Merge pull request #8496 from ronald-cron-arm/remove-cocci-files
Remove unused *.cocci files
diff --git a/BRANCHES.md b/BRANCHES.md
index d3bd75e..c085b16 100644
--- a/BRANCHES.md
+++ b/BRANCHES.md
@@ -106,6 +106,6 @@
- [`development`](https://github.com/Mbed-TLS/mbedtls/)
- [`mbedtls-2.28`](https://github.com/Mbed-TLS/mbedtls/tree/mbedtls-2.28)
maintained until at least the end of 2024, see
- <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.5>.
+ <https://github.com/Mbed-TLS/mbedtls/releases/tag/v2.28.6>.
Users are urged to always use the latest version of a maintained branch.
diff --git a/CMakeLists.txt b/CMakeLists.txt
index cbe5748..36baa3b 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -377,7 +377,7 @@
write_basic_package_version_file(
"cmake/MbedTLSConfigVersion.cmake"
COMPATIBILITY SameMajorVersion
- VERSION 3.5.0)
+ VERSION 3.5.1)
install(
FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"
diff --git a/ChangeLog b/ChangeLog
index 4ba3164..28c45f7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,15 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS 3.5.1 branch released 2023-11-06
+
+Changes
+ * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later
+ license. Users may choose which license they take the code under.
+
+Bugfix
+ * Fix accidental omission of MBEDTLS_TARGET_PREFIX in 3rdparty modules
+ in CMake.
+
= Mbed TLS 3.5.0 branch released 2023-10-05
API changes
diff --git a/ChangeLog.d/fix-3rdparty-target-prefix.txt b/ChangeLog.d/fix-3rdparty-target-prefix.txt
deleted file mode 100644
index db8ed07..0000000
--- a/ChangeLog.d/fix-3rdparty-target-prefix.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Bugfix
- * Fix accidental omission of MBEDTLS_TARGET_PREFIX in 3rdparty modules
- in CMake.
diff --git a/ChangeLog.d/license.txt b/ChangeLog.d/license.txt
deleted file mode 100644
index 0b6bb1f..0000000
--- a/ChangeLog.d/license.txt
+++ /dev/null
@@ -1,3 +0,0 @@
-Changes
- * Mbed TLS is now released under a dual Apache-2.0 OR GPL-2.0-or-later
- license. Users may choose which license they take the code under.
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index f465a45..c391c59 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -10,7 +10,7 @@
*/
/**
- * @mainpage Mbed TLS v3.5.0 API Documentation
+ * @mainpage Mbed TLS v3.5.1 API Documentation
*
* This documentation describes the internal structure of Mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 98b2d79..89048f2 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -1,4 +1,4 @@
-PROJECT_NAME = "Mbed TLS v3.5.0"
+PROJECT_NAME = "Mbed TLS v3.5.1"
OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 2c3d438..44ecacf 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -26,16 +26,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 3
#define MBEDTLS_VERSION_MINOR 5
-#define MBEDTLS_VERSION_PATCH 0
+#define MBEDTLS_VERSION_PATCH 1
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x03050000
-#define MBEDTLS_VERSION_STRING "3.5.0"
-#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.5.0"
+#define MBEDTLS_VERSION_NUMBER 0x03050100
+#define MBEDTLS_VERSION_STRING "3.5.1"
+#define MBEDTLS_VERSION_STRING_FULL "Mbed TLS 3.5.1"
/* Macros for build-time platform detection */
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 6a940d4..542b76d 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -742,6 +742,9 @@
* contexts and therefore is a compatibility break for applications that access
* fields of a mbedtls_ecdh_context structure directly. See also
* MBEDTLS_ECDH_LEGACY_CONTEXT in include/mbedtls/ecdh.h.
+ *
+ * The Everest code is provided under the Apache 2.0 license only; therefore enabling this
+ * option is not compatible with taking the library under the GPL v2.0-or-later license.
