Merge pull request #6086 from paul-elliott-arm/fix_cmake_no_gen_files
Fix linking of generated files in cmake
diff --git a/CMakeLists.txt b/CMakeLists.txt
index 3ac323e..bb86788 100644
--- a/CMakeLists.txt
+++ b/CMakeLists.txt
@@ -351,7 +351,7 @@
write_basic_package_version_file(
"cmake/MbedTLSConfigVersion.cmake"
COMPATIBILITY SameMajorVersion
- VERSION 3.2.0)
+ VERSION 3.2.1)
install(
FILES "${CMAKE_CURRENT_BINARY_DIR}/cmake/MbedTLSConfig.cmake"
diff --git a/ChangeLog b/ChangeLog
index 6b1bb21..6dfb23f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,10 @@
Mbed TLS ChangeLog (Sorted per branch, date)
+= Mbed TLS 3.2.1 branch released 2022-07-12
+
+Bugfix
+ * Re-add missing generated file library/ssl_debug_helpers_generated.c
+
= Mbed TLS 3.2.0 branch released 2022-07-11
Default behavior changes
diff --git a/ChangeLog.d/fix-aes-shallow-copying.txt b/ChangeLog.d/fix-aes-shallow-copying.txt
new file mode 100644
index 0000000..0c119d6
--- /dev/null
+++ b/ChangeLog.d/fix-aes-shallow-copying.txt
@@ -0,0 +1,2 @@
+Bugfix
+ * Refactor mbedtls_aes_context to support shallow-copying. Fixes #2147.
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 282e9bf..c05042b 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -22,7 +22,7 @@
*/
/**
- * @mainpage mbed TLS v3.2.0 source code documentation
+ * @mainpage mbed TLS v3.2.1 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index 653babc..f722d28 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -1,4 +1,4 @@
-PROJECT_NAME = "mbed TLS v3.2.0"
+PROJECT_NAME = "mbed TLS v3.2.1"
OUTPUT_DIRECTORY = ../apidoc/
FULL_PATH_NAMES = NO
OPTIMIZE_OUTPUT_FOR_C = YES
diff --git a/include/mbedtls/aes.h b/include/mbedtls/aes.h
index 144bd89..c359011 100644
--- a/include/mbedtls/aes.h
+++ b/include/mbedtls/aes.h
@@ -80,7 +80,8 @@
typedef struct mbedtls_aes_context
{
int MBEDTLS_PRIVATE(nr); /*!< The number of rounds. */
- uint32_t *MBEDTLS_PRIVATE(rk); /*!< AES round keys. */
+ size_t MBEDTLS_PRIVATE(rk_offset); /*!< The offset in array elements to AES
+ round keys in the buffer. */
uint32_t MBEDTLS_PRIVATE(buf)[68]; /*!< Unaligned data buffer. This buffer can
hold 32 extra Bytes, which can be used for
one of the following purposes:
diff --git a/include/mbedtls/build_info.h b/include/mbedtls/build_info.h
index 75545f2..234debd 100644
--- a/include/mbedtls/build_info.h
+++ b/include/mbedtls/build_info.h
@@ -38,16 +38,16 @@
*/
#define MBEDTLS_VERSION_MAJOR 3
#define MBEDTLS_VERSION_MINOR 2
-#define MBEDTLS_VERSION_PATCH 0
+#define MBEDTLS_VERSION_PATCH 1
/**
* The single version number has the following structure:
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x03020000
-#define MBEDTLS_VERSION_STRING "3.2.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.2.0"
+#define MBEDTLS_VERSION_NUMBER 0x03020100
+#define MBEDTLS_VERSION_STRING "3.2.1"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 3.2.1"
#if defined(_MSC_VER) && !defined(_CRT_SECURE_NO_DEPRECATE)
#define _CRT_SECURE_NO_DEPRECATE 1
diff --git a/include/mbedtls/check_config.h b/include/mbedtls/check_config.h
index 5fe9849..cd17f9d 100644
--- a/include/mbedtls/check_config.h
+++ b/include/mbedtls/check_config.h
@@ -843,6 +843,11 @@
#error "MBEDTLS_SSL_TICKET_C defined, but not all prerequisites"
#endif
+#if defined(MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH) && \
+ MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH >= 256
+#error "MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH must be less than 256"
+#endif
+
#if defined(MBEDTLS_SSL_SERVER_NAME_INDICATION) && \
!defined(MBEDTLS_X509_CRT_PARSE_C)
#error "MBEDTLS_SSL_SERVER_NAME_INDICATION defined, but not all prerequisites"
diff --git a/include/mbedtls/mbedtls_config.h b/include/mbedtls/mbedtls_config.h
index 1c60ec8..2bf24a0 100644
--- a/include/mbedtls/mbedtls_config.h
+++ b/include/mbedtls/mbedtls_config.h
@@ -1542,6 +1542,15 @@
//#define MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
/**
+ * \def MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH
+ *
+ * Size in bytes of a ticket nonce. This is not used in TLS 1.2.
+ *
+ * This must be less than 256.
