourié-Gonnard
e6a778286f
Merge pull request #4281 from chris-jones-arm/remove-missing-ref
...
Remove missing reference
2021-04-06 11:06:46 +02:00
Gilles Peskine
a8a7033cb1
Merge pull request #3615 from gilles-peskine-arm/ssl-opt-less-grep-development
...
Speed up ssl-opt.sh when running a small number of test cases
2021-04-06 11:05:34 +02:00
Ronald Cron
6cc6631015
psa: Return in error when requested to copy a key to an opaque driver
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-02 12:27:47 +02:00
Ronald Cron
a0bc2cd4f1
tests: psa: Fix copy fail test argument
...
Fix copy fail test argument for only one of them
to be invalid.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-02 08:56:20 +02:00
Gilles Peskine
d5200371ec
Merge pull request #3512 from gilles-peskine-arm/ecp-alloc-202007
...
Reduce the number of allocations in ECP operations
2021-04-02 00:08:35 +02:00
Ronald Cron
602f986511
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:55:04 +02:00
Ronald Cron
d3b458c452
tests: psa: Fix expected error code
...
Fix expected error code when importing a persistent key or
registering a key with an invalid key identifier:
PSA_ERROR_INVALID_ARGUMENT instead of PSA_ERROR_INVALID_HANDLE.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:54:50 +02:00
Ronald Cron
77e412cd71
psa: Fix error code when creating/registering a key with invalid id
...
When creating a persistent key or registering a key
with an invalid key identifier return
PSA_ERROR_INVALID_ARGUMENT instead of
PSA_ERROR_INVALID_HANDLE.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:05:41 +02:00
Ronald Cron
88a55464f5
tests: psa: Add negative tests for psa_copy_key()
...
Add negative tests checking that psa_copy_key()
returns PSA_ERROR_INVALID_ARGUMENT when passed in
an invalid key identifier or key lifetime for the
target key.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:05:41 +02:00
Ronald Cron
de825e62a6
psa: Fix psa_validate_key_persistence documentation
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-04-01 14:05:41 +02:00
Ronald Cron
2af9641a7d
Merge pull request #4198 from maulik-arm/maulik-arm/fix-4162
...
PSA Update return code for non-existing key in various key operations
2021-04-01 13:27:31 +02:00
Maulik Patel
f41be14269
Add Change log entry for bug fix.
...
Signed-off-by: Maulik Patel <Maulik.Patel@arm.com>
2021-04-01 10:01:32 +01:00
Chris Jones
6f554e388e
Remove reference to include/mbedtls/*_internal.h files
...
Signed-off-by: Chris Jones <christopher.jones@arm.com>
2021-04-01 09:52:37 +01:00
Gilles Peskine
e93095fe6b
Merge pull request #4175 from mpg/expand-doc-visibility
...
Improve the visibility of some informations
2021-03-31 11:48:02 +02:00
Gilles Peskine
bf792e0a82
Merge pull request #3616 from militant-daos/bug_3175
...
Fix premature fopen() call in mbedtls_entropy_write_seed_file
2021-03-30 17:33:08 +02:00
Ronald Cron
17fbf5b3c4
Merge pull request #4237 from paul-elliott-arm/fix_printf_extra
...
Fix printf missed issues
2021-03-30 16:40:56 +02:00
Ronald Cron
48ffe622f9
Merge pull request #4215 from paul-elliott-arm/remove_fallthrough
...
Remove deliberate fallthrough
2021-03-30 16:40:24 +02:00
Ronald Cron
841ae226a4
Merge pull request #4019 from gilles-peskine-arm/etags-no-line-directive
...
TAGS: Fix lookup in test/suites/!(test_suite_*).function
2021-03-30 16:38:26 +02:00
paul-elliott-arm
f08ec01e2b
Merge pull request #4014 from hanno-arm/mps_reader
...
Add MPS reader component
2021-03-29 16:26:02 +01:00
Hanno Becker
ecb02fbbc5
Apply suggestions from code review
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
c0b1b252bc
Update tests/suites/test_suite_mps.function
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
5b3841d592
Fix uninitialized memory bug in MPS reader test
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
3c6386cde5
Revert accidental gitignore change
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
1b1e7eb611
Add unit test for integer overflow in mbedtls_mps_reader_reclaim()
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
d4d33a1b6b
Remove unnecessary check before calling memcpy()
...
This check was added earlier to avoid useless calls to `memcpy()`
with length `0` in the _frequent_ case where we're not accumulating.
By now, the whole code path has been moved to a branch which is only
executed if the reader is accumulating, and the only time this check
would be relevant is if we happen to feed an empty fragment to the
reader. In this case, the call to memcpy() could be removed, but
since this case is exceptional and the call to memcpy() is still
correct even for a length 0 copy, we remove the check for simplicity
of the code.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
756abeb4e1
Fix typo in MPS test suite
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
d7fcbfa71e
Test paused
argument of MPS reader mbedtls_mps_reader_reclaim()
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
032b352684
Improve naming of local variables in MPS reader implementation
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
00931492da
Fix spacing in MPS test suite
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00
Hanno Becker
7594c68049
Document status of MPS upstreaming
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-03-29 14:20:18 +01:00