yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
21567 commits 1 branch 0 tags 94 MiB
Commit graph

2254 commits

Author SHA1 Message Date
Przemek Stekiel
aeb710fec5 Enable support for psa opaque RSA-PSK key exchange on the server side 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:28 +02:00
Przemek Stekiel
fc72e428ed ssl_client2: Enable support for TLS 1.2 RSA-PSK opaque ciphersuite 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-04-22 14:52:27 +02:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server 
Add client hello into server side
 2022-04-22 10:26:00 +02:00
Manuel Pégourié-Gonnard
21f82c7510
Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12 
RSA sign 3b: TLS 1.2 integration testing
 2022-04-22 10:05:43 +02:00
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk 
Run ssl-opt.sh in more reduced configurations
 2022-04-21 12:03:53 +02:00
XiaokangQian
318dc763a6 Fix test failure issue and update code styles 
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-04-20 09:43:51 +00:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers 
Unify internal/external TLS protocol version enums
 2022-04-19 17:05:26 +01:00
Glenn Strauss
e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version 
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version 
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-04-14 15:40:12 -04:00
Neil Armstrong
f0b1271a42 Support RSA Opaque PK keys in ssl_server2 
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
 2022-04-13 10:49:25 +02:00
Thomas Daubney
88fed8e700 Rewrite ecdh_curve25519 program 
Rewrite the example ECDH x25519 program using the
high-level ECDH API.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-04-12 14:37:16 +01:00
Dave Rodgman
ed35887fc8
Merge pull request #2104 from hanno-arm/iotssl-2071 
Check that integer types don't use padding bits in selftest
 2022-04-11 17:26:08 +01:00
Dave Rodgman
8f5a29ae40 Improve fix for printf specifier 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-11 12:59:45 +01:00
Dave Rodgman
eaba723139 Fix printf specifier 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-11 10:07:38 +01:00
Dave Rodgman
e2e7e9400b Fail for types not of size 2, 4 or 8 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:46:30 +01:00
Hanno Becker
baae59cd49 Improve documentation of absence-of-padding check 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:46:29 +01:00
Hanno Becker
0d7dd3cd43 Check that size_t and ptrdiff_t don't have padding 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:46:26 +01:00
Hanno Becker
4ab3850605 Check that integer types don't use padding bits in selftest 
This commit modifies programs/test/selftest to include a check that
none of the standard integer types (unsigned) [short, int, long, long]
uses padding bits, which we currently don't support.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-04-08 12:45:05 +01:00
Gilles Peskine
e756f642cd Seed the PRNG even if time() isn't available 
time() is only needed to seed the PRNG non-deterministically. If it isn't
available, do seed it, but pick a static seed.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-04-08 04:46:41 -04:00
Gilles Peskine
99a732bf0c Fix off-by-one in buffer_size usage 
The added null byte was accounted for twice, once by taking
opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1
when filling the buffer. Make opt.buffer_size the size that is actually
read, it's less confusing that way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-06 23:34:36 +02:00
Gilles Peskine
8bb96d96cd Fix buffer size calculation 
Make sure that buf always has enough room for what it will contain. Before,
this was not the case if the buffer was smaller than the default response,
leading to memory corruption in ssl_server2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-04-06 23:31:05 +02:00
