Andrzej Kurek
078e9bcda6
Add the mbedtls prefix to ssl_check_dtls_clihlo_cookie
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-08 11:47:33 -04:00
Andrzej Kurek
e6487ab490
Add a changelog entry for the cookie parsing bounds bug
...
Co-authored-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:31:08 -04:00
Andrzej Kurek
cfb01948c8
Add cookie parsing tests to test_suite_ssl
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:29:15 -04:00
Andrzej Kurek
c8183cc492
Add missing sid_len in calculations of cookie sizes
...
This could lead to a potential buffer overread with small
MBEDTLS_SSL_IN_CONTENT_LEN.
Change the bound calculations so that it is apparent
what lengths and sizes are used.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-06-06 15:28:56 -04:00
Gilles Peskine
364fd8bb71
More SSL debug messages for ClientHello parsing
...
In particular, be verbose when checking the ClientHello cookie in a possible
DTLS reconnection.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-06 14:25:41 -04:00
Manuel Pégourié-Gonnard
a745c7d439
Merge pull request #5779 from mprse/rsa_decr_1b
...
RSA decrypt 1b: prepare for TLS testing
2022-05-09 14:32:05 +02:00
Manuel Pégourié-Gonnard
9bbb7bacae
Merge pull request #5791 from superna9999/5788-unify-non-opaque-and-opaque-psks
...
Unify non-opaque and opaque PSKs
2022-05-09 10:15:16 +02:00
Ronald Cron
929c085064
Merge pull request #5537 from xffbai/tls13-write-cert-req-msg
...
TLS1.3: Add writing CertificateRequest msg on server side
2022-05-09 09:28:36 +02:00
XiaokangQian
aad9b0a286
Update code base on comments
...
Change-Id: Ibc5043154515d2801565a2b99741dfda1344211c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-09 01:11:21 +00:00
XiaokangQian
a987e1d2f8
Change state machine after encrypted extension and update cases
...
Change-Id: Ie84a2d52a08538afb8f6096af0c054bd55ed66cb
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
ec6efb98bc
Change variable name to output_len
...
Change-Id: I0f8a40da9782b2ec7af7e6f1faf1ac5c7e589418
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
cec9ae6259
Change the code places of CERTIFICATE_REQUEST
...
Change-Id: I3aa293184fea4f960782675bdd520256c808bd4e
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
45c22201b3
Update test cases and encrypted extension state set
...
Change-Id: Ie1acd10b61cefa9414169b276a0c5c5ff2f9eb79
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
2f150e184f
Update status and add test cases for client certificate request
...
Change-Id: If9b9672540d2b427496b7297aa484b8bcfeb75c5
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
1f1f1e3372
Temp change to align with client/server hello style
...
Change-Id: I8befbbcb5d6f7fdb230022825dcb856e19d9bec0
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
9dc4450647
Fix commets issue about coding styles
...
Change-Id: I930a062e137562e0b129b9b9b191e5c864f8104d
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
XiaokangQian
eaf3651e31
Rebase and solve conflicts
...
Change handshake_msg related functions
Share the ssl_write_sig_alg_ext
Change-Id: I3d342baac302aa1d87c6f3ef75d85c7dc030070c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-07 01:37:04 +00:00
Xiaofei Bai
5ee73d84a9
Address review comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-05-07 01:37:04 +00:00
Xiaofei Bai
9ca09d497f
Add writing CertificateRequest msg on server side
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2022-05-07 01:37:04 +00:00
Paul Elliott
612615fa5e
Merge pull request #5814 from paul-elliott-arm/travis_project
...
Revert Coverity project name change in Travis
2022-05-06 19:10:36 +01:00
Paul Elliott
63d3debae0
Revert Coverity project name change
...
Although Coverity have now changed their URL to point at the new
project, they did not change the project name, it would seem.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-05-06 14:06:09 +01:00
Ronald Cron
25b1f5d2b7
Merge pull request #5545 from xffbai/tls13-write-enc-ext
...
