Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CID update to RFC 9146 #6264

Merged
merged 13 commits into from
Nov 29, 2022
Merged

CID update to RFC 9146 #6264

merged 13 commits into from
Nov 29, 2022

Commits on Sep 7, 2022

  1. CID update to RFC 9146 

    The DTLS 1.2 CID specification has been published as RFC 9146. This PR updates the implementation to match the RFC content.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
    @hannestschofenig
    hannestschofenig authored and Hannes Tschofenig committed Sep 7, 2022
    Configuration menu
    Copy the full SHA
    fd6cca4 View commit details
    Browse the repository at this point in the history

Commits on Oct 26, 2022

  1. Fix all.sh dependency on DTLS connection ID 

    Ensure MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT is unset where
MBEDTLS_SSL_DTLS_CONNECTION_ID is unset.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
    @daverodgman
    daverodgman committed Oct 26, 2022
    Configuration menu
    Copy the full SHA
    1df7070 View commit details
    Browse the repository at this point in the history

Commits on Oct 27, 2022

  1. Fix test dependency on DTLS connection ID 

    Ensure MBEDTLS_SSL_DTLS_CONNECTION_ID and MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT
are unset when MBEDTLS_SSL_PROTO_DTLS is not set in tls13-only tests.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
    @daverodgman
    daverodgman committed Oct 27, 2022
    Configuration menu
    Copy the full SHA
    4e0fca3 View commit details
    Browse the repository at this point in the history

Commits on Nov 14, 2022

  1. Merge branch 'development' into rfc9146_2 

    Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
    @daverodgman
    daverodgman committed Nov 14, 2022
    Configuration menu
    Copy the full SHA
    d384b64 View commit details
    Browse the repository at this point in the history

Commits on Nov 25, 2022

  1. Changed order of conditions in check_config.h 

    Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
    @hannestschofenig @mpg
    hannestschofenig authored and mpg committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    88e5566 View commit details
    Browse the repository at this point in the history

  2. Reference to RFC 9146 added 

    Added deprecated keyword to MBEDTLS_SSL_DTLS_CONNECTION_ID_COMPAT

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
    @hannestschofenig @mpg
    hannestschofenig authored and mpg committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    e2c46e0 View commit details
    Browse the repository at this point in the history

  3. Added deprecated warning in check_config.h 

    Warns about the removal of the legacy DTLS Connection ID feature in a future version of Mbed TLS.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
    @hannestschofenig @mpg
    hannestschofenig authored and mpg committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    b2e6615 View commit details
    Browse the repository at this point in the history

  4. Added closing SECTION of doxygen markup 

    Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
    @hannestschofenig @mpg
    hannestschofenig authored and mpg committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    6b6b63f View commit details
    Browse the repository at this point in the history

  5. Removed MBEDTLS_SSL_VARIABLE_BUFFER_LENGTH from CID tests in all.sh 

    Added also extra text.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
    @hannestschofenig @mpg
    hannestschofenig authored and mpg committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    df84bb3 View commit details
    Browse the repository at this point in the history

  6. Removal of redundant DTLS CID test in ssl-opt.sh 

    Per suggestion from Manuel, I removed this redundant test.

Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
    @hannestschofenig @mpg
    hannestschofenig authored and mpg committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    db01d05 View commit details
    Browse the repository at this point in the history

  7. Fix bug when legacy CID is enabled but not used 

    When legacy CID is enabled at compile time, but not used at runtime, we
would incorrectly skip the sequence number at the beginning of the AAD.

There was already two "else" branches for writing the sequence number
but none of them was taken in that particular case.

Simplify the structure of the code: with TLS 1.2 (we're already in that
branch), we always write the sequence number, unless we're using
standard CID.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
    @mpg
    mpg committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    6133684 View commit details
    Browse the repository at this point in the history

  8. Remove redundant tests in ssl-opt.sh 

    We don't need to have two copies of the test with one of them depending
on legacy/compat CID: we can have just one copy, but make sure we run
ssl-opt.sh both in a build with standard CID and in a build with
legacy/compat - that's the job of all.sh (see next commit).

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
    @mpg
    mpg committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    5a454f7 View commit details
    Browse the repository at this point in the history

  9. Remove redundant component in all.sh 

    CID is now enabled in the default config (as well as full), so it's
already tested in numerous all.sh components, not need to add one for
that.

We need a component for the legacy/compat option though as it's never
enabled in existing components. So, keep that one, but adjust the name
and fix a typo in a message.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
    @mpg
    mpg committed Nov 25, 2022
    Configuration menu
    Copy the full SHA
    6a543ba View commit details
    Browse the repository at this point in the history