Dave Rodgman
017a19997a Update references to old Github organisation 
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2022-03-31 14:43:16 +01:00
Jerry Yu
79c004148d Add PSA && TLS1_3 check_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Jerry Yu
3a58b462b6 add pss_rsae_sha{384,512} 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-03-22 15:13:34 +08:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless 
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
 2022-03-15 16:43:19 +00:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data 
server certificate selection callback
 2022-03-10 11:51:42 +01:00
Manuel Pégourié-Gonnard
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c 
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
 2022-03-08 11:43:45 +01:00
Andrzej Kurek
541318ad70 Refactor ssl_context_info time printing 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Andrzej Kurek
554b820747 Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Andrzej Kurek
6056e7af4f Fix benchmark and udp_proxy dependency on MBEDTLS_HAVE_TIME 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
Andrzej Kurek
06a00afeec Fix requirement mismatch in fuzz/common.c 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-03-04 05:07:45 -05:00
David Horstmann
ca53459bed programs/fuzz: Remove superfluous MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra
check for MBEDTLS_HAVE_TIME is not needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-03-04 05:07:45 -05:00
David Horstmann
4e0cc40d0f programs/fuzz: Use build_info.h in common.h 
Remove direct inclusion of mbedtls_config.h and replace with
build_info.h, as is the convention in Mbed TLS 3.0.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-03-04 05:07:45 -05:00
David Horstmann
5b9cb9e8ca programs/test: fix build without MBEDTLS_HAVE_TIME 
Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is
not defined. In this case, do not attempt to seed the pseudo-random
number generator used to sometimes produce corrupt packets and other
erroneous data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-03-04 05:07:45 -05:00
Raoul Strackx
9ed9bc9377 programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined 
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 05:07:45 -05:00
Daniel Axtens
f071024bf8 Do not include time.h without MBEDTLS_HAVE_TIME 
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
 2022-03-04 05:07:45 -05:00
Przemek Stekiel
3f076dfb6d Fix comments for conditional compilation 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-03-04 09:36:46 +01:00
Glenn Strauss
48a37f01b3 Add cert_cb use to programs/ssl/ssl_server2.c 
(for use by some tests/)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-25 19:55:53 -05:00
Gilles Peskine
fd222da2e9 Fix the build when MBEDTLS_PLATFORM_C is unset 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-02-25 15:26:40 +01:00
Manuel Pégourié-Gonnard
6d2479516c
Merge pull request #5533 from paul-elliott-arm/fix_fuzz_privkey_null_ctx 
Fix null context when using dummy_rand with mbedtls_pk_parse_key()
 2022-02-16 09:55:01 +01:00
Paul Elliott
5d7e61fb61 Fix uninitialised return value. 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-15 16:05:17 +00:00
Manuel Pégourié-Gonnard
a1b506996d
Merge pull request #5526 from paul-elliott-arm/fix_fuzzer_null_ref 
Ensure ctr_drbg is initialised every time in fuzz_server
 2022-02-15 10:31:03 +01:00
Paul Elliott
a1dc3e5a60 Add safety to dummy_random in case of NULL context 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-14 18:26:21 +00:00
Przemyslaw Stekiel
169f115bf0 ssl_client2: init psa crypto for TLS 1.3 build 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2022-02-14 17:15:04 +01:00
Paul Elliott
bb0168144e Ensure valid context is used in fuzz_dtlsserver 
A valid ctr_drbg context is now a prerequisite for using dummy_random()