TLS1.3: add writing encrypted extensions on server side.
2022-05-06 13:54:45 +02:00
Jerry Yu
ef2b98a246
fix coding style issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-06 16:40:05 +08:00
Przemek Stekiel
cb20d202d2
Further code optimization
...
- key_opaque_set_alg_usage(): set alg/usage in loop
- key_opaque_set_alg_usage(): add key paramteter to set default alg/usage if it is not specified by command line parameters
- unify default alg/usage for client and server
- optimize opaque code on client and server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 09:34:30 +02:00
Jerry Yu
f86eb75c58
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-06 11:16:55 +08:00
Paul Elliott
2d89b4059d
Merge pull request #5803 from paul-elliott-arm/travis_coverity_fix
...
Rotate coverity secret token in travis
2022-05-05 18:11:27 +01:00
Neil Armstrong
8ecd66884f
Keep raw PSK when set via mbedtls_ssl_conf_psk() and feed as input_bytes
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-05 14:01:49 +02:00
Jerry Yu
e110d258d9
Add set outbound transform
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-05-05 19:59:59 +08:00
Przemek Stekiel
296bfba924
ssl_server2: add key_opaque_algs2 usage info
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 11:08:34 +02:00
Przemek Stekiel
1d25e076f3
ssl_client2: fix default key opaque algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 11:05:10 +02:00
Przemek Stekiel
488efa05b6
Fix compiler warnings: initialize local variables: psa_alg, psa_alg2, psa_usage
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
134eb8b6e2
Fix style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
092128324f
ssl_client2/ss_server2: optimize code for opaque key
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
76a41f5a52
ssl_test_lib: fix compilation flags for default config
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
e5e9ba920f
ssl_server2: refactor opaque code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
89132a6ab0
Fix call to mbedtls_pk_wrap_as_opaque(): use usage variable instead PSA_KEY_USAGE_SIGN_HASH
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
b58c47a666
ssl_server2: use key opaque algs given from command line
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
344c561292
ssl_server2: Add support for key_opaque_algs2 command line paramtere
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
a17b5c6ba2
ssl_client: use key opaque algs given from command line
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
01396a16da
ssl_test_lib: add function translate given opaque algoritms to psa
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
77fc9ab1ba
Fix typos and code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
4ca0d72c3b
ssl server: add key_opaque_algs command line option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
f1822febc4
ssl client: add key_opaque_algs command line option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
85d692d1c4
ssl client/server: add parsing function for key_opaque_algs command line option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Paul Elliott
e6e7bf58d1
Merge pull request #5801 from wernerlewis/asn1_memcpy_null
...
Fix memcpy() UB in mbedtls_asn1_named_data()
2022-05-04 23:20:14 +01:00
Werner Lewis
b374a98e7d
Add ChangeLog entry
...
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-05-04 16:25:53 +01:00
Paul Elliott
b73ed139b7
Change coverity secret token in travis
...
Travis stopped being able to push builds to coverity due to the token
apparently being no longer valid. Rotating the token to see if that
fixes things.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-05-04 12:43:08 +01:00
Werner Lewis
e59a531455
Fix memcpy() UB in mbedtls_asn1_named_data()
...
Removes a case in mbedtls_asn1_named_data() where memcpy() could be
called with a null pointer and zero length. A test case is added for
this code path, to catch the undefined behavior when running tests with
UBSan.
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
2022-05-04 11:45:06 +01:00
Neil Armstrong
80f6f32495
Make mbedtls_ssl_psk_derive_premaster() only for when MBEDTLS_USE_PSA_CRYPTO is not selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00
Neil Armstrong
044a32c4c6
Remove mbedtls_ssl_get_psk() and it's usage when MBEDTLS_USE_PSA_CRYPTO is selected
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-05-04 11:08:41 +02:00