Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Backport 3.6] Align development 3.6 test helpers with ssl helpers and certs.c #9713

Draft
wants to merge 6 commits into
base: mbedtls-3.6
Choose a base branch
from
Draft

[Backport 3.6] Align development 3.6 test helpers with ssl helpers and certs.c #9713

wants to merge 6 commits into from

Conversation

davidhorstmann-arm
Copy link
Contributor

@davidhorstmann-arm davidhorstmann-arm commented Oct 21, 2024
edited
Loading

Full-scope version of #9547, in case it is needed in future.

PR checklist

Please remove the segment/s on either side of the | symbol as appropriate, and add any relevant link/s to the end of the line.
If the provided content is part of the present PR remove the # symbol.

  • changelog provided | not required because:
  • development PR provided # | not required because:
  • framework PR provided Mbed-TLS/mbedtls-framework# | not required
  • 3.6 PR provided # | not required because:
  • 2.28 PR provided # | not required because:
  • tests provided | not required because:

@davidhorstmann-arm
Align 3.6 tests/{src,include} with development PR
a33d7c7 
Signed-off-by: David Horstmann <[email protected]>
@davidhorstmann-arm
Regenerate PSA test wrappers
f8c7760 
These necessarily differ from development

Signed-off-by: David Horstmann <[email protected]>
@davidhorstmann-arm
Only guard with CRYPTO_CLIENT when version >= 4
d14830e 
In 4.x the semantics of MBEDTLS_PSA_CRYPTO_C and
MBEDTLS_PSA_CRYPTO_CLIENT are different compared with 3.6.

Where this is a problem, make guards more version-specific so that we
are guarding with MBEDTLS_PSA_CRYPTO_C for 3.6 and
MBEDTLS_PSA_CRYPTO_CLIENT for 4.x, keeping each branch the same as it
was formerly.

Signed-off-by: David Horstmann <[email protected]>
@davidhorstmann-arm
Configure NewSessionTicket signal in 3.6
93eb017 
In 3.6.0, TLS 1.3 was enabled by default, causing mbedtls_ssl_write() to
sometimes return a negative error code
MBEDTLS_ERR_SSL_RECEIVED_NEW_SESSION_TICKET. This broke some existing
applications.

In 3.6.1 this was fixed so that NewSessionTicket messages are now ignored
by default and the error-like behaviour has to be explicitly turned on.

Our tests rely on this error-like behaviour, so we must explicitly turn
it on in 3.6 or else the ssl tests will hang.

Signed-off-by: David Horstmann <[email protected]>
@davidhorstmann-arm
Re-add special case for 3.6
b687696 
Take into account the fact that TLS 1.3 auto-calls psa_crypto_init()

Signed-off-by: David Horstmann <[email protected]>
@davidhorstmann-arm
Re-add case missing in 3.6 in ssl_helpers.c
1552bf6 
Signed-off-by: David Horstmann <[email protected]>
@davidhorstmann-arm davidhorstmann-arm marked this pull request as draft October 21, 2024 13:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@davidhorstmann-arm