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-14 15:57:11 +00:00
Paul Elliott
51a7679a8e Ensure context is passed in to dummy_rand 
In fuzz_privkey, we switched over to using dummy_rand(), which uses
ctr_drbg internally, and thus requires an initialised ctr_drbg_context
to be passed in via p_rng when calling mbedtls_pk_parse_key().

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-11 19:10:14 +00:00
Paul Elliott
00738bf65e Ensure ctr_drbg is initialised every time 
ctr_drbg is a local variable and thus needs initialisation every time
LLVMFuzzerTestOneInput() is called, the rest of the variables inside the
if(initialised) block are all static.

Add extra validation to attempt to catch this issue in future.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2022-02-10 18:38:53 +00:00
Glenn Strauss
a941b62985 Create public macros for ssl_ticket key,name sizes 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 15:28:28 -05:00
Glenn Strauss
e328245618 Add test case use of mbedtls_ssl_ticket_rotate 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-02-09 14:33:16 -05:00
Manuel Pégourié-Gonnard
9193f7d836
Merge pull request #5436 from mpg/prog-hmac-cipher-psa 
PSA: example programs for HMAC and AEAD vs legacy
 2022-02-09 10:53:49 +01:00
Manuel Pégourié-Gonnard
ae1bae8412 Give a magic constant a name 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:36:28 +01:00
Manuel Pégourié-Gonnard
c82504e22c Clean up output from cipher_aead_demo 
Used to print "cipher:" when it was the cipher part of a program that
had both cipher and PSA. Now it doesn't really make sense. Align the
output to match the PSA version of this program.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:31:36 +01:00
Manuel Pégourié-Gonnard
5e6c884315 Improve info() function in cipher_aead_demo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:29:59 +01:00
Manuel Pégourié-Gonnard
64754e1b8d Wrap long lines 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:21:14 +01:00
Manuel Pégourié-Gonnard
340808ca67 Add comments on error codes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:15:26 +01:00
Manuel Pégourié-Gonnard
48bae0295c Avoid hardcoding a size 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 11:14:58 +01:00
Manuel Pégourié-Gonnard
cf99beb8fe Improve naming consistency 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-08 10:54:26 +01:00
Manuel Pégourié-Gonnard
6f20595b6e
Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity 
Clarify key types message from ssl_client2 and ssl_server2
 2022-02-03 11:33:03 +01:00
Manuel Pégourié-Gonnard
1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs 
Resolve problems with reduced configs using USE_PSA_CRYPTO
 2022-02-02 10:20:26 +01:00
Manuel Pégourié-Gonnard
f6ea19c66c Work around bug in PSA_MAC_LENGTH() 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 13:08:21 +01:00
Manuel Pégourié-Gonnard
12ec5719e7 Fix bug in md_hmac_demo 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 09:47:46 +01:00
Manuel Pégourié-Gonnard
29088a4146 Avoid duplicate program names 
Visual Studio and CMake didn't like having targets with the same name,
albeit in different directories.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 09:38:26 +01:00
Manuel Pégourié-Gonnard
6fdc9e8df1 Move aead_non_psa out of the psa/ directory 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-02-01 09:29:13 +01:00
Gilles Peskine
cc50f1be43 Fix copypasta 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-31 22:53:30 +01:00
Manuel Pégourié-Gonnard
69bb3f5332 Move hmac_non_psa out of psa/ directory 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-31 13:09:47 +01:00
Manuel Pégourié-Gonnard
248b385f1b Add comments to AEAD (non-PSA) examples 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-31 12:56:39 +01:00
Manuel Pégourié-Gonnard
6349794648 Demonstrate better practices in HMAC examples 
- avoid hardcoded sizes when there's a macro for that
- avoid mutable global variables
- zeroize potentially-sensitive local buffer on exit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-31 12:30:02 +01:00
Manuel Pégourié-Gonnard
f392a02c50 Add comments to the HMAC (non-)PSA examples 
Also clean up / align the structure on existing examples.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-31 12:06:07 +01:00
Manuel Pégourié-Gonnard
fd1d13c8bd Avoid requiring too much C99 support 
MSVC 2013, still supported and used in our CI, did not support that.

   aead_psa.c(78): error C2099: initializer is not a constant
   aead_psa.c(168): error C2057: expected constant expression
   aead_psa.c(168): error C2466: cannot allocate an array of constant size 0
   aead_psa.c(168): error C2133: 'out' : unknown size
   aead_psa.c(169): warning C4034: sizeof returns 0

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-28 12:52:35 +01:00
Manuel Pégourié-Gonnard
7d5ef1731b Split aead_cipher_psa 
Same as previous commit

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-28 12:49:37 +01:00
Manuel Pégourié-Gonnard
edf6e83cbc Split hmac_md_psa.c 
Having two programs might make comparison easier, and will make it
easier to people to use just the PSA one as an example.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-27 12:36:39 +01:00
Manuel Pégourié-Gonnard
1a45c713f0 Fix cleanup code 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-27 12:22:28 +01:00
Manuel Pégourié-Gonnard
3aae30c224 Use PSA macros for buffer sizes 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-27 12:11:49 +01:00
Manuel Pégourié-Gonnard
beef9c231c Use better names for dummy data 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-27 12:11:49 +01:00
Manuel Pégourié-Gonnard
428a97ed47 Improve option names 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-27 11:36:03 +01:00
Manuel Pégourié-Gonnard
0e725c33d4 Improve introductory comments. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-27 11:35:05 +01:00
Gilles Peskine
05bf89da34 Clarify key types message from ssl_client2 and ssl_server2 
If no key is loaded in a slot, say "none", not "invalid PK".