+ */
+#define MBEDTLS_SSL_TLS1_3_TICKET_NONCE_LENGTH 32
+
+/**
* \def MBEDTLS_SSL_PROTO_DTLS
*
* Enable support for DTLS (all available versions).
diff --git a/include/mbedtls/ssl.h b/include/mbedtls/ssl.h
index b3b5d47..e665ec1 100644
--- a/include/mbedtls/ssl.h
+++ b/include/mbedtls/ssl.h
@@ -98,6 +98,8 @@
/* Error space gap */
/** Processing of the Certificate handshake message failed. */
#define MBEDTLS_ERR_SSL_BAD_CERTIFICATE -0x7A00
+/** Received NewSessionTicket Post Handshake Message */
+#define MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET -0x7B00
/* Error space gap */
/* Error space gap */
/* Error space gap */
@@ -170,6 +172,15 @@
#define MBEDTLS_ERR_SSL_BAD_CONFIG -0x5E80
/*
+ * Constants from RFC 8446 for TLS 1.3 PSK modes
+ *
+ * Those are used in the Pre-Shared Key Exchange Modes extension.
+ * See Section 4.2.9 in RFC 8446.
+ */
+#define MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE 0 /* Pure PSK-based exchange */
+#define MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE 1 /* PSK+ECDHE-based exchange */
+
+/*
* TLS 1.3 NamedGroup values
*
* From RF 8446
@@ -324,6 +335,13 @@
#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_CLIENT 1
#define MBEDTLS_SSL_SRV_CIPHERSUITE_ORDER_SERVER 0
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+#if defined(MBEDTLS_SHA384_C)
+#define MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN 48
+#elif defined(MBEDTLS_SHA256_C)
+#define MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN 32
+#endif /* MBEDTLS_SHA256_C */
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
/*
* Default range for DTLS retransmission timer value, in milliseconds.
* RFC 6347 4.2.4.1 says from 1 second to 60 seconds.
@@ -640,7 +658,7 @@
MBEDTLS_SSL_FLUSH_BUFFERS,
MBEDTLS_SSL_HANDSHAKE_WRAPUP,
MBEDTLS_SSL_HANDSHAKE_OVER,
- MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET,
+ MBEDTLS_SSL_NEW_SESSION_TICKET,
MBEDTLS_SSL_SERVER_HELLO_VERIFY_REQUEST_SENT,
MBEDTLS_SSL_HELLO_RETRY_REQUEST,
MBEDTLS_SSL_ENCRYPTED_EXTENSIONS,
@@ -1162,6 +1180,17 @@
uint32_t MBEDTLS_PRIVATE(ticket_lifetime); /*!< ticket lifetime hint */
#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3) && defined(MBEDTLS_SSL_SESSION_TICKETS)
+ uint32_t MBEDTLS_PRIVATE(ticket_age_add); /*!< Randomly generated value used to obscure the age of the ticket */
+ uint8_t MBEDTLS_PRIVATE(resumption_key_len); /*!< resumption_key length */
+ unsigned char MBEDTLS_PRIVATE(resumption_key)[MBEDTLS_SSL_TLS1_3_TICKET_RESUMPTION_KEY_LEN];
+
+#if defined(MBEDTLS_HAVE_TIME) && defined(MBEDTLS_SSL_CLI_C)
+ mbedtls_time_t MBEDTLS_PRIVATE(ticket_received); /*!< time ticket was received */
+#endif /* MBEDTLS_HAVE_TIME && MBEDTLS_SSL_CLI_C */
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 && MBEDTLS_SSL_SESSION_TICKETS */
+
#if defined(MBEDTLS_SSL_ENCRYPT_THEN_MAC)
int MBEDTLS_PRIVATE(encrypt_then_mac); /*!< flag for EtM activation */
#endif
diff --git a/include/psa/crypto_values.h b/include/psa/crypto_values.h
index b3526ae..b5f6501 100644
--- a/include/psa/crypto_values.h
+++ b/include/psa/crypto_values.h
@@ -1400,9 +1400,11 @@
* This is the signature scheme defined by RFC 8017
* (PKCS#1: RSA Cryptography Specifications) under the name
* RSASSA-PSS, with the message generation function MGF1, and with
- * a salt length equal to the length of the hash. The specified
- * hash algorithm is used to hash the input message, to create the
- * salted hash, and for the mask generation.
+ * a salt length equal to the length of the hash, or the largest
+ * possible salt length for the algorithm and key size if that is
+ * smaller than the hash length. The specified hash algorithm is
+ * used to hash the input message, to create the salted hash, and
+ * for the mask generation.
*
* \param hash_alg A hash algorithm (\c PSA_ALG_XXX value such that
* #PSA_ALG_IS_HASH(\p hash_alg) is true).
