mbedtls

Author	SHA1	Message	Date
Jerry Yu	64f410c246	Add tls13 sig alg parameters Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:09 +08:00
Jerry Yu	a1255e6b8c	fix various issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:09 +08:00
Jerry Yu	9bb3ee436b	Revert rsa_pss_rsae_* support for tls12 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:08 +08:00
Jerry Yu	3896ac6e5b	fix ordered sig algs fail for openssl Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:16:06 +08:00
Jerry Yu	9f4cc5ff65	Add pss_rsae sig algs into test conf Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-06-29 16:13:41 +08:00
Glenn Strauss	bd10c4e2af	Test accessors to config DN hints for cert request Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-06-29 02:54:28 -04:00
Ronald Cron	ba65fbbe30	Fix comments Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-22 17:36:12 +02:00
Ronald Cron	903c979376	programs: ssl: Add one RSA PSS signature algorithm Add one RSA PSS signature algorithm to the test list of signature algorithms. This allows certificate chains exposing an RSA key with signatures using SHA-1 to be used in tests where an TLS 1.3 handshake is performed. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-06-17 08:45:30 +02:00
XiaokangQian	d5d5b60c07	Add comprehensive test cases for TLS1.3 server side Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-05-31 02:51:26 +00:00
bootstrap-prime	6dbbf44d78	Fix typos in documentation and constants with typo finding tool Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>	2022-05-18 14:15:33 -04:00
Manuel Pégourié-Gonnard	9bc53a2e84	Merge pull request #5806 from josesimoes/fix-3031 Remove prompt to exit in all programs	2022-05-12 10:50:31 +02:00
Shaun Case	8b0ecbccf4	Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell. Signed-off-by: Shaun Case <warmsocks@gmail.com> Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-05-11 21:25:51 +01:00
josesimoes	23419560c9	Remove prompt to exit in all programs Signed-off-by: José Simões <jose.simoes@eclo.solutions>	2022-05-06 17:11:22 +01:00
Przemek Stekiel	cb20d202d2	Further code optimization - key_opaque_set_alg_usage(): set alg/usage in loop - key_opaque_set_alg_usage(): add key paramteter to set default alg/usage if it is not specified by command line parameters - unify default alg/usage for client and server - optimize opaque code on client and server side Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-06 09:34:30 +02:00
Przemek Stekiel	296bfba924	ssl_server2: add key_opaque_algs2 usage info Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 11:08:34 +02:00
Przemek Stekiel	1d25e076f3	ssl_client2: fix default key opaque algs Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 11:05:10 +02:00
Przemek Stekiel	488efa05b6	Fix compiler warnings: initialize local variables: psa_alg, psa_alg2, psa_usage Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 10:17:01 +02:00
Przemek Stekiel	134eb8b6e2	Fix style Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 10:17:01 +02:00
Przemek Stekiel	092128324f	ssl_client2/ss_server2: optimize code for opaque key Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 10:17:01 +02:00
Przemek Stekiel	76a41f5a52	ssl_test_lib: fix compilation flags for default config Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 10:17:01 +02:00
Przemek Stekiel	e5e9ba920f	ssl_server2: refactor opaque code Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 10:17:01 +02:00
Przemek Stekiel	89132a6ab0	Fix call to mbedtls_pk_wrap_as_opaque(): use usage variable instead PSA_KEY_USAGE_SIGN_HASH Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 10:17:01 +02:00
Przemek Stekiel	b58c47a666	ssl_server2: use key opaque algs given from command line Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 10:17:01 +02:00
Przemek Stekiel	344c561292	ssl_server2: Add support for key_opaque_algs2 command line paramtere Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 10:17:01 +02:00
Przemek Stekiel	a17b5c6ba2	ssl_client: use key opaque algs given from command line Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 10:17:01 +02:00
Przemek Stekiel	01396a16da	ssl_test_lib: add function translate given opaque algoritms to psa Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 10:17:01 +02:00
Przemek Stekiel	77fc9ab1ba	Fix typos and code style Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 10:17:01 +02:00
Przemek Stekiel	4ca0d72c3b	ssl server: add key_opaque_algs command line option Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 10:17:01 +02:00
Przemek Stekiel	f1822febc4	ssl client: add key_opaque_algs command line option Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 10:17:01 +02:00
Przemek Stekiel	85d692d1c4	ssl client/server: add parsing function for key_opaque_algs command line option Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-05-05 10:17:01 +02:00
Manuel Pégourié-Gonnard	068a13d909	Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`	2022-05-02 09:06:49 +02:00
Neil Armstrong	94e371af91	Update mbedtls_pk_wrap_as_opaque() usage in SSL client2 & server2 Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-28 13:27:59 +02:00
Przemek Stekiel	cb322eac6b	Enable support for psa opaque DHE-PSK key exchange on the server side Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:54:33 +02:00
Przemek Stekiel	b293aaa61b	Enable support for psa opaque DHE-PSK key exchange on the client side Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:54:33 +02:00
Przemek Stekiel	14d11b0877	Enable support for psa opaque ECDHE-PSK key exchange on the server side Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:53:55 +02:00
Przemek Stekiel	19b80f8151	Enable support for psa opaque ECDHE-PSK key exchange on the client side Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:28 +02:00
Przemek Stekiel	aeb710fec5	Enable support for psa opaque RSA-PSK key exchange on the server side Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:28 +02:00