When listing two key types, use punctuation that's visibly a sequence
separator (",").

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-01-25 17:50:25 +01:00
Jerry Yu
11f0a9c2c4 fix deprecated-declarations error 
replace sig_hashes with sig_alg

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-01-25 12:46:17 +08:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite 
Add accessors for ciphersuite info
 2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard
ff743a7f38
Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets 
TLS Cipher 1a: extend testing of tickets
 2022-01-24 10:25:29 +01:00
Glenn Strauss
6eef56392a Add tests for accessors for ciphersuite info 
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
 2022-01-23 08:37:02 -05:00
Andrzej Kurek
7a58d5283b Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED 
Fix dependencies across test ssl programs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-19 12:34:02 -05:00
Manuel Pégourié-Gonnard
aab5258b7a Avoid using %zu, not supported everywhere yet. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-19 10:28:32 +01:00
Manuel Pégourié-Gonnard
24e82ded79 Fix type of temporary variable 
Both functions use int. Using size_t results is a warning from MSVC.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-18 09:29:41 +01:00
Manuel Pégourié-Gonnard
763641a3f5 Rm use of non-standard __func__ in example programs 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-17 11:58:54 +01:00
Manuel Pégourié-Gonnard
9efbf53f0e Declare incompatibility in new programs 
Existing example programs in this directory are already incompatible
with that option, so this is probably acceptable here too.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-17 11:57:44 +01:00
Manuel Pégourié-Gonnard
ecffd96910 Silence compiler warning in example program 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-14 13:23:54 +01:00
Manuel Pégourié-Gonnard
398d45985b Add example program psa/aead_cipher_psa 
This is meant to highlight similarities and differences in the APIs.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-14 12:48:13 +01:00
Gabor Mezei
d4bea1efd5
Add ticket_aead option for ssl_server2 
The ticket_aead option allows to specify the session ticket protection.

Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
 2022-01-12 16:21:15 +01:00
Manuel Pégourié-Gonnard
667b556dbc Add example program psa/hmac_md_psa 
This is meant to highlight similarities and differences in the
multi-part HMAC APIs.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-07 12:20:54 +01:00
Manuel Pégourié-Gonnard
bf5b46c1ee Fix alignment in benchmark output 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-05 10:34:17 +01:00
Manuel Pégourié-Gonnard
6ced002a69 Count allocs without side-effects 
At the end of the benchmark program, heap stats are printed, and these
stats will be wrong if we reset counters in the middle.