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index d652157..0884f57 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -274,7 +274,7 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
set(CMAKE_LIBRARY_PATH ${CMAKE_CURRENT_BINARY_DIR})
add_library(${mbedcrypto_target} SHARED ${src_crypto})
- set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.2.0 SOVERSION 12)
+ set_target_properties(${mbedcrypto_target} PROPERTIES VERSION 3.2.1 SOVERSION 12)
target_link_libraries(${mbedcrypto_target} PUBLIC ${libs})
if(TARGET everest)
@@ -282,11 +282,11 @@
endif()
add_library(${mbedx509_target} SHARED ${src_x509})
- set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.2.0 SOVERSION 4)
+ set_target_properties(${mbedx509_target} PROPERTIES VERSION 3.2.1 SOVERSION 4)
target_link_libraries(${mbedx509_target} PUBLIC ${libs} ${mbedcrypto_target})
add_library(${mbedtls_target} SHARED ${src_tls})
- set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.2.0 SOVERSION 18)
+ set_target_properties(${mbedtls_target} PROPERTIES VERSION 3.2.1 SOVERSION 18)
target_link_libraries(${mbedtls_target} PUBLIC ${libs} ${mbedx509_target})
endif(USE_SHARED_MBEDTLS_LIBRARY)
diff --git a/library/aes.c b/library/aes.c
index bf5d432..ca94e0a 100644
--- a/library/aes.c
+++ b/library/aes.c
@@ -550,19 +550,19 @@
}
#endif
+ ctx->rk_offset = 0;
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
if( aes_padlock_ace == -1 )
aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
if( aes_padlock_ace )
- ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf );
- else
+ ctx->rk_offset = MBEDTLS_PADLOCK_ALIGN16( ctx->buf ) - ctx->buf;
#endif
- ctx->rk = RK = ctx->buf;
+ RK = ctx->buf + ctx->rk_offset;
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
- return( mbedtls_aesni_setkey_enc( (unsigned char *) ctx->rk, key, keybits ) );
+ return( mbedtls_aesni_setkey_enc( (unsigned char *) RK, key, keybits ) );
#endif
for( i = 0; i < ( keybits >> 5 ); i++ )
@@ -654,15 +654,15 @@
mbedtls_aes_init( &cty );
+ ctx->rk_offset = 0;
#if defined(MBEDTLS_PADLOCK_C) && defined(MBEDTLS_PADLOCK_ALIGN16)
if( aes_padlock_ace == -1 )
aes_padlock_ace = mbedtls_padlock_has_support( MBEDTLS_PADLOCK_ACE );
if( aes_padlock_ace )
- ctx->rk = RK = MBEDTLS_PADLOCK_ALIGN16( ctx->buf );
- else
+ ctx->rk_offset = MBEDTLS_PADLOCK_ALIGN16( ctx->buf ) - ctx->buf;
#endif
- ctx->rk = RK = ctx->buf;
+ RK = ctx->buf + ctx->rk_offset;
/* Also checks keybits */
if( ( ret = mbedtls_aes_setkey_enc( &cty, key, keybits ) ) != 0 )
@@ -673,13 +673,13 @@
#if defined(MBEDTLS_AESNI_C) && defined(MBEDTLS_HAVE_X86_64)
if( mbedtls_aesni_has_support( MBEDTLS_AESNI_AES ) )
{
- mbedtls_aesni_inverse_key( (unsigned char *) ctx->rk,
- (const unsigned char *) cty.rk, ctx->nr );
+ mbedtls_aesni_inverse_key( (unsigned char *) RK,
+ (const unsigned char *) ( cty.buf + cty.rk_offset ), ctx->nr );
goto exit;
}
#endif
- SK = cty.rk + cty.nr * 4;
+ SK = cty.buf + cty.rk_offset + cty.nr * 4;
*RK++ = *SK++;
*RK++ = *SK++;
@@ -843,7 +843,7 @@
unsigned char output[16] )
{
int i;
- uint32_t *RK = ctx->rk;
+ uint32_t *RK = ctx->buf + ctx->rk_offset;
struct
{
uint32_t X[4];
@@ -907,7 +907,7 @@
unsigned char output[16] )
{
int i;
- uint32_t *RK = ctx->rk;
+ uint32_t *RK = ctx->buf + ctx->rk_offset;
struct
{
uint32_t X[4];
@@ -971,7 +971,6 @@
unsigned char output[16] )
{
AES_VALIDATE_RET( ctx != NULL );
- AES_VALIDATE_RET( ctx->rk != NULL );
AES_VALIDATE_RET( input != NULL );
AES_VALIDATE_RET( output != NULL );
AES_VALIDATE_RET( mode == MBEDTLS_AES_ENCRYPT ||
diff --git a/library/aesni.c b/library/aesni.c
index be226c9..87d818a 100644
--- a/library/aesni.c
+++ b/library/aesni.c
@@ -127,7 +127,7 @@
"3: \n\t"
"movdqu %%xmm0, (%4) \n\t" // export output
:
- : "r" (ctx->nr), "r" (ctx->rk), "r" (mode), "r" (input), "r" (output)
+ : "r" (ctx->nr), "r" (ctx->buf + ctx->rk_offset), "r" (mode), "r" (input), "r" (output)
: "memory", "cc", "xmm0", "xmm1" );
diff --git a/library/padlock.c b/library/padlock.c
index b8ba105..a128775 100644
--- a/library/padlock.c
+++ b/library/padlock.c
@@ -82,7 +82,11 @@
uint32_t *ctrl;
unsigned char buf[256];
- rk = ctx->rk;
+ rk = ctx->buf + ctx->rk_offset;
+
+ if( ( (long) rk & 15 ) != 0 )
+ return( MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED );
+
blk = MBEDTLS_PADLOCK_ALIGN16( buf );
memcpy( blk, input, 16 );
@@ -125,11 +129,13 @@
uint32_t *ctrl;
unsigned char buf[256];
+ rk = ctx->buf + ctx->rk_offset;
+
if( ( (long) input & 15 ) != 0 ||
