yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
25318 commits 1 branch 0 tags 94 MiB
Commit graph

2407 commits

Author SHA1 Message Date
Valerio Setti
d6feb20869 test: pake: allow opaque password only when USE_PSA is enabled 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-02 14:28:49 +01:00
Jerry Yu
7854a4e019 Add max_early_data_size option for ssl_sever2 
- to set max_early_data_set

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-01 23:11:48 +08:00
Jerry Yu
a6934776c9 Add reco_debug_level to reduce debug output 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-01 23:11:48 +08:00
Valerio Setti
661b9bca75 test: psa_pake: add specific log message for the opaque password 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-29 17:28:17 +01:00
Valerio Setti
77e8315f5b fix formatting and typos 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-29 17:28:04 +01:00
Gilles Peskine
9ec14f6dcb programs/fuzz: set sensible default CFLAGS 
Running make from programs/fuzz didn't set any optimization flags (running
make from programs or from the root inherited the parent's optimization
flags). Default to -O2.

There were no -W flags. Default to -Wall -Wextra, but not -Werror in line
with the other makefiles.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-11-29 17:23:19 +01:00
Valerio Setti
d572a82df9 tls: psa_pake: add test for opaque password 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-29 11:30:56 +01:00
Bence Szépkúti
a17d038ee1 Merge branch 'development' into pr3431 2022-11-22 15:54:52 +01:00
Ronald Cron
d12922a69a
Merge pull request #6486 from xkqian/tls13_add_early_data_indication 
The merge job of the internal CI ran successfully. This is good to go.
 2022-11-17 12:48:50 +01:00
Gilles Peskine
32605b24be
Merge pull request #6559 from ihsinme/patch-1 
dh_genprime: Fix issue where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure
 2022-11-15 12:38:41 +01:00
Xiaokang Qian
2cd5ce0c6b Fix various issues cause rebase to latest code 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-15 10:33:53 +00:00
Xiaokang Qian
9a0aafbe79 Enable/disable MBEDTLS_SSL_EARLY_DATA for cases in ssl-opt.sh 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-15 02:49:46 +00:00
David Horstmann
5b98d73864 Linewrap for the benefit of Uncrustify 
The last line of programs/psa/key_ladder_demo.c is of the following
form:

 #endif /* Very long comment ... */

Uncrustify tries to reduce the length:

 #endif \
     /* Very long comment ... */

and causes a compiler error as there is a continuation line with no
actual code in it. Work around this by linewrapping the comment
in advance.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-11-14 12:10:37 +00:00
Xiaokang Qian
0e97d4d16d Add early data indication to client side 
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-11-14 03:13:50 +00:00
Gilles Peskine
fd7aa13671
Merge pull request #6436 from yanrayw/ssl_client2-add-build-version 
Add build version to the output of ssl_client2 and ssl_server2
 2022-11-10 14:39:38 +01:00
ihsinme
d21ecd71c0 dh_genprime: Fix issue where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure 
In 'dh_genprime.c', the following condition can be found inside an 'if' statement:

ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) != 0

As the '!=' operator binds closer than the assignment operator ('='), the value assigned to 'ret' will be the boolean result of the comparison (0 or 1) instead of the status code returned by 'mbedtls_mpi_write_file'. This means that the above statement is actually equivalent to:

ret = ( mbedtls_mpi_write_file( "P = ", &P, 16, fout ) != 0 )

What we want instead is for the the status code to be assigned to 'ret'. If the value assigned is non-zero, it will be 'truthy' and the 'if' branch will be taken.

( ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) )  != 0

This PR fixes the issue by explicitly specifying the precedence of operations with parentheses.

Signed-off-by: ihsinme <ihsinme@gmail.com>
 2022-11-10 12:58:15 +03:00
Dave Rodgman
f58172fe43 Merge remote-tracking branch 'origin/development' into pr3431 2022-11-10 09:54:49 +00:00
Gilles Peskine
bf249accc7
Merge pull request #6498 from yuhaoth/pr/fix-session-resumption-fail-when-hostname-is-not-localhost 
BUG: Fix session resumption fail when hostname is not localhost
 2022-11-07 17:33:38 +01:00
Dave Rodgman
55fd0b9fc1
Merge pull request #6121 from daverodgman/pr277 
cert_write - add a way to set extended key usages - rebase
 2022-10-31 13:27:49 +00:00
Jerry Yu
2883219edb Improve output message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-30 13:53:31 +08:00
Jerry Yu
c3a7fa386e Update output message when certification verified fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-28 12:38:33 +08:00
Jerry Yu
ad9e99bd2e fix session resumption fail when hostname is not localhost 
Change-Id: Icb2f625bb11debb5c7cae36e34d7270f7baae4d5
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-28 12:30:58 +08:00
Yanray Wang
eaf46d1291 Add output of build version in ssl_server2 
Usage:
- By default, build version is printed out in the beginning of
ssl_server2 application.
- ./ssl_server2 build_version=1 only prints build verison and stop