*/
//#define MBEDTLS_ECDH_VARIANT_EVEREST_ENABLED
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index 6a4ce51..eeda06a 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -296,7 +296,7 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto})
- set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.5.0 SOVERSION 15)
+ set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.5.1 SOVERSION 15)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
if(TARGET ${everest_target})
@@ -308,11 +308,11 @@
endif()
add_library(${mbedx509_target} SHARED ${src_x509})
- set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.5.0 SOVERSION 6)
+ set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.5.1 SOVERSION 6)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
- set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.5.0 SOVERSION 20)
+ set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.5.1 SOVERSION 20)
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
endif(USE_SHARED_MBEDTLS_LIBRARY)
diff --git a/library/ssl_misc.h b/library/ssl_misc.h
index 57f5f89..be0b77b 100644
--- a/library/ssl_misc.h
+++ b/library/ssl_misc.h
@@ -2800,6 +2800,26 @@
(flags & MBEDTLS_SSL_TLS1_3_TICKET_FLAGS_MASK);
}
+static inline unsigned int mbedtls_ssl_session_check_ticket_flags(
+ mbedtls_ssl_session *session, unsigned int flags)
+{
+ return mbedtls_ssl_session_get_ticket_flags(session, flags) == 0;
+}
+
+static inline unsigned int mbedtls_ssl_session_ticket_allow_psk(
+ mbedtls_ssl_session *session)
+{
+ return !mbedtls_ssl_session_check_ticket_flags(session,
+ MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_RESUMPTION);
+}
+
+static inline unsigned int mbedtls_ssl_session_ticket_allow_psk_ephemeral(
+ mbedtls_ssl_session *session)
+{
+ return !mbedtls_ssl_session_check_ticket_flags(session,
+ MBEDTLS_SSL_TLS1_3_TICKET_ALLOW_PSK_EPHEMERAL_RESUMPTION);
+}
+
static inline void mbedtls_ssl_session_set_ticket_flags(
mbedtls_ssl_session *session, unsigned int flags)
{
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 97ae51c..eac6326 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1892,36 +1892,6 @@
ret = MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE;
goto cleanup;
}
-#if defined(MBEDTLS_SSL_EARLY_DATA)
- if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA) &&
- (handshake->selected_identity != 0 ||
- handshake->ciphersuite_info->id !=
- ssl->session_negotiate->ciphersuite)) {
- /* RFC8446 4.2.11
- * If the server supplies an "early_data" extension, the
- * client MUST verify that the server's selected_identity
- * is 0. If any other value is returned, the client MUST
- * abort the handshake with an "illegal_parameter" alert.
- *
- * RFC 8446 4.2.10
- * In order to accept early data, the server MUST have accepted a PSK
- * cipher suite and selected the first key offered in the client's
- * "pre_shared_key" extension. In addition, it MUST verify that the
- * following values are the same as those associated with the
- * selected PSK:
- * - The TLS version number
- * - The selected cipher suite
- * - The selected ALPN [RFC7301] protocol, if any
- *
- * We check here that when early data is involved the server
- * selected the cipher suite associated to the pre-shared key
- * as it must have.
- */
- MBEDTLS_SSL_PEND_FATAL_ALERT(MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
- MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
- return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
- }
-#endif
if (!mbedtls_ssl_conf_tls13_check_kex_modes(
ssl, handshake->key_exchange_mode)) {
@@ -2197,6 +2167,9 @@
int ret;
unsigned char *buf;
size_t buf_len;
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ mbedtls_ssl_handshake_params *handshake = ssl->handshake;
+#endif
MBEDTLS_SSL_DEBUG_MSG(2, ("=> parse encrypted extensions"));
@@ -2209,8 +2182,37 @@
ssl_tls13_parse_encrypted_extensions(ssl, buf, buf + buf_len));
#if defined(MBEDTLS_SSL_EARLY_DATA)
- if (ssl->handshake->received_extensions &
- MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) {
+ if (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(EARLY_DATA)) {
+ /* RFC8446 4.2.11
+ * If the server supplies an "early_data" extension, the
+ * client MUST verify that the server's selected_identity
+ * is 0. If any other value is returned, the client MUST
+ * abort the handshake with an "illegal_parameter" alert.
+ *
+ * RFC 8446 4.2.10
+ * In order to accept early data, the server MUST have accepted a PSK
+ * cipher suite and selected the first key offered in the client's
+ * "pre_shared_key" extension. In addition, it MUST verify that the
+ * following values are the same as those associated with the
+ * selected PSK:
+ * - The TLS version number
+ * - The selected cipher suite
+ * - The selected ALPN [RFC7301] protocol, if any
+ *
+ * We check here that when early data is involved the server
+ * selected the cipher suite associated to the pre-shared key
+ * as it must have.