- ( (long) output & 15 ) != 0 )
+ ( (long) output & 15 ) != 0 ||
+ ( (long) rk & 15 ) != 0 )
return( MBEDTLS_ERR_PADLOCK_DATA_MISALIGNED );
- rk = ctx->rk;
iw = MBEDTLS_PADLOCK_ALIGN16( buf );
memcpy( iw, iv, 16 );
diff --git a/library/ssl_msg.c b/library/ssl_msg.c
index fb0b709..dbef29b 100644
--- a/library/ssl_msg.c
+++ b/library/ssl_msg.c
@@ -5288,6 +5288,50 @@
}
#endif /* MBEDTLS_SSL_RENEGOTIATION */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_check_new_session_ticket( mbedtls_ssl_context *ssl )
+{
+
+ if( ( ssl->in_hslen == mbedtls_ssl_hs_hdr_len( ssl ) ) ||
+ ( ssl->in_msg[0] != MBEDTLS_SSL_HS_NEW_SESSION_TICKET ) )
+ {
+ return( 0 );
+ }
+
+ ssl->keep_current_message = 1;
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "NewSessionTicket received" ) );
+ mbedtls_ssl_handshake_set_state( ssl,
+ MBEDTLS_SSL_NEW_SESSION_TICKET );
+
+ return( MBEDTLS_ERR_SSL_WANT_READ );
+}
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl )
+{
+
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "received post-handshake message" ) );
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS) && defined(MBEDTLS_SSL_CLI_C)
+ if( ssl->conf->endpoint == MBEDTLS_SSL_IS_CLIENT )
+ {
+ int ret = ssl_tls13_check_new_session_ticket( ssl );
+ if( ret != 0 )
+ return( ret );
+ }
+#endif /* MBEDTLS_SSL_SESSION_TICKETS && MBEDTLS_SSL_CLI_C */
+
+ /* Fail in all other cases. */
+ return( MBEDTLS_ERR_SSL_UNEXPECTED_MESSAGE );
+}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
/* This function is called from mbedtls_ssl_read() when a handshake message is
* received after the initial handshake. In this context, handshake messages
* may only be sent for the purpose of initiating renegotiations.
@@ -5298,7 +5342,7 @@
* TLS 1.3 in the future without bloating the logic of mbedtls_ssl_read().
*/
MBEDTLS_CHECK_RETURN_CRITICAL
-static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl )
+static int ssl_tls12_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl )
{
int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
@@ -5380,18 +5424,39 @@
MBEDTLS_SSL_DEBUG_MSG( 3, ( "refusing renegotiation, sending alert" ) );
-#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
if( ( ret = mbedtls_ssl_send_alert_message( ssl,
MBEDTLS_SSL_ALERT_LEVEL_WARNING,
MBEDTLS_SSL_ALERT_MSG_NO_RENEGOTIATION ) ) != 0 )
{
return( ret );
}
-#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
}
return( 0 );
}
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_handle_hs_message_post_handshake( mbedtls_ssl_context *ssl )
+{
+ /* Check protocol version and dispatch accordingly. */
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+ if( ssl->tls_version == MBEDTLS_SSL_VERSION_TLS1_3 )
+ {
+ return( ssl_tls13_handle_hs_message_post_handshake( ssl ) );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
+#if defined(MBEDTLS_SSL_PROTO_TLS1_2)
+ if( ssl->tls_version <= MBEDTLS_SSL_VERSION_TLS1_2 )
+ {
+ return( ssl_tls12_handle_hs_message_post_handshake( ssl ) );
+ }
+#endif /* MBEDTLS_SSL_PROTO_TLS1_2 */
+
+ /* Should never happen */
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+}
/*
* Receive application data decrypted from the SSL layer
diff --git a/library/ssl_tls12_client.c b/library/ssl_tls12_client.c
index 7fa6443..2405208 100644
--- a/library/ssl_tls12_client.c
+++ b/library/ssl_tls12_client.c
@@ -3627,7 +3627,7 @@
if( ssl->state == MBEDTLS_SSL_SERVER_CHANGE_CIPHER_SPEC &&
ssl->handshake->new_session_ticket != 0 )
{
- ssl->state = MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET;
+ ssl->state = MBEDTLS_SSL_NEW_SESSION_TICKET;
}
#endif
@@ -3704,7 +3704,7 @@
* Finished
*/
#if defined(MBEDTLS_SSL_SESSION_TICKETS)
- case MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:
+ case MBEDTLS_SSL_NEW_SESSION_TICKET:
ret = ssl_parse_new_session_ticket( ssl );
break;
#endif
diff --git a/library/ssl_tls13_client.c b/library/ssl_tls13_client.c
index 2b68306..183b6ee 100644
--- a/library/ssl_tls13_client.c
+++ b/library/ssl_tls13_client.c
@@ -1876,6 +1876,243 @@
return( 0 );
}
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_parse_new_session_ticket_exts( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
+{
+ const unsigned char *p = buf;
+
+ ((void) ssl);
+
+ while( p < end )
+ {
+ unsigned int extension_type;
+ size_t extension_data_len;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 4 );
+ extension_type = MBEDTLS_GET_UINT16_BE( p, 0 );
+ extension_data_len = MBEDTLS_GET_UINT16_BE( p, 2 );