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2022-10-28 10:53:50 +08:00
Yanray Wang
84645e92c6 Simplify code of adding output in ssl_client2 
- print build version macro defined in build_info.h directly
- Remove all the MBEDTLS_VERSION_C guards as build version
  information is always available in build_info.h

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2022-10-28 10:53:22 +08:00
Dave Rodgman
66e05505b6 Support generating DER format certificates 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-10-27 17:41:40 +01:00
Gilles Peskine
744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0 
Fix unusual macros
 2022-10-25 19:55:29 +02:00
David Horstmann
3f44e5b11a Refactor macro-spanning if in ssl_server2.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-24 13:12:19 +01:00
David Horstmann
f160ef1dd1 Refactor macro-spanning if in ssl_client2.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-24 13:11:38 +01:00
Yanray Wang
7f9ddb584a
Merge branch 'Mbed-TLS:development' into ssl_client2-add-build-version 2022-10-24 12:19:39 +08:00
Ronald Cron
73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED 
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED 
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
81378b72e8 programs: ssl: Remove dependency on TLS 1.3 for "sig_algs" option 
Signature algorithms can be specified through
the sig_algs option for TLS 1.2 as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:40:56 +02:00
Ronald Cron
20a8e63b23 programs: ssl: Fix some mbedtls_ssl_conf_sig_algs() guards 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:36:43 +02:00
Yanray Wang
076b2d062f Improve the method of printing string build version 
Following changes are introduced with this commit:
- Call mbedtls_version_get_string before printing string
  build version instead of printing macro directly
- Output build version in the beginning of ssl_client2 program

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2022-10-21 11:22:44 +08:00
Andrzej Kurek
b50754ae86 Switch from x509_CRT_PARSE to KEY_EXCHANGE_WITH_CERT_ENABLED 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek
d0786f5f26 Revert one of the changes to ssl_server2 dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek
6ee1e20d7f Replace x509_CRT_PARSE_C with KEY_EXCHANGE_WITH_CERT_ENABLED 
SSL programs use certificates in an exchange, so it's more natural
to have such dependency instead of just certificate parsing.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek
eabeb30c65 Fix SHA512 vs SHA384 dependencies 
When building SHA512 without SHA384,
there are some code paths that resulted
in unused variables or usage of undefined code.
This commit fixes that.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek
e38b788b79 Add missing key exchange dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek
68327748d3 Add missing dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Yanray Wang
ff4181e246 Fix build error in cmake while printing digital build version 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2022-10-18 18:20:40 +08:00
Yanray Wang
d976673dd6 Add build version to the output of ssl_client2 
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2022-10-18 10:53:49 +08:00
Ronald Cron
49e4184812
Merge pull request #6299 from xkqian/tls13_add_servername_check 
Add server name check when proposing pre-share key
 2022-10-13 16:00:59 +02:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2 
Include platform.h unconditionally
 2022-10-13 10:19:22 +02:00
Xiaokang Qian
bc663a0461 Refine code based on commnets 
Change code layout
Change hostname_len type to size_t
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:06:01 +00:00
Xiaokang Qian
adf84a4a8c Remove public api mbedtls_ssl_reset_hostname() 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:05:11 +00:00
Xiaokang Qian
fb8ac46add Change the name of servername when re-connect 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:44 +00:00
Xiaokang Qian
281fd1bdd8 Add server name check when proposeing pre-share key 
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
 2022-10-12 11:03:41 +00:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types 
Test TLS 1.2 builds with each encryption type
 2022-10-12 12:45:50 +02:00
Jerry Yu
c79742303d Remove unnecessary empty line and fix format issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-11 21:22:33 +08:00
Przemek Stekiel
d61a4d3d1a Fix missing guard and double-space 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-11 09:40:40 +02:00
Jerry Yu
6916e70521 fix various issues 
- adjust guards. Remove duplicate guards and adjust format.
- Return success at function end. Not `ret`
- change input len