Also remove the function to reset counters, in order to encourage other
programs to behave correctly as well.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-05 10:08:59 +01:00
Manuel Pégourié-Gonnard
cd4ad0c67a No need to call a function to avoid a warning. 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-05 09:54:37 +01:00
Manuel Pégourié-Gonnard
68322c4594 Remove old useless function from benchmark 
This no longer makes sense since pre-computed multiples of the base
point are now static. The function was not doing anything since `grp.T`
was set to `NULL` when exiting `ecp_mul_comb()` anyway.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-04 11:14:42 +01:00
Manuel Pégourié-Gonnard
c4055446c4 Use alloc counters in memory benchmarking 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-04 10:24:01 +01:00
Manuel Pégourié-Gonnard
a93aa580dc Fix build failure in benchmark in reduced configs 
The "proper" fix would be to define the function only when it's needed,
but the condition for that would be tedious to write (enumeration of all
symmetric crypto modules) and since this is a utility program, not the
core library, I think it's OK to keep unused functions.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2022-01-04 09:47:54 +01:00
Andrzej Kurek
03e01461ad Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO 
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-01-03 12:53:24 +01:00
paul-elliott-arm
f434994d83
Merge pull request #5303 from yuhaoth/pr/add_list_config_function 
Add list config function
 2021-12-10 18:30:06 +00:00
Ronald Cron
2331fdb280
Merge pull request #5293 from ronald-cron-arm/tls13-mvp-misc 
Miscellaneous final changes for TLS 1.3 MVP release
 2021-12-10 17:46:47 +01:00
Jerry Yu
29ceb564f8 fix help message issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 23:38:57 +08:00
Gilles Peskine
f1c30b2a94 Check return values in more places 
Selective replacement of
```
^\( *\)\(mbedtls_\(md\|cipher\)_[A-Z_a-z0-9]+\)\((.*)\);
```
by
```
\1if( \2\4 != 0 )
\1{
\1    mbedtls_fprintf( stderr, "\2() returned error\\n" );
\1    goto exit;
\1}
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-12-10 14:25:45 +01:00
Ronald Cron
6f135e1148 Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2021-12-10 13:47:55 +01:00
Jerry Yu
a15f3cc350 Add list_config into query_comile_time_config 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 16:31:01 +08:00
Jerry Yu
84e63a73cd Add list_config generation 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2021-12-10 16:30:57 +08:00
Gilles Peskine
1dc3c4553d
Merge pull request #5295 from paul-elliott-arm/crypt_and_hash_prog 
Add checks for return values to md functions in crypt and hash
 2021-12-09 23:32:59 +01:00
Paul Elliott
ef9cccaf3c Fix printf format specifier 
Also mark function as printf variant so compiler will pickup any future
issues.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 17:25:04 +00:00
Paul Elliott
d79d3eb736 Add checks for return values to md functions 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 17:18:10 +00:00
Paul Elliott
3820c150d1 Prevent resource leak 
If -f was used as an argument twice to the program, then it would leak
the file resource, due to overwriting it on the second pass

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2021-12-09 12:48:51 +00:00
Dave Rodgman
351c71b7f2 Fix builds when config.h only defines MBEDTLS_BIGNUM_C 
Fixes #4929

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2021-12-06 17:50:53 +00:00
Xiaofei Bai
d25fab6f79 Update based on comments 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-12-02 06:36:27 +00:00
Xiaofei Bai
6dc90da740 Rebased on 74217ee and add fixes 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:12:43 +00:00
Xiaofei Bai
9539501120 Rebase and add fixes 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:09:26 +00:00
Xiaofei Bai
746f9481ea Fix 1_3/13 usages in macros and function names 
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
 2021-11-26 08:08:36 +00:00
Ronald Cron
74217ee03c
Merge pull request #5202 from xkqian/pr/add_rsa_pkcsv15 
Pr/add rsa pkcsv15
 2021-11-26 08:07:11 +01:00
Gilles Peskine
a0e57ef84f
Merge pull request #5131 from gilles-peskine-arm/dlopen-test 
dlopen test
 2021-11-25 22:03:27 +01:00
XiaokangQian
4d2329fd8a Change code based on reviews 
Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-25 02:21:16 +00:00
XiaokangQian
25476a48b9 Change code based on review 
Remove useless component in all.sh
Remove use server logs in ssh-opt.sh
Remove useless guards in ssl_client2.c

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-23 14:01:21 +00:00
XiaokangQian
ff5f6c8bb0 Refine test code and test scripts 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-23 08:49:51 +00:00
XiaokangQian
f977e9af6d Add componet test and rsa signature options 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-23 07:19:23 +00:00
XiaokangQian
bdf26de384 Fix test failure and remove useless code 
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 09:52:56 +00:00
XiaokangQian
4b82ca1b70 Refine test code and test scripts 
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh

Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2021-11-22 05:50:12 +00:00