+ p += 4;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extension_data_len );
+
+ switch( extension_type )
+ {
+ case MBEDTLS_TLS_EXT_EARLY_DATA:
+ MBEDTLS_SSL_DEBUG_MSG( 4, ( "early_data extension received" ) );
+ break;
+
+ default:
+ break;
+ }
+ p += extension_data_len;
+ }
+
+ return( 0 );
+}
+
+/*
+ * From RFC8446, page 74
+ *
+ * struct {
+ * uint32 ticket_lifetime;
+ * uint32 ticket_age_add;
+ * opaque ticket_nonce<0..255>;
+ * opaque ticket<1..2^16-1>;
+ * Extension extensions<0..2^16-2>;
+ * } NewSessionTicket;
+ *
+ */
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_parse_new_session_ticket( mbedtls_ssl_context *ssl,
+ unsigned char *buf,
+ unsigned char *end,
+ unsigned char **ticket_nonce,
+ size_t *ticket_nonce_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *p = buf;
+ mbedtls_ssl_session *session = ssl->session;
+ size_t ticket_len;
+ unsigned char *ticket;
+ size_t extensions_len;
+
+ *ticket_nonce = NULL;
+ *ticket_nonce_len = 0;
+ /*
+ * ticket_lifetime 4 bytes
+ * ticket_age_add 4 bytes
+ * ticket_nonce_len 1 byte
+ */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 9 );
+
+ session->ticket_lifetime = MBEDTLS_GET_UINT32_BE( p, 0 );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "ticket_lifetime: %u",
+ ( unsigned int )session->ticket_lifetime ) );
+
+ session->ticket_age_add = MBEDTLS_GET_UINT32_BE( p, 4 );
+ MBEDTLS_SSL_DEBUG_MSG( 3,
+ ( "ticket_age_add: %u",
+ ( unsigned int )session->ticket_age_add ) );
+
+ *ticket_nonce_len = p[8];
+ p += 9;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, *ticket_nonce_len );
+ *ticket_nonce = p;
+ MBEDTLS_SSL_DEBUG_BUF( 3, "ticket_nonce:", *ticket_nonce, *ticket_nonce_len );
+ p += *ticket_nonce_len;
+
+ /* Ticket */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+ ticket_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, ticket_len );
+ MBEDTLS_SSL_DEBUG_BUF( 3, "received ticket", p, ticket_len ) ;
+
+ /* Check if we previously received a ticket already. */
+ if( session->ticket != NULL || session->ticket_len > 0 )
+ {
+ mbedtls_free( session->ticket );
+ session->ticket = NULL;
+ session->ticket_len = 0;
+ }
+
+ if( ( ticket = mbedtls_calloc( 1, ticket_len ) ) == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "ticket alloc failed" ) );
+ return( MBEDTLS_ERR_SSL_ALLOC_FAILED );
+ }
+ memcpy( ticket, p, ticket_len );
+ p += ticket_len;
+ session->ticket = ticket;
+ session->ticket_len = ticket_len;
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 2 );
+ extensions_len = MBEDTLS_GET_UINT16_BE( p, 0 );
+ p += 2;
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, extensions_len );
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "ticket extension", p, extensions_len );
+
+ ret = ssl_tls13_parse_new_session_ticket_exts( ssl, p, p + extensions_len );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 1,
+ "ssl_tls13_parse_new_session_ticket_exts",
+ ret );
+ return( ret );
+ }
+
+ return( 0 );
+}
+
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_postprocess_new_session_ticket( mbedtls_ssl_context *ssl,
+ unsigned char *ticket_nonce,
+ size_t ticket_nonce_len )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ mbedtls_ssl_session *session = ssl->session;
+ const mbedtls_ssl_ciphersuite_t *ciphersuite_info;
+ psa_algorithm_t psa_hash_alg;
+ int hash_length;
+
+#if defined(MBEDTLS_HAVE_TIME)
+ /* Store ticket creation time */
+ session->ticket_received = mbedtls_time( NULL );
+#endif
+
+ ciphersuite_info = mbedtls_ssl_ciphersuite_from_id( session->ciphersuite );
+ if( ciphersuite_info == NULL )
+ {
+ MBEDTLS_SSL_DEBUG_MSG( 1, ( "should never happen" ) );
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+ psa_hash_alg = mbedtls_psa_translate_md( ciphersuite_info->mac );
+ hash_length = PSA_HASH_LENGTH( psa_hash_alg );
+ if( hash_length == -1 ||
+ ( size_t )hash_length > sizeof( session->resumption_key ) )
+ {
+ return( MBEDTLS_ERR_SSL_INTERNAL_ERROR );
+ }
+
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "resumption_master_secret",
+ session->app_secrets.resumption_master_secret,
+ hash_length );
+
+ /* Compute resumption key
+ *
+ * HKDF-Expand-Label( resumption_master_secret,
+ * "resumption", ticket_nonce, Hash.length )
+ */
+ ret = mbedtls_ssl_tls13_hkdf_expand_label(
+ psa_hash_alg,
+ session->app_secrets.resumption_master_secret,
+ hash_length,
+ MBEDTLS_SSL_TLS1_3_LBL_WITH_LEN( resumption ),
+ ticket_nonce,
+ ticket_nonce_len,
