Merge remote-tracking branch 'origin/development' into development-restricted
* origin/development:
Update library version to 2.19.0
ssl-opt.sh: Add var's of context s11n tests for ChaChaPoly,CCM,GCM
ssl-opt.sh: Duplicate context serialization tests for CID
Fix SSL context deserialization
diff --git a/ChangeLog b/ChangeLog
index 695d623..ea5661b 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,6 @@
mbed TLS ChangeLog (Sorted per branch, date)
-= mbed TLS x.x.x branch released xxxx-xx-xx
+= mbed TLS 2.19.0 branch released xxxx-xx-xx
Security
* When writing a private EC key, use a constant size for the private
diff --git a/doxygen/input/doc_mainpage.h b/doxygen/input/doc_mainpage.h
index 487faf8..1661a6f 100644
--- a/doxygen/input/doc_mainpage.h
+++ b/doxygen/input/doc_mainpage.h
@@ -24,7 +24,7 @@
*/
/**
- * @mainpage mbed TLS v2.18.0 source code documentation
+ * @mainpage mbed TLS v2.19.0 source code documentation
*
* This documentation describes the internal structure of mbed TLS. It was
* automatically generated from specially formatted comment blocks in
diff --git a/doxygen/mbedtls.doxyfile b/doxygen/mbedtls.doxyfile
index f582f9b..7604c11 100644
--- a/doxygen/mbedtls.doxyfile
+++ b/doxygen/mbedtls.doxyfile
@@ -28,7 +28,7 @@
# identify the project. Note that if you do not use Doxywizard you need
# to put quotes around the project name if it contains spaces.
-PROJECT_NAME = "mbed TLS v2.18.0"
+PROJECT_NAME = "mbed TLS v2.19.0"
# The PROJECT_NUMBER tag can be used to enter a project or revision number.
# This could be handy for archiving the generated documentation or
diff --git a/include/mbedtls/version.h b/include/mbedtls/version.h
index ea01f1d..f78e40a 100644
--- a/include/mbedtls/version.h
+++ b/include/mbedtls/version.h
@@ -39,7 +39,7 @@
* Major, Minor, Patchlevel
*/
#define MBEDTLS_VERSION_MAJOR 2
-#define MBEDTLS_VERSION_MINOR 18
+#define MBEDTLS_VERSION_MINOR 19
#define MBEDTLS_VERSION_PATCH 0
/**
@@ -47,9 +47,9 @@
* MMNNPP00
* Major version | Minor version | Patch version
*/
-#define MBEDTLS_VERSION_NUMBER 0x02120000
-#define MBEDTLS_VERSION_STRING "2.18.0"
-#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.18.0"
+#define MBEDTLS_VERSION_NUMBER 0x02130000
+#define MBEDTLS_VERSION_STRING "2.19.0"
+#define MBEDTLS_VERSION_STRING_FULL "mbed TLS 2.19.0"
#if defined(MBEDTLS_VERSION_C)
diff --git a/library/CMakeLists.txt b/library/CMakeLists.txt
index c82784e..6f4a955 100644
--- a/library/CMakeLists.txt
+++ b/library/CMakeLists.txt
@@ -172,14 +172,14 @@
if(USE_SHARED_MBEDTLS_LIBRARY)
add_library(mbedx509 SHARED ${src_x509})
- set_target_properties(mbedx509 PROPERTIES VERSION 2.18.0 SOVERSION 1)
+ set_target_properties(mbedx509 PROPERTIES VERSION 2.19.0 SOVERSION 1)
target_link_libraries(mbedx509 ${libs} mbedcrypto)
target_include_directories(mbedx509
PUBLIC ${MBEDTLS_DIR}/include/
PUBLIC ${MBEDTLS_DIR}/crypto/include/)
add_library(mbedtls SHARED ${src_tls})
- set_target_properties(mbedtls PROPERTIES VERSION 2.18.0 SOVERSION 13)
+ set_target_properties(mbedtls PROPERTIES VERSION 2.19.0 SOVERSION 13)
target_link_libraries(mbedtls ${libs} mbedx509)
target_include_directories(mbedtls
PUBLIC ${MBEDTLS_DIR}/include/
diff --git a/library/ssl_tls.c b/library/ssl_tls.c
index e06c06d..f4bca87 100644
--- a/library/ssl_tls.c
+++ b/library/ssl_tls.c
@@ -11950,6 +11950,10 @@
ssl->major_ver = MBEDTLS_SSL_MAJOR_VERSION_3;
ssl->minor_ver = MBEDTLS_SSL_MINOR_VERSION_3;
+ /* Adjust pointers for header fields of outgoing records to
+ * the given transform, accounting for explicit IV and CID. */
+ ssl_update_out_pointers( ssl, ssl->transform );
+
#if defined(MBEDTLS_SSL_PROTO_DTLS)
ssl->in_epoch = 1;
#endif
diff --git a/tests/ssl-opt.sh b/tests/ssl-opt.sh
index 67d3b9f..55a4fe1 100755
--- a/tests/ssl-opt.sh
+++ b/tests/ssl-opt.sh
@@ -1283,49 +1283,199 @@
# Tests for Context serialization
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
-run_test "Context serialization, client serializes" \
+run_test "Context serialization, client serializes, CCM" \
"$P_SRV dtls=1 serialize=0 exchanges=2" \
- "$P_CLI dtls=1 serialize=1 exchanges=2" \
+ "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
0 \
-c "Deserializing connection..." \
-S "Deserializing connection..."