+ */
+ if (handshake->selected_identity != 0 ||
+ handshake->ciphersuite_info->id !=
+ ssl->session_negotiate->ciphersuite) {
+
+ MBEDTLS_SSL_PEND_FATAL_ALERT(
+ MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER);
+ return MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER;
+ }
+
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
}
#endif
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 815c0a9..061dcf7 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -94,6 +94,10 @@
#define SSL_TLS1_3_OFFERED_PSK_MATCH 0
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl);
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl);
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_offered_psks_check_identity_match_ticket(
@@ -105,6 +109,7 @@
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
unsigned char *ticket_buffer;
+ unsigned int key_exchanges;
#if defined(MBEDTLS_HAVE_TIME)
mbedtls_time_t now;
uint64_t age_in_s;
@@ -147,6 +152,12 @@
/* We delete the temporary buffer */
mbedtls_free(ticket_buffer);
+ if (ret == 0 && session->tls_version != MBEDTLS_SSL_VERSION_TLS1_3) {
+ MBEDTLS_SSL_DEBUG_MSG(3, ("Ticket TLS version is not 1.3."));
+ /* TODO: Define new return value for this case. */
+ ret = MBEDTLS_ERR_SSL_BAD_PROTOCOL_VERSION;
+ }
+
if (ret != 0) {
goto exit;
}
@@ -160,13 +171,19 @@
* We regard the ticket with incompatible key exchange modes as not match.
*/
ret = MBEDTLS_ERR_ERROR_GENERIC_ERROR;
- MBEDTLS_SSL_PRINT_TICKET_FLAGS(4,
- session->ticket_flags);
- if (mbedtls_ssl_tls13_check_kex_modes(
- ssl,
- mbedtls_ssl_session_get_ticket_flags(
- session,
- MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ALL))) {
+ MBEDTLS_SSL_PRINT_TICKET_FLAGS(4, session->ticket_flags);
+
+ key_exchanges = 0;
+ if (mbedtls_ssl_session_ticket_allow_psk_ephemeral(session) &&
+ ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
+ key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+ }
+ if (mbedtls_ssl_session_ticket_allow_psk(session) &&
+ ssl_tls13_check_psk_key_exchange(ssl)) {
+ key_exchanges |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
+ }
+
+ if (key_exchanges == 0) {
MBEDTLS_SSL_DEBUG_MSG(3, ("No suitable key exchange mode"));
goto exit;
}
@@ -979,6 +996,26 @@
}
#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED */
+#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED)
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_ticket_permission_check(mbedtls_ssl_context *ssl,
+ unsigned int kex_mode)
+{
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ if (ssl->handshake->resume) {
+ if (mbedtls_ssl_session_check_ticket_flags(
+ ssl->session_negotiate, kex_mode)) {
+ return 0;
+ }
+ }
+#else
+ ((void) ssl);
+ ((void) kex_mode);
+#endif
+ return 1;
+}
+#endif /* MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_SOME_PSK_ENABLED */
+
MBEDTLS_CHECK_RETURN_CRITICAL
static int ssl_tls13_check_ephemeral_key_exchange(mbedtls_ssl_context *ssl)
{
@@ -995,7 +1032,9 @@
static int ssl_tls13_check_psk_key_exchange(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED)
- return mbedtls_ssl_conf_tls13_psk_enabled(ssl) &&
+ return ssl_tls13_ticket_permission_check(
+ ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK) &&
+ mbedtls_ssl_conf_tls13_psk_enabled(ssl) &&
mbedtls_ssl_tls13_psk_enabled(ssl) &&
ssl_tls13_client_hello_has_exts_for_psk_key_exchange(ssl);
#else
@@ -1008,7 +1047,9 @@
static int ssl_tls13_check_psk_ephemeral_key_exchange(mbedtls_ssl_context *ssl)
{
#if defined(MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED)
- return mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) &&
+ return ssl_tls13_ticket_permission_check(
+ ssl, MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL) &&
+ mbedtls_ssl_conf_tls13_psk_ephemeral_enabled(ssl) &&
mbedtls_ssl_tls13_psk_ephemeral_enabled(ssl) &&
ssl_tls13_client_hello_has_exts_for_psk_ephemeral_key_exchange(ssl);
#else
@@ -1691,9 +1732,8 @@
* - The content up to but excluding the PSK extension, if present.