+ session->resumption_key,
+ hash_length );
+
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET( 2,
+ "Creating the ticket-resumed PSK failed",
+ ret );
+ return( ret );
+ }
+
+ session->resumption_key_len = hash_length;
+
+ MBEDTLS_SSL_DEBUG_BUF( 3, "Ticket-resumed PSK",
+ session->resumption_key,
+ session->resumption_key_len );
+
+ return( 0 );
+}
+
+/*
+ * Handler for MBEDTLS_SSL_NEW_SESSION_TICKET
+ */
+MBEDTLS_CHECK_RETURN_CRITICAL
+static int ssl_tls13_process_new_session_ticket( mbedtls_ssl_context *ssl )
+{
+ int ret = MBEDTLS_ERR_ERROR_CORRUPTION_DETECTED;
+ unsigned char *buf;
+ size_t buf_len;
+ unsigned char *ticket_nonce;
+ size_t ticket_nonce_len;
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "=> parse new session ticket" ) );
+
+ MBEDTLS_SSL_PROC_CHK( mbedtls_ssl_tls13_fetch_handshake_msg(
+ ssl, MBEDTLS_SSL_HS_NEW_SESSION_TICKET,
+ &buf, &buf_len ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_parse_new_session_ticket(
+ ssl, buf, buf + buf_len,
+ &ticket_nonce, &ticket_nonce_len ) );
+
+ MBEDTLS_SSL_PROC_CHK( ssl_tls13_postprocess_new_session_ticket(
+ ssl, ticket_nonce, ticket_nonce_len ) );
+
+ mbedtls_ssl_handshake_set_state( ssl, MBEDTLS_SSL_HANDSHAKE_OVER );
+
+cleanup:
+
+ MBEDTLS_SSL_DEBUG_MSG( 2, ( "<= parse new session ticket" ) );
+ return( ret );
+}
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
int mbedtls_ssl_tls13_handshake_client_step( mbedtls_ssl_context *ssl )
{
int ret = 0;
@@ -1956,6 +2193,15 @@
break;
#endif /* MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE */
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ case MBEDTLS_SSL_NEW_SESSION_TICKET:
+ ret = ssl_tls13_process_new_session_ticket( ssl );
+ if( ret != 0 )
+ break;
+ ret = MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET;
+ break;
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
default:
MBEDTLS_SSL_DEBUG_MSG( 1, ( "invalid state %d", ssl->state ) );
return( MBEDTLS_ERR_SSL_BAD_INPUT_DATA );
diff --git a/library/ssl_tls13_server.c b/library/ssl_tls13_server.c
index 7d99433..7c28c57 100644
--- a/library/ssl_tls13_server.c
+++ b/library/ssl_tls13_server.c
@@ -45,6 +45,60 @@
#include "ssl_tls13_keys.h"
#include "ssl_debug_helpers.h"
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+/* From RFC 8446:
+ *
+ * enum { psk_ke(0), psk_dhe_ke(1), (255) } PskKeyExchangeMode;
+ * struct {
+ * PskKeyExchangeMode ke_modes<1..255>;
+ * } PskKeyExchangeModes;
+ */
+static int ssl_tls13_parse_key_exchange_modes_ext( mbedtls_ssl_context *ssl,
+ const unsigned char *buf,
+ const unsigned char *end )
+{
+ const unsigned char *p = buf;
+ size_t ke_modes_len;
+ int ke_modes = 0;
+
+ /* Read ke_modes length (1 Byte) */
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, 1 );
+ ke_modes_len = *p++;
+ /* Currently, there are only two PSK modes, so even without looking
+ * at the content, something's wrong if the list has more than 2 items. */
+ if( ke_modes_len > 2 )
+ {
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_HANDSHAKE_FAILURE );
+ }
+
+ MBEDTLS_SSL_CHK_BUF_READ_PTR( p, end, ke_modes_len );
+
+ while( ke_modes_len-- != 0 )
+ {
+ switch( *p++ )
+ {
+ case MBEDTLS_SSL_TLS1_3_PSK_MODE_PURE:
+ ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK;
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Found PSK KEX MODE" ) );
+ break;
+ case MBEDTLS_SSL_TLS1_3_PSK_MODE_ECDHE:
+ ke_modes |= MBEDTLS_SSL_TLS1_3_KEY_EXCHANGE_MODE_PSK_EPHEMERAL;
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "Found PSK_EPHEMERAL KEX MODE" ) );
+ break;
+ default:
+ MBEDTLS_SSL_PEND_FATAL_ALERT( MBEDTLS_SSL_ALERT_MSG_ILLEGAL_PARAMETER,
+ MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ return( MBEDTLS_ERR_SSL_ILLEGAL_PARAMETER );
+ }
+ }
+
+ ssl->handshake->tls13_kex_modes = ke_modes;
+ return( 0 );
+}
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+
/* From RFC 8446:
* struct {
* ProtocolVersion versions<2..254>;
@@ -754,6 +808,23 @@
ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_SUPPORTED_VERSIONS;
break;
+#if defined(MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED)
+ case MBEDTLS_TLS_EXT_PSK_KEY_EXCHANGE_MODES:
+ MBEDTLS_SSL_DEBUG_MSG( 3, ( "found psk key exchange modes extension" ) );
+
+ ret = ssl_tls13_parse_key_exchange_modes_ext(
+ ssl, p, extension_data_end );
+ if( ret != 0 )
+ {
+ MBEDTLS_SSL_DEBUG_RET(
+ 1, "ssl_tls13_parse_key_exchange_modes_ext", ret );
+ return( ret );
+ }
+
+ ssl->handshake->extensions_present |= MBEDTLS_SSL_EXT_PSK_KEY_EXCHANGE_MODES;