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-10 21:33:51 +08:00
Przemek Stekiel
68a01a6720 Fix session tickets related build flags in fuzz_server and ssl_server2 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-10 13:30:43 +02:00
Jerry Yu
03b8f9d299 Adjust guards for dummy_tickets 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-08 14:56:38 +08:00
Jerry Yu
25ab654781 Add dummy ticket support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2 
Permissions 2b: TLS 1.3 sigalg selection
 2022-09-28 09:50:04 +02:00
Paul Elliott
2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets 
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
 2022-09-23 15:48:33 +01:00
Manuel Pégourié-Gonnard
d433cd7d07
Merge pull request #6283 from mpg/driver-only-hashes-wrap-up 
Driver only hashes wrap-up
 2022-09-21 08:29:46 +02:00
Ronald Cron
50969e3af5 ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-09-20 15:57:57 +02:00
Jerry Yu
7a51305478 Add multi-session tickets test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-19 14:26:07 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00
Manuel Pégourié-Gonnard
e896705c1a Take advantage of legacy_or_psa.h being public 
Opportunities for using the macros were spotted using:

    git grep -E -n -A2 'MBEDTLS_(MD|SHA)[0-9]+_C' | egrep 'PSA_WANT_ALG_(MD|SHA)'

then manually filtering the results.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-09-16 12:03:52 +02:00
Gilles Peskine
e9b55929dc Remove useless platform macro redefinitions: automatic part 
Some source files had code to set mbedtls_xxx aliases when
MBEDTLS_PLATFORM_C is not defined. These aliases are defined unconditionally
by mbedtls/platform.h, so these macro definitions were redundant. Remove
them.