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
-run_test "Context serialization, server serializes" \
- "$P_SRV dtls=1 serialize=1 exchanges=2" \
- "$P_CLI dtls=1 serialize=0 exchanges=2" \
- 0 \
- -C "Deserializing connection..." \
- -s "Deserializing connection..."
-
-requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
-run_test "Context serialization, both serialize" \
- "$P_SRV dtls=1 serialize=1 exchanges=2" \
- "$P_CLI dtls=1 serialize=1 exchanges=2" \
- 0 \
- -c "Deserializing connection..." \
- -s "Deserializing connection..."
-
-requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
-run_test "Context serialization, re-init, client serializes" \
+run_test "Context serialization, client serializes, ChaChaPoly" \
"$P_SRV dtls=1 serialize=0 exchanges=2" \
- "$P_CLI dtls=1 serialize=2 exchanges=2" \
+ "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
0 \
-c "Deserializing connection..." \
-S "Deserializing connection..."
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
-run_test "Context serialization, re-init, server serializes" \
- "$P_SRV dtls=1 serialize=2 exchanges=2" \
- "$P_CLI dtls=1 serialize=0 exchanges=2" \
+run_test "Context serialization, client serializes, GCM" \
+ "$P_SRV dtls=1 serialize=0 exchanges=2" \
+ "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
+ 0 \
+ -c "Deserializing connection..." \
+ -S "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Context serialization, client serializes, with CID" \
+ "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \
+ "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \
+ 0 \
+ -c "Deserializing connection..." \
+ -S "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+run_test "Context serialization, server serializes, CCM" \
+ "$P_SRV dtls=1 serialize=1 exchanges=2" \
+ "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
0 \
-C "Deserializing connection..." \
-s "Deserializing connection..."
requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
-run_test "Context serialization, re-init, both serialize" \
+run_test "Context serialization, server serializes, ChaChaPoly" \
+ "$P_SRV dtls=1 serialize=1 exchanges=2" \
+ "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
+ 0 \
+ -C "Deserializing connection..." \
+ -s "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+run_test "Context serialization, server serializes, GCM" \
+ "$P_SRV dtls=1 serialize=1 exchanges=2" \
+ "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
+ 0 \
+ -C "Deserializing connection..." \
+ -s "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Context serialization, server serializes, with CID" \
+ "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \
+ "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \
+ 0 \
+ -C "Deserializing connection..." \
+ -s "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+run_test "Context serialization, both serialize, CCM" \
+ "$P_SRV dtls=1 serialize=1 exchanges=2" \
+ "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ 0 \
+ -c "Deserializing connection..." \
+ -s "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+run_test "Context serialization, both serialize, ChaChaPoly" \
+ "$P_SRV dtls=1 serialize=1 exchanges=2" \
+ "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
+ 0 \
+ -c "Deserializing connection..." \
+ -s "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+run_test "Context serialization, both serialize, GCM" \
+ "$P_SRV dtls=1 serialize=1 exchanges=2" \
+ "$P_CLI dtls=1 serialize=1 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
+ 0 \
+ -c "Deserializing connection..." \
+ -s "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Context serialization, both serialize, with CID" \
+ "$P_SRV dtls=1 serialize=1 exchanges=2 cid=1 cid_val=dead" \
+ "$P_CLI dtls=1 serialize=1 exchanges=2 cid=1 cid_val=beef" \
+ 0 \
+ -c "Deserializing connection..." \
+ -s "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+run_test "Context serialization, re-init, client serializes, CCM" \