+ break;
+#endif /* MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED */
+
#if defined(MBEDTLS_SSL_ALPN)
case MBEDTLS_TLS_EXT_ALPN:
MBEDTLS_SSL_DEBUG_MSG( 3, ( "found alpn extension" ) );
diff --git a/programs/ssl/ssl_client2.c b/programs/ssl/ssl_client2.c
index d6724df..e8b8b1e 100644
--- a/programs/ssl/ssl_client2.c
+++ b/programs/ssl/ssl_client2.c
@@ -2645,8 +2645,6 @@
/*
* 7. Read the HTTP response
*/
- mbedtls_printf( " < Read from server:" );
- fflush( stdout );
/*
* TLS and DTLS need different reading styles (stream vs datagram)
@@ -2694,6 +2692,18 @@
ret = 0;
goto reconnect;
+#if defined(MBEDTLS_SSL_PROTO_TLS1_3)
+
+#if defined(MBEDTLS_SSL_SESSION_TICKETS)
+ case MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET:
+ /* We were waiting for application data but got
+ * a NewSessionTicket instead. */
+ mbedtls_printf( " got new session ticket.\n" );
+ continue;
+#endif /* MBEDTLS_SSL_SESSION_TICKETS */
+
+#endif /* MBEDTLS_SSL_PROTO_TLS1_3 */
+
default:
mbedtls_printf( " mbedtls_ssl_read returned -0x%x\n",
(unsigned int) -ret );
@@ -2703,8 +2713,8 @@
len = ret;
buf[len] = '\0';
- mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
-
+ mbedtls_printf( " < Read from server: %d bytes read\n\n%s", len, (char *) buf );
+ fflush( stdout );
/* End of message should be detected according to the syntax of the
* application protocol (eg HTTP), just use a dummy test here. */
if( ret > 0 && buf[len-1] == '\n' )
@@ -2767,7 +2777,7 @@
len = ret;
buf[len] = '\0';
- mbedtls_printf( " %d bytes read\n\n%s", len, (char *) buf );
+ mbedtls_printf( " < Read from server: %d bytes read\n\n%s", len, (char *) buf );
ret = 0;
}
diff --git a/scripts/assemble_changelog.py b/scripts/assemble_changelog.py
index 7b036aa..f3aca70 100755
--- a/scripts/assemble_changelog.py
+++ b/scripts/assemble_changelog.py
@@ -122,7 +122,7 @@
class TextChangelogFormat(ChangelogFormat):
"""The traditional Mbed TLS changelog format."""
- _unreleased_version_text = '= mbed TLS x.x.x branch released xxxx-xx-xx'
+ _unreleased_version_text = '= Mbed TLS x.x.x branch released xxxx-xx-xx'
@classmethod
def is_released_version(cls, title):
# Look for an incomplete release date
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 80b7806..942d705 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -878,7 +878,9 @@
CLI_EXIT=$?
kill $DOG_PID >/dev/null 2>&1
- wait $DOG_PID
+ # For Ubuntu 22.04, `Terminated` message is outputed by wait command.
+ # To remove it from stdout, redirect stdout/stderr to CLI_OUT
+ wait $DOG_PID >> $CLI_OUT 2>&1
echo "EXIT: $CLI_EXIT" >> $CLI_OUT
@@ -2229,41 +2231,86 @@
# ssl_client2/ssl_server2 example programs works.
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
run_test "TLS 1.3: key exchange mode parameter passing: PSK only" \
"$P_SRV tls13_kex_modes=psk debug_level=4" \
"$P_CLI tls13_kex_modes=psk debug_level=4" \
0
+
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
run_test "TLS 1.3: key exchange mode parameter passing: PSK-ephemeral only" \
"$P_SRV tls13_kex_modes=psk_ephemeral" \
"$P_CLI tls13_kex_modes=psk_ephemeral" \
0
+
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
run_test "TLS 1.3: key exchange mode parameter passing: Pure-ephemeral only" \
"$P_SRV tls13_kex_modes=ephemeral" \
"$P_CLI tls13_kex_modes=ephemeral" \
0
+
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
run_test "TLS 1.3: key exchange mode parameter passing: All ephemeral" \
"$P_SRV tls13_kex_modes=ephemeral_all" \
"$P_CLI tls13_kex_modes=ephemeral_all" \
0
+
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
run_test "TLS 1.3: key exchange mode parameter passing: All PSK" \
"$P_SRV tls13_kex_modes=psk_all" \
"$P_CLI tls13_kex_modes=psk_all" \
0
+
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_SRV_C
run_test "TLS 1.3: key exchange mode parameter passing: All" \
"$P_SRV tls13_kex_modes=all" \
"$P_CLI tls13_kex_modes=all" \
0
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+run_test "TLS 1.3: psk_key_exchange_modes: basic check, O->m" \
+ "$P_SRV force_version=tls13 debug_level=5" \
+ "$O_NEXT_CLI -tls1_3 -psk 6162636465666768696a6b6c6d6e6f70 -allow_no_dhe_kex" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE"
+
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_SSL_SRV_C
+requires_config_enabled MBEDTLS_DEBUG_C
+run_test "TLS 1.3: psk_key_exchange_modes: basic check, G->m" \
+ "$P_SRV force_version=tls13 debug_level=5" \