*/
/* If we've settled on a PSK-based exchange, parse PSK identity ext */
- if (mbedtls_ssl_tls13_some_psk_enabled(ssl) &&
- mbedtls_ssl_conf_tls13_some_psk_enabled(ssl) &&
- (handshake->received_extensions & MBEDTLS_SSL_EXT_MASK(PRE_SHARED_KEY))) {
+ if (ssl_tls13_check_psk_key_exchange(ssl) ||
+ ssl_tls13_check_psk_ephemeral_key_exchange(ssl)) {
ret = handshake->update_checksum(ssl, buf,
pre_shared_key_ext - buf);
if (0 != ret) {
@@ -1750,9 +1790,59 @@
return;
}
- /* We do not accept early data for the time being */
ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_REJECTED;
+ if (ssl->conf->early_data_enabled == MBEDTLS_SSL_EARLY_DATA_DISABLED) {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1,
+ ("EarlyData: rejected, feature disabled in server configuration."));
+ return;
+ }
+
+ if (!handshake->resume) {
+ /* We currently support early data only in the case of PSKs established
+ via a NewSessionTicket message thus in the case of a session
+ resumption. */
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ("EarlyData: rejected, not a session resumption."));
+ return;
+ }
+
+ /* RFC 8446 4.2.10
+ *
+ * In order to accept early data, the server MUST have accepted a PSK cipher
+ * suite and selected the first key offered in the client's "pre_shared_key"
+ * extension. In addition, it MUST verify that the following values are the
+ * same as those associated with the selected PSK:
+ * - The TLS version number
+ * - The selected cipher suite
+ * - The selected ALPN [RFC7301] protocol, if any
+ *
+ * NOTE:
+ * - The TLS version number is checked in
+ * ssl_tls13_offered_psks_check_identity_match_ticket().
+ * - ALPN is not checked for the time being (TODO).
+ */
+
+ if (handshake->selected_identity != 0) {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ("EarlyData: rejected, the selected key in "
+ "`pre_shared_key` is not the first one."));
+ return;
+ }
+
+ if (handshake->ciphersuite_info->id !=
+ ssl->session_negotiate->ciphersuite) {
+ MBEDTLS_SSL_DEBUG_MSG(
+ 1, ("EarlyData: rejected, the selected ciphersuite is not the one "
+ "of the selected pre-shared key."));
+ return;
+
+ }
+
+
+ ssl->early_data_status = MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED;
+
}
#endif /* MBEDTLS_SSL_EARLY_DATA */
@@ -2412,6 +2502,16 @@
p += output_len;
#endif /* MBEDTLS_SSL_ALPN */
+#if defined(MBEDTLS_SSL_EARLY_DATA)
+ if (ssl->early_data_status == MBEDTLS_SSL_EARLY_DATA_STATUS_ACCEPTED) {
+ ret = mbedtls_ssl_tls13_write_early_data_ext(ssl, p, end, &output_len);
+ if (ret != 0) {
+ return ret;
+ }
+ p += output_len;
+ }
+#endif /* MBEDTLS_SSL_EARLY_DATA */
+
extensions_len = (p - p_extensions_len) - 2;
MBEDTLS_PUT_UINT16_BE(extensions_len, p_extensions_len, 0);
diff --git a/tests/opt-testcases/tls13-kex-modes.sh b/tests/opt-testcases/tls13-kex-modes.sh
index 6556cd4..4581bc5 100755
--- a/tests/opt-testcases/tls13-kex-modes.sh
+++ b/tests/opt-testcases/tls13-kex-modes.sh
@@ -550,7 +550,7 @@
-s "found pre_shared_key extension" \
-S "Found PSK_EPHEMERAL KEX MODE" \
-s "Found PSK KEX MODE" \
- -s "Pre shared key found" \
+ -S "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
@@ -733,7 +733,7 @@
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
- -s "Pre shared key found" \
+ -S "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
@@ -1413,7 +1413,7 @@
-s "found pre_shared_key extension" \
-s "Found PSK_EPHEMERAL KEX MODE" \
-S "Found PSK KEX MODE" \
- -s "Pre shared key found" \
+ -S "Pre shared key found" \
-S "No matched PSK or ticket" \