+ "$P_SRV dtls=1 serialize=0 exchanges=2" \
+ "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ 0 \
+ -c "Deserializing connection..." \
+ -S "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+run_test "Context serialization, re-init, client serializes, ChaChaPoly" \
+ "$P_SRV dtls=1 serialize=0 exchanges=2" \
+ "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
+ 0 \
+ -c "Deserializing connection..." \
+ -S "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+run_test "Context serialization, re-init, client serializes, GCM" \
+ "$P_SRV dtls=1 serialize=0 exchanges=2" \
+ "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-GCM-SHA256" \
+ 0 \
+ -c "Deserializing connection..." \
+ -S "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Context serialization, re-init, client serializes, with CID" \
+ "$P_SRV dtls=1 serialize=0 exchanges=2 cid=1 cid_val=dead" \
+ "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \
+ 0 \
+ -c "Deserializing connection..." \
+ -S "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+run_test "Context serialization, re-init, server serializes, CCM" \
"$P_SRV dtls=1 serialize=2 exchanges=2" \
- "$P_CLI dtls=1 serialize=2 exchanges=2" \
+ "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ 0 \
+ -C "Deserializing connection..." \
+ -s "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+run_test "Context serialization, re-init, server serializes, ChaChaPoly" \
+ "$P_SRV dtls=1 serialize=2 exchanges=2" \
+ "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
+ 0 \
+ -C "Deserializing connection..." \
+ -s "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+run_test "Context serialization, re-init, server serializes, GCM" \
+ "$P_SRV dtls=1 serialize=2 exchanges=2" \
+ "$P_CLI dtls=1 serialize=0 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
+ 0 \
+ -C "Deserializing connection..." \
+ -s "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Context serialization, re-init, server serializes, with CID" \
+ "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \
+ "$P_CLI dtls=1 serialize=0 exchanges=2 cid=1 cid_val=beef" \
+ 0 \
+ -C "Deserializing connection..." \
+ -s "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+run_test "Context serialization, re-init, both serialize, CCM" \
+ "$P_SRV dtls=1 serialize=2 exchanges=2" \
+ "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-AES-128-CCM-8" \
+ 0 \
+ -c "Deserializing connection..." \
+ -s "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+run_test "Context serialization, re-init, both serialize, ChaChaPoly" \
+ "$P_SRV dtls=1 serialize=2 exchanges=2" \
+ "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
+ 0 \
+ -c "Deserializing connection..." \
+ -s "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+run_test "Context serialization, re-init, both serialize, GCM" \
+ "$P_SRV dtls=1 serialize=2 exchanges=2" \
+ "$P_CLI dtls=1 serialize=2 exchanges=2 force_ciphersuite=TLS-ECDHE-ECDSA-WITH-CHACHA20-POLY1305-SHA256" \
+ 0 \
+ -c "Deserializing connection..." \
+ -s "Deserializing connection..."
+
+requires_config_enabled MBEDTLS_SSL_CONTEXT_SERIALIZATION
+requires_config_enabled MBEDTLS_SSL_DTLS_CONNECTION_ID
+run_test "Context serialization, re-init, both serialize, with CID" \
+ "$P_SRV dtls=1 serialize=2 exchanges=2 cid=1 cid_val=dead" \
+ "$P_CLI dtls=1 serialize=2 exchanges=2 cid=1 cid_val=beef" \
0 \
-c "Deserializing connection..." \
-s "Deserializing connection..."
diff --git a/tests/suites/test_suite_version.data b/tests/suites/test_suite_version.data
index f83b8d3..8e85ad1 100644
--- a/tests/suites/test_suite_version.data
+++ b/tests/suites/test_suite_version.data
@@ -1,8 +1,8 @@
Check compiletime library version
-check_compiletime_version:"2.18.0"
+check_compiletime_version:"2.19.0"
Check runtime library version
-check_runtime_version:"2.18.0"
+check_runtime_version:"2.19.0"
Check for MBEDTLS_VERSION_C
check_feature:"MBEDTLS_VERSION_C":0