yuzu-emu/mbedtls
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity
27919 commits 1 branch 0 tags 94 MiB
Commit graph

1080 commits

Author SHA1 Message Date
Dave Rodgman
16799db69a update headers 
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
 2023-11-02 19:47:20 +00:00
Ronald Cron
95b735530c
Merge pull request #6719 from yuhaoth/pr/tls13-early-data-add-early-data-of-client-hello 
TLS 1.3: EarlyData SRV: Add early data extension parser.
 2023-10-26 08:31:53 +00:00
Jerry Yu
53a332d970 fix various issues 
- rename file name from `early_data.txt` to `tls13_early_data.txt`
- fix typo issue
- remove redundant parameter

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-23 13:52:56 +08:00
Manuel Pégourié-Gonnard
22334a202a Fix some dependencies in ssl-opt.sh 
These are explicitly PSA tests, so use PSA_WANT.

Was missed by analyze_outcomes.py because those test cases were not
listed properly, which will be fixed by #8088.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-10-19 11:27:33 +02:00
Manuel Pégourié-Gonnard
2e37d7b238
Merge pull request #8121 from gilles-peskine-arm/ssl-test-no-legacy 
Remove GNUTLS_LEGACY and OPENSSL_LEGACY
 2023-10-18 07:13:12 +00:00
Jerry Yu
e649cecb43 Add data file for early data input 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2023-10-12 15:02:01 +08:00
Valerio Setti
cf29c5d9d5 ssl: don't require MBEDTLS_ECP_DP with TLS1.3 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Valerio Setti
482a0b957f test: fix remaining disparities and remove debug leftovers 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-09-25 17:39:41 +02:00
Gilles Peskine
eda1b1f744
Merge pull request #7921 from valeriosetti/issue7613 
TLS: Clean up ECDSA dependencies
 2023-09-20 12:47:55 +00:00
Manuel Pégourié-Gonnard
f299efdb96 Improve a comment 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-09-18 11:19:04 +02:00
Gilles Peskine
2c40b90598 ssl-opt.sh doesn't actually use OPENSSL_LEGACY: remove unused function 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-30 16:38:56 +02:00
Gilles Peskine
5cb8605d79 ssl-opt.sh doesn't actually use OPENSSL_LEGACY, so remove it 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-08-27 21:40:56 +02:00
Valerio Setti
36344cecbd ssl-opt: remove redundant requirement for RSA_C 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-11 09:37:14 +02:00
Valerio Setti
4f577f3e51 ssl-opt: add RSA_C requirement when RSA encryption is used in certificate 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-11 06:35:23 +02:00
Valerio Setti
726ffbf642 ssl-opt: don't assume TLS 1.3 usage for external tool that don't have support 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-08-03 09:15:34 +02:00
Gilles Peskine
b387fcf59b Adapt names (curves -> groups) in a separately added test case 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-07-11 09:19:13 +02:00
Dave Rodgman
e183ecef3d
Merge pull request #7136 from yanrayw/5692-record-compatsh-test-cases 
Record the outcome of each test case in compat.sh
 2023-07-10 12:08:32 +01:00
Manuel Pégourié-Gonnard
5c41ae867b
Merge pull request #7887 from ronald-cron-arm/fix-hrr-in-psk-kem 
tls13: server: Fix spurious HRR
 2023-07-10 09:58:13 +02:00
Ronald Cron
8a74f07c2a tls13: server: Fix spurious HRR 
If the server during a TLS 1.3 handshake selects
the PSK key exchange mode, it does not matter
if it did not find in the key share extension
a key share for a group it supports. Such a
key share is used and necessary only in the
case of the ephemeral or PSK ephemeral key
exchange mode. This is a possible scenario in
the case of a server that supports only the PSK
key exchange mode and a client that also
supports a key exchange mode with ephemeral keys.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-07-07 15:53:12 +02:00
Przemek Stekiel
45255e4c71 Adapt names (curves -> groups) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-07-05 09:26:26 +02:00
Przemek Stekiel
3484db4ce7 Change ffdh testing strategy 
- Full tests generated by script only for ffdhe2048 group
- Single G->m and m->G exchange test for each other group

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-28 13:31:38 +02:00
Przemek Stekiel
7dda271c1d Fix description of functions 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-28 09:16:08 +02:00
Przemek Stekiel
c31a798f45 Replace MBEDTLS_ECDH_C dependency in ssl-opt tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-27 10:58:50 +02:00
Przemek Stekiel
8bfe897ab0 Add ssl-opt functions to check openssl with ffdh support and openssl ephemeral key exchange 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-26 16:33:00 +02:00
Przemek Stekiel
1f5c2ba495 Add missing ECDH dependencies in ssl-opt tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-15 17:07:16 +02:00
Przemek Stekiel
a53dca125e Limit number ffdh test cases (ffdhe2048, ffdhe8192) 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-14 20:53:09 +02:00
Przemek Stekiel
422ab1f835 Add FFDH tests to ssl-opt 
Add FFDH support to the test case generator script: generate_tls13_compat_tests.py.
Add dependency for openssl as FFDH is supported from version 3.0.