+ "$G_NEXT_CLI --priority NORMAL:-VERS-ALL:+VERS-TLS1.3 \
+ --pskusername Client_identity --pskkey=6162636465666768696a6b6c6d6e6f70 \
+ localhost" \
+ 0 \
+ -s "found psk key exchange modes extension" \
+ -s "Found PSK_EPHEMERAL KEX MODE" \
+ -s "Found PSK KEX MODE"
+
# Tests for datagram packing
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
run_test "DTLS: multiple records in same datagram, client and server" \
@@ -12552,6 +12599,34 @@
1 \
-c "select_sig_alg_for_certificate_verify:no suitable signature algorithm found"
+requires_openssl_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+run_test "TLS 1.3: NewSessionTicket: Basic check, m->O" \
+ "$O_NEXT_SRV -msg -tls1_3 -no_resume_ephemeral -no_cache " \
+ "$P_CLI debug_level=4" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "MBEDTLS_SSL_NEW_SESSION_TICKET" \
+ -c "got new session ticket." \
+ -c "HTTP/1.0 200 ok"
+
+requires_gnutls_tls1_3
+requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_3
+requires_config_enabled MBEDTLS_SSL_TLS1_3_COMPATIBILITY_MODE
+requires_config_enabled MBEDTLS_DEBUG_C
+requires_config_enabled MBEDTLS_SSL_CLI_C
+run_test "TLS 1.3: NewSessionTicket: Basic check, m->G" \
+ "$G_NEXT_SRV --priority=NORMAL:-VERS-ALL:+VERS-TLS1.3:+CIPHER-ALL --disable-client-cert" \
+ "$P_CLI debug_level=4" \
+ 0 \
+ -c "Protocol is TLSv1.3" \
+ -c "MBEDTLS_SSL_NEW_SESSION_TICKET" \
+ -c "got new session ticket." \
+ -c "HTTP/1.0 200 OK"
+
# Test heap memory usage after handshake
requires_config_enabled MBEDTLS_SSL_PROTO_TLS1_2
requires_config_enabled MBEDTLS_MEMORY_DEBUG
diff --git a/tests/suites/test_suite_aes.ecb.data b/tests/suites/test_suite_aes.ecb.data
index 6349034..b468ac3 100644
--- a/tests/suites/test_suite_aes.ecb.data
+++ b/tests/suites/test_suite_aes.ecb.data
@@ -228,3 +228,6 @@
AES-256-ECB Decrypt NIST KAT #12
aes_decrypt_ecb:"0000000000000000000000000000000000000000000000000000000000000000":"9b80eefb7ebe2d2b16247aa0efc72f5d":"e0000000000000000000000000000000":0
+
+AES-256-ECB Copy Context NIST KAT #1
+aes_ecb_copy_context:"c1cc358b449909a19436cfbb3f852ef8bcb5ed12ac7058325f56e6099aab1a1c":"00000000000000000000000000000000"
diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index 52af8e0..5ab265a 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function
@@ -460,6 +460,36 @@
}
/* END_CASE */
+/* BEGIN_CASE */
+void aes_ecb_copy_context( data_t * key_str, data_t * src_str )
+{
+ unsigned char output1[16], output2[16], plain[16];
+ mbedtls_aes_context ctx1, ctx2, ctx3;
+
+ // Set key and encrypt with original context
+ mbedtls_aes_init( &ctx1 );
+ TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx1, key_str->x,
+ key_str->len * 8 ) == 0 );
+ TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx1, MBEDTLS_AES_ENCRYPT,
+ src_str->x, output1 ) == 0 );
+
+ ctx2 = ctx1;
+ TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx1, key_str->x,
+ key_str->len * 8 ) == 0 );
+ ctx3 = ctx1;
+ memset( &ctx1, 0, sizeof( ctx1 ) );
+
+ // Encrypt and decrypt with copied context
+ TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx2, MBEDTLS_AES_ENCRYPT,
+ src_str->x, output2 ) == 0 );
+ TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx3, MBEDTLS_AES_DECRYPT,
+ output1, plain ) == 0 );
+
+ TEST_ASSERT( mbedtls_test_hexcmp( output1, output2, 16, 16 ) == 0 );
+ TEST_ASSERT( mbedtls_test_hexcmp( src_str->x, plain, src_str->len, 16 ) == 0 );
+}
+/* END_CASE */
+
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void aes_selftest( )
{
diff --git a/tests/suites/test_suite_ssl.data b/tests/suites/test_suite_ssl.data
index 19a1ae6..34f4d66 100644
--- a/tests/suites/test_suite_ssl.data
+++ b/tests/suites/test_suite_ssl.data
@@ -223,7 +223,7 @@
Negative test moving servers ssl to state: NEW_SESSION_TICKET
depends_on:MBEDTLS_SSL_PROTO_TLS1_2
-move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_SERVER_NEW_SESSION_TICKET:0
+move_handshake_to_state:MBEDTLS_SSL_IS_SERVER:MBEDTLS_SSL_NEW_SESSION_TICKET:0
TLS 1.3:Test moving clients handshake to state: ENCRYPTED_EXTENSIONS
depends_on:MBEDTLS_SSL_PROTO_TLS1_3:!MBEDTLS_SSL_PROTO_TLS1_2
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index e4ffded..f131029 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compile time library version
-check_compiletime_version:"3.2.0"
+check_compiletime_version:"3.2.1"
Check runtime library version
-check_runtime_version:"3.2.0"
+check_runtime_version:"3.2.1"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0