This commit used the following code:
```
perl -i -0777 -pe 's~#if !defined\(MBEDTLS_PLATFORM_C\)\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*#endif.*\n~~mg' $(git grep -l -F '#if !defined(MBEDTLS_PLATFORM_C)')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-09-15 20:34:15 +02:00
Gilles Peskine
945b23c46f Include platform.h unconditionally: automatic part 
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-09-15 20:33:07 +02:00
Przemek Stekiel
632939df4b ssl_client2: print pk key name when provided using key_opaque_algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-09-15 14:16:11 +02:00
Jerry Yu
4746b10c2e fix various issues 
- Format issues
- Possible memory leak
- Improve naming and comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-09-13 15:37:46 +08:00
Andrzej Kurek
0bc834b27f Enable signature algorithms in ssl programs with PSA based hashes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-09-12 05:37:46 -04:00
Dave Rodgman
1577c548d1 Use NULL instead of 0 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-09-09 10:22:15 +01:00
Nayna Jain
106a0afc5a pkcs7: provide fuzz harness 
This allows for pkcs7 fuzz testing with OSS-Fuzz.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
 2022-09-01 19:45:41 -05:00
Jerry Yu
0203534c64 Add session save after got new session ticket 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-31 23:24:25 +08:00
Ronald Cron
e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation 
TLS 1.3: SRV: Finalize external PSK negotiation
 2022-08-31 17:21:57 +02:00
Andrzej Kurek
dcce505a08 Add a missing guard in an example program 
MD variable is not used in builds without MD.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-30 17:56:08 -04:00
Manuel Pégourié-Gonnard
bf22a2500b
Merge pull request #6208 from AndrzejKurek/tls-tests-no-md-structured 
Remove the dependency on MD from TLS 1.2 tests
 2022-08-30 12:34:37 +02:00
Manuel Pégourié-Gonnard
a84ce3fa81
Merge pull request #6111 from superna9999/6101-programs-dont-build-with-libtestdriver-and-use-psa 
Programs don't build with libtestdriver and USE_PSA
 2022-08-30 12:29:01 +02:00
Dave Rodgman
c5e0a8a890 Add missing error message 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:25:45 +01:00
Dave Rodgman
64937856e0 Correct order of extended key usage attributes 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:25:45 +01:00
Dave Rodgman
18b02d35d6 Remove redundant sig_alg argument 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:25:45 +01:00
Dave Rodgman
2ee7bbd10a Replace some constant values with sizeof 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:25:45 +01:00
Dave Rodgman
5f3f0d06e6 Address minor review comments 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:25:45 +01:00
Dave Rodgman
ec9f6b4de1 Fix minor compile errors 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:25:45 +01:00
Nicholas Wilson
99a96b1c22 Improve programs/cert_write with a way to set the signature digest 
This is useful for generating SHA-1 and MD5 certificates for test
purposes.  I guess RSA-PSS could be added too, but I don't need that
now.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:08:43 +01:00
Nicholas Wilson
8e5bdfbbcf Improve programs/cert_write with a way to set extended key usages 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-08-30 10:08:43 +01:00
Jerry Yu
c5a23a0f12 fix various issues 
- code style
- variable initialize
- update comments


Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-25 11:09:35 +08:00
Andrzej Kurek
cccb044804 Style & formatting fixes 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-23 05:26:02 -04:00
Andrzej Kurek
8c95ac4500 Add missing dependencies / alternatives 
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate, 
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-08-22 17:46:50 -04:00
Jerry Yu
5d01c05d93 fix various issues 
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:55:01 +08:00
Jerry Yu
2b7a51ba8f Add psk_or_ephemeral mode and tests 
psk_or_ephemeral exists in theory. This change is for
improving test coverage.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-21 12:51:53 +08:00
Jerry Yu
62c8763de7 Improve macro expansion help message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-11 10:18:36 +08:00
Jerry Yu
08dccc1f75 Improve help message 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-08-10 10:02:04 +08:00
Neil Armstrong
9bb8e0d3c5 Fix fuzz_privkey build without MBEDTLS_ENTROPY_C defined 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-08-08 13:56:13 +02:00
Jerry Yu
2fcb056ea9 Add requires_{any,all}_configs_enabled functions 
- requires_any_configs_enabled
- requires_all_configs_enabled
- requires_any_configs_disabled
- requires_all_configs_disabled

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-31 12:23:39 +08:00
Jan Bruckner
25fdc2addb Fix minor typos 
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
 2022-07-26 10:52:46 +02:00
Jerry Yu
2b4f02d7fb Add new_session_ticket err handler 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-07-20 11:07:29 +08:00
Paul Elliott
7adb8cbc0e Revert "Add generated files for 3.2.0 release" 
This reverts commit cb21f2eab3.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 18:18:30 +01:00
Paul Elliott
cb21f2eab3 Add generated files for 3.2.0 release 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-11 13:56:01 +01:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Paul Elliott
41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf 
Turn off stdio buffering with setbuf()
 2022-07-04 10:12:22 +01:00
Ronald Cron
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk 
Refactor signature algorithm chooser
 2022-07-04 09:10:08 +02:00
Paul Elliott
bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints 
Add accessors to config DN hints for cert request
 2022-07-01 17:23:14 +01:00
Paul Elliott
ff15dbab4c Make definition order a bit neater 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-07-01 16:30:08 +01:00
Gilles Peskine
6d576c9646 Call setbuf when reading or writing files: programs 
After opening a file containing sensitive data, call mbedtls_setbuf() to
disable buffering. This way, we don't expose sensitive data to a memory
disclosure vulnerability in a buffer outside our control.

This commit adds a call to mbedtls_setbuf() after each call to fopen(),
but only in sample programs that were calling mbedtls_platform_zeroize().
Don't bother protecting stdio buffers in programs where application buffers
weren't protected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-30 17:06:11 +02:00
Jerry Yu
cc5391048e fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:18:30 +08:00
Jerry Yu
202919c23d refine supported sig alg print 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:18:29 +08:00
Jerry Yu
64f410c246 Add tls13 sig alg parameters 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:09 +08:00
Jerry Yu
a1255e6b8c fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:09 +08:00