-S "key exchange mode: psk$" \
-S "key exchange mode: psk_ephemeral" \
diff --git a/tests/opt-testcases/tls13-misc.sh b/tests/opt-testcases/tls13-misc.sh
index 3182b48..3816a2b 100755
--- a/tests/opt-testcases/tls13-misc.sh
+++ b/tests/opt-testcases/tls13-misc.sh
@@ -411,7 +411,8 @@
0 \
-c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \
- -s "found matched identity"
+ -s "found matched identity" \
+ -s "key exchange mode: psk_ephemeral"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@@ -423,7 +424,8 @@
0 \
-c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \
- -s "found matched identity"
+ -s "found matched identity" \
+ -s "key exchange mode: psk_ephemeral"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@@ -466,7 +468,8 @@
0 \
-c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \
- -s "found matched identity"
+ -s "found matched identity" \
+ -s "key exchange mode: psk_ephemeral"
requires_all_configs_enabled MBEDTLS_SSL_SESSION_TICKETS \
MBEDTLS_SSL_SRV_C MBEDTLS_SSL_CLI_C MBEDTLS_DEBUG_C \
@@ -479,7 +482,11 @@
0 \
-c "Pre-configured PSK number = 1" \
-S "No suitable key exchange mode" \
- -s "found matched identity"
+ -s "found matched identity" \
+ -s "key exchange mode: psk_ephemeral"
+
+EARLY_DATA_INPUT_LEN_BLOCKS=$(( ( $( cat $EARLY_DATA_INPUT | wc -c ) + 31 ) / 32 ))
+EARLY_DATA_INPUT_LEN=$(( $EARLY_DATA_INPUT_LEN_BLOCKS * 32 ))
requires_gnutls_next
requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
@@ -496,3 +503,20 @@
-s "EncryptedExtensions: early_data(42) extension does not exist." \
-s "NewSessionTicket: early_data(42) extension does not exist." \
-s "Last error was: -29056 - SSL - Verification of the message MAC failed"
+
+requires_gnutls_next
+requires_all_configs_enabled MBEDTLS_SSL_EARLY_DATA MBEDTLS_SSL_SESSION_TICKETS \
+ MBEDTLS_SSL_SRV_C MBEDTLS_DEBUG_C MBEDTLS_HAVE_TIME \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_EPHEMERAL_ENABLED \
+ MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_any_configs_enabled MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_ENABLED \
+ MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL_ENABLED
+run_test "TLS 1.3 G->m: EarlyData: feature is enabled, fail." \
+ "$P_SRV force_version=tls13 debug_level=4 max_early_data_size=$EARLY_DATA_INPUT_LEN" \
+ "$G_NEXT_CLI localhost --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+GROUP-ALL:+KX-ALL \
+ -d 10 -r --earlydata $EARLY_DATA_INPUT " \
+ 1 \
+ -s "ClientHello: early_data(42) extension exists." \
+ -s "EncryptedExtensions: early_data(42) extension exists." \
+ -s "NewSessionTicket: early_data(42) extension does not exist." \
+ -s "Last error was: -29056 - SSL - Verification of the message MAC failed"
diff --git a/tests/suites/test_suite_constant_time_hmac.function b/tests/suites/test_suite_constant_time_hmac.function
index 435e4b9..9d9aa3c 100644
--- a/tests/suites/test_suite_constant_time_hmac.function
+++ b/tests/suites/test_suite_constant_time_hmac.function
@@ -4,6 +4,7 @@
#include <mbedtls/md.h>
#include <constant_time_internal.h>
#include "md_psa.h"
+#include <ssl_misc.h>
#include <test/constant_flow.h>
/* END_HEADER */
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index 11c41b0..faa3166 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compile time library version
-check_compiletime_version:"3.5.0"
+check_compiletime_version:"3.5.1"
Check runtime library version
-check_runtime_version:"3.5.0"
+check_runtime_version:"3.5.1"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0