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-14 11:04:28 +02:00
Przemek Stekiel
75a5a9c205 Code cleanup 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-13 09:57:23 +02:00
Przemek Stekiel
316c19ef93 Adapt guards, dependencies + optimizations 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:09 +02:00
Przemek Stekiel
5e2f816c39 Fix test configs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Przemek Stekiel
250b9fde75 ssl-opt.sh: Add FFDH tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2023-06-06 12:31:08 +02:00
Tom Cosgrove
ef468ea2ba
Merge pull request #6740 from xkqian/tls13_fix_unkown_pk_type 
Remove useless debug log of pk type from test cases
 2023-05-05 16:14:59 +01:00
Valerio Setti
a9aafd4807 test: revert undesired debug change in ssl-opt 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 12:30:45 +02:00
Valerio Setti
6c496a1553 solve disparities for ECP_LIGHT between ref/accel 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-04-11 11:33:50 +02:00
Ronald Cron
c564938180 Add downgrade protection mechanism 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:32:05 +02:00
Ronald Cron
1a353ea4b8 ssl-opt.sh: Improve description of server negotiation tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
d120bd646c ssl-opt.sh: Add version selection by the server tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
50ae84ed97 ssl-opt.sh: Remove some unnecessary forcing of TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
097ba146e7 tls: srv: Set hybrid TLS 1.2/1.3 as default configuration 
Set hybrid TLS 1.2/1.3 as default server
configuration if both TLS 1.2 and TLS 1.3
are enabled at build time.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:18 +02:00
Ronald Cron
f95d169d60 ssl-opt.sh: Force TLS 1.2 on TLS 1.2 specific tests 
Force TLS 1.2 on TLS 1.2 specific tests in
preparation of TLS 1.3 being the default
protocol version when both TLS 1.2 and
TLS 1.3 are enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron
fd4c6afcb4 ssl-opt.sh: Force TLS 1.2 version 
Force TLS 1.2 version on tests related to
MBEDTLS_SSL_ASYNC_PRIVATE, CA callback and
MBEDTLS_SSL_MAX_FRAGMENT_LENGTH. Those
SSL options are not supported in TLS 1.3
for the time being. Thus force TLS 1.2
version in preparation of TLS 1.3 being
the default protocol version when both
TLS 1.2 and TLS 1.3 are enabled.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron
92dca39196 ssl-opt.sh: Extend scope of some tests to TLS 1.3 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron
0aa1b8843f ssl-opt.sh: Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2 dep 
Remove unnecessary explicit MBEDTLS_SSL_PROTO_TLS1_2
dependency if TLS 1.2 version is forced or a TLS 1.2
cipher suite is forced (as TLS 1.2 cipher suites are
available if and only if TLS 1.2 is enabled and
cipher suite availability is check automatically).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron
65f9029741 ssl-opt.sh: Remove unnecessary TLS 1.3 forcing on client side 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Ronald Cron
c341ad717e ssl-opt.sh: Remove dummy TLS 1.3 kex modes tests 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2023-04-06 10:26:17 +02:00
Paul Elliott
d01a3bca05 Merge tag 'v3.4.0' into mbedtls-3.4.0_mergeback 
Mbed TLS 3.4.0
 2023-03-27 18:09:49 +01:00
Paul Elliott
f1eb5e2a04 Merge branch 'development-restricted' into mbedtls-3.4.0rc0-pr 
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
 2023-03-21 15:35:17 +00:00
Valerio Setti
2f8eb62946 ssl-opt: remove leftover debug commands and fix comment 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-20 14:02:07 +01:00
Valerio Setti
6ba247c236 ssl-opt: solve errors in ECDH reference tests 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-03-20 14:00:51 +01:00
Dave Rodgman
0e2b06a1ce
Merge pull request #7083 from KloolK/record-size-limit/parsing 
Add parsing for Record Size Limit extension in TLS 1.3
 2023-03-17 10:18:34 +00:00