paul-elliott-arm
61f797adfd
Merge pull request #5111 from mprse/aps_mem_leak 
ssl_client2, ssl_server2: add check for psa memory leaks
 2021-11-17 11:54:44 +00:00
Gilles Peskine
834d229117 Fix dynamic library extension on macOS 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-12 14:30:22 +01:00
Gilles Peskine
7fb54c5674 More explicit output for the test program 
Without that, the logs were a bit hard to understand if you didn't know what
to expect.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 21:08:28 +01:00
Gilles Peskine
b6a0299708 Avoid undefined variable warning without MBEDTLS_MD_C 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:11:32 +01:00
Gilles Peskine
88e3e70df5 Use CMake's knowledge of what system library has dlopen() 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:10:27 +01:00
Gilles Peskine
f80a029f28 Don't build dlopen when building for Windows 
Windows doesn't have dlopen, not even Linux emulation environments such as
MinGW.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:05:20 +01:00
Gilles Peskine
5dbee582a3 Only link with libdl on Linux 
Requiring an extra library for dlopen is a Linux non-POSIX-compliance.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:05:20 +01:00
Gilles Peskine
ca144597e8 Run the dlopen test in shared library builds 
Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126:
libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509
and libmbedcrypto when built with make.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:05:20 +01:00
Gilles Peskine
a7c247e87d New test app for dynamic loading of libmbed* with dlopen 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-11-10 19:05:20 +01:00
Przemyslaw Stekiel
d6914e3196 ssl_client2/ssl_server2: Rework ordering of cleanup 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-10 10:46:11 +01:00
Przemyslaw Stekiel
505712338e ssl_client2: move memory leak check before rng_free() 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-03 14:19:52 +01:00
Przemyslaw Stekiel
53de2622f3 Move psa_crypto_slot_management.h out from psa_crypto_helpers.h 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-03 09:35:35 +01:00
Przemyslaw Stekiel
bbb22bbd9e ssl_client2/ssl_server2: Move is_psa_leaking() before mbedtls_psa_crypto_free() (and rng_free()) 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-11-03 09:06:09 +01:00
Manuel Pégourié-Gonnard
0dbe1dfa1c
Merge pull request #4859 from brett-warren-arm/supported_groups 
Add mbedtls_ssl_conf_groups to API
 2021-11-02 10:49:09 +01:00
Brett Warren
25386b7652 Refactor ssl_{server2,client2} for NamedGroup IDs 
Signed-off-by: Brett Warren <brett.warren@arm.com>
 2021-10-29 14:07:46 +01:00
Przemyslaw Stekiel
fed825a9aa ssl_client2, ssl_server2: add check for psa memory leaks 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-10-29 12:32:26 +02:00
Manuel Pégourié-Gonnard
4c9313fcd9
Merge pull request #4514 from mpg/generated-files-cmake 
Generated files cmake
 2021-10-28 09:23:41 +02:00
Manuel Pégourié-Gonnard
475bfe626e
Merge pull request #5108 from gilles-peskine-arm/base64-no-table-3.0 
range-based constant-flow base64
 2021-10-27 12:18:21 +02:00
Manuel Pégourié-Gonnard
9317e09d15
Merge pull request #5007 from mprse/pk_opaque 
Add key_opaque option to ssl_server2.c + test
 2021-10-27 10:52:13 +02:00
Przemyslaw Stekiel
c2d2f217fb ssl_client2/ssl_server_2: use PSA_ALG_ANY_HASH as algorithm for opaque key 
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
 2021-10-26 12:24:34 +02:00
Gilles Peskine
680747b868 Fix the build of sample programs without mbedtls_strerror 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 22:09:12 +02:00
Gilles Peskine
987984482d Fix printf format signedness error 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 22:09:12 +02:00
Gilles Peskine
9a2114ca57 load_roots: properly error out on an invalid option 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 22:09:12 +02:00
Gilles Peskine
01997e119f load_roots: fix no-argument detection 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 22:09:12 +02:00
Gilles Peskine
618a70ede7 load_roots: arguments must be files 
I had originally thought to support directories with
mbedtls_x509_crt_parse_path but it would have complicated the code more than
I cared for. Remove a remnant of the original project in the documentation.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 22:09:12 +02:00
Gilles Peskine
2c1442ebc0 New sample program to benchmark certificate loading 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2021-10-25 22:08:33 +02:00
David Horstmann
a8d1406107 Rename DEV_MODE to GEN_FILES 
GEN_FILES is a bit clearer as it describes what the setting
does more precisely.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-10-25 13:16:04 +01:00
David Horstmann
3e30ad9b0d Use MBEDTLS_PYTHON_EXECUTABLE 
Change one occurrence of ${PYTHON} to ${MBEDTLS_PYTHON_EXECUTABLE}
and add implied ${MBEDTLS_PYTHON_EXECUTABLE} to the start of a
different command.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-10-25 13:16:04 +01:00
David Horstmann
d64f4b249c Fix assorted spelling and wording issues 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2021-10-25 13:16:04 +01:00