Jerry Yu
9bb3ee436b Revert rsa_pss_rsae_* support for tls12 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:08 +08:00
Jerry Yu
3896ac6e5b fix ordered sig algs fail for openssl 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:16:06 +08:00
Jerry Yu
9f4cc5ff65 Add pss_rsae sig algs into test conf 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-29 16:13:41 +08:00
Glenn Strauss
bd10c4e2af Test accessors to config DN hints for cert request 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-06-29 02:54:28 -04:00
Gilles Peskine
0ff241a1ea Remove largely useless bit of test log to silence GCC 12 
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.

Fixes #5974.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-25 14:29:23 +02:00
Ronald Cron
ba65fbbe30 Fix comments 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-22 17:36:12 +02:00
Ronald Cron
903c979376 programs: ssl: Add one RSA PSS signature algorithm 
Add one RSA PSS signature algorithm to the
test list of signature algorithms. This allows
certificate chains exposing an RSA key with
signatures using SHA-1 to be used in tests
where an TLS 1.3 handshake is performed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-17 08:45:30 +02:00
Ronald Cron
4ccd226cbf
Merge pull request #5864 from xkqian/tls13_add_comprehensive_cases 
Tls13 add comprehensive cases
 2022-06-15 09:18:11 +02:00
Gilles Peskine
f940693960
Merge pull request #5725 from tom-daubney-arm/x25519_program 
Rewrite x25519 example program
 2022-05-31 11:27:22 +02:00
XiaokangQian
d5d5b60c07 Add comprehensive test cases for TLS1.3 server side 
Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-31 02:51:26 +00:00
Thomas Daubney
413550c529 Change memcmp call 
Previous call used sizeof() function which is not needed.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-05-23 16:11:31 +01:00
Thomas Daubney
70c0088239 Change use of olen variables 
Removed olen variable in favour of storing olens for
client and server separately.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-05-20 18:46:10 +01:00
bootstrap-prime
6dbbf44d78
Fix typos in documentation and constants with typo finding tool 
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>
 2022-05-18 14:15:33 -04:00
Thomas Daubney
306a89094a Add additional error checking 
Initialise client and server secret buffers and check their
lengths.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-05-18 15:26:39 +01:00
Thomas Daubney
ec2ec42828 Fix formatting 
Line up function parameters.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-05-18 10:23:20 +01:00
Thomas Daubney
64042b8d3d Fix typo 
Fix typo that was caught during review.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-05-18 09:59:55 +01:00
Dave Rodgman
d87e46f3de
Merge pull request #3641 from okhowang/c99 
Pass c99 to compiler
 2022-05-12 14:01:10 +01:00
Manuel Pégourié-Gonnard
9bc53a2e84
Merge pull request #5806 from josesimoes/fix-3031 
Remove prompt to exit in all programs
 2022-05-12 10:50:31 +02:00
Andrzej Kurek
5c65c5781f Fix additional misspellings found by codespell 
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L 
keypair,Keypair,KeyPair,keyPair,ciph,nd

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-05-11 21:25:54 +01:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. 
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 21:25:51 +01:00
Dave Rodgman
faef649dec Fix Ubuntu compile error in udp_proxy.c 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-05-11 19:55:45 +01:00
josesimoes
23419560c9 Remove prompt to exit in all programs 
Signed-off-by: José Simões <jose.simoes@eclo.solutions>
 2022-05-06 17:11:22 +01:00
Przemek Stekiel
cb20d202d2 Further code optimization 
- key_opaque_set_alg_usage(): set alg/usage in loop
- key_opaque_set_alg_usage(): add key paramteter to set default alg/usage if it is not specified by command line parameters
- unify default alg/usage for client and server
- optimize opaque code on client and server side

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-06 09:34:30 +02:00
Przemek Stekiel
296bfba924 ssl_server2: add key_opaque_algs2 usage info 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 11:08:34 +02:00
Przemek Stekiel
1d25e076f3 ssl_client2: fix default key opaque algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 11:05:10 +02:00
Przemek Stekiel
488efa05b6 Fix compiler warnings: initialize local variables: psa_alg, psa_alg2, psa_usage 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel
134eb8b6e2 Fix style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel
092128324f ssl_client2/ss_server2: optimize code for opaque key 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel
76a41f5a52 ssl_test_lib: fix compilation flags for default config 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel
e5e9ba920f ssl_server2: refactor opaque code 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel
89132a6ab0 Fix call to mbedtls_pk_wrap_as_opaque(): use usage variable instead PSA_KEY_USAGE_SIGN_HASH 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel
b58c47a666 ssl_server2: use key opaque algs given from command line 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel
344c561292 ssl_server2: Add support for key_opaque_algs2 command line paramtere 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel
a17b5c6ba2 ssl_client: use key opaque algs given from command line 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel
01396a16da ssl_test_lib: add function translate given opaque algoritms to psa 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel
77fc9ab1ba Fix typos and code style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel
4ca0d72c3b ssl server: add key_opaque_algs command line option 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel
f1822febc4 ssl client: add key_opaque_algs command line option 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Przemek Stekiel
85d692d1c4 ssl client/server: add parsing function for key_opaque_algs command line option 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-05-05 10:17:01 +02:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque 
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
 2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx 
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
 2022-04-29 10:47:16 +02:00
Neil Armstrong
94e371af91 Update mbedtls_pk_wrap_as_opaque() usage in SSL client2 & server2 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-28 13:27:59 +02:00
Gilles Peskine
72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap 
Improve benchmarking of ECC heap usage
 2022-04-22 16:43:11 +02:00
Przemek Stekiel
cb322eac6b Enable support for psa opaque DHE-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00
Przemek Stekiel
b293aaa61b Enable support for psa opaque DHE-PSK key exchange on the client side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:54:33 +02:00