Przemek Stekiel	fc72e428ed	ssl_client2: Enable support for TLS 1.2 RSA-PSK opaque ciphersuite Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-04-22 14:52:27 +02:00
Ronald Cron	38b8aa4f63	Merge pull request #5539 from xkqian/add_client_hello_to_server Add client hello into server side	2022-04-22 10:26:00 +02:00
Manuel Pégourié-Gonnard	21f82c7510	Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12 RSA sign 3b: TLS 1.2 integration testing	2022-04-22 10:05:43 +02:00
Gilles Peskine	afbfed9397	Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk Run ssl-opt.sh in more reduced configurations	2022-04-21 12:03:53 +02:00
XiaokangQian	318dc763a6	Fix test failure issue and update code styles Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109 Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2022-04-20 09:43:51 +00:00
Glenn Strauss	e3af4cb72a	mbedtls_ssl_(read\|write)_version using tls_version remove use of MBEDTLS_SSL_MINOR_VERSION_* remove use of MBEDTLS_SSL_MAJOR_VERSION_* (only remaining use is in tests/suites/test_suite_ssl.data) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:14 -04:00
Glenn Strauss	60bfe60d0f	mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version Store the TLS version in tls_version instead of major, minor version num Note: existing application use which accesses the struct member (using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller. Reduce size of mbedtls_ssl_ciphersuite_t members are defined using integral types instead of enums in order to pack structure and reduce memory usage by internal ciphersuite_definitions[] Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-04-14 15:40:12 -04:00
Neil Armstrong	f0b1271a42	Support RSA Opaque PK keys in ssl_server2 Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>	2022-04-13 10:49:25 +02:00
Gilles Peskine	99a732bf0c	Fix off-by-one in buffer_size usage The added null byte was accounted for twice, once by taking opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1 when filling the buffer. Make opt.buffer_size the size that is actually read, it's less confusing that way. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-06 23:34:36 +02:00
Gilles Peskine	8bb96d96cd	Fix buffer size calculation Make sure that buf always has enough room for what it will contain. Before, this was not the case if the buffer was smaller than the default response, leading to memory corruption in ssl_server2. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-04-06 23:31:05 +02:00
Jerry Yu	79c004148d	Add PSA && TLS1_3 check_config Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Jerry Yu	3a58b462b6	add pss_rsae_sha{384,512} Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-03-22 15:13:34 +08:00
Dave Rodgman	2cecd8aaad	Merge pull request #3624 from daxtens/timeless RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test	2022-03-15 16:43:19 +00:00
Manuel Pégourié-Gonnard	10e5cdbbbf	Merge pull request #5454 from gstrauss/cert_cb-user_data server certificate selection callback	2022-03-10 11:51:42 +01:00
Manuel Pégourié-Gonnard	d815114f93	Merge pull request #5524 from mprse/tls_ecdh_2c TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)	2022-03-08 11:43:45 +01:00
Andrzej Kurek	541318ad70	Refactor ssl_context_info time printing Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-03-04 05:07:45 -05:00
Andrzej Kurek	554b820747	Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-03-04 05:07:45 -05:00
Raoul Strackx	9ed9bc9377	programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com> [dja: add some more fixes, tweak title] Signed-off-by: Daniel Axtens <dja@axtens.net>	2022-03-04 05:07:45 -05:00
Przemek Stekiel	3f076dfb6d	Fix comments for conditional compilation Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-03-04 09:36:46 +01:00
Glenn Strauss	48a37f01b3	Add cert_cb use to programs/ssl/ssl_server2.c (for use by some tests/) Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-25 19:55:53 -05:00
Przemyslaw Stekiel	169f115bf0	ssl_client2: init psa crypto for TLS 1.3 build Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2022-02-14 17:15:04 +01:00
Glenn Strauss	a941b62985	Create public macros for ssl_ticket key,name sizes Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-09 15:28:28 -05:00
Glenn Strauss	e328245618	Add test case use of mbedtls_ssl_ticket_rotate Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-09 14:33:16 -05:00
Manuel Pégourié-Gonnard	6f20595b6e	Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity Clarify key types message from ssl_client2 and ssl_server2	2022-02-03 11:33:03 +01:00
Manuel Pégourié-Gonnard	1ab2d6966c	Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs Resolve problems with reduced configs using USE_PSA_CRYPTO	2022-02-02 10:20:26 +01:00
Gilles Peskine	cc50f1be43	Fix copypasta Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-31 22:53:30 +01:00
Gilles Peskine	05bf89da34	Clarify key types message from ssl_client2 and ssl_server2 If no key is loaded in a slot, say "none", not "invalid PK". When listing two key types, use punctuation that's visibly a sequence separator (","). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-25 17:50:25 +01:00
Jerry Yu	11f0a9c2c4	fix deprecated-declarations error replace sig_hashes with sig_alg Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Manuel Pégourié-Gonnard	fcca7cfa97	Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite Add accessors for ciphersuite info	2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard	ff743a7f38	Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets TLS Cipher 1a: extend testing of tickets	2022-01-24 10:25:29 +01:00
Glenn Strauss	6eef56392a	Add tests for accessors for ciphersuite info Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-01-23 08:37:02 -05:00
Andrzej Kurek	7a58d5283b	Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED Fix dependencies across test ssl programs. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-19 12:34:02 -05:00
Gabor Mezei	d4bea1efd5	Add ticket_aead option for ssl_server2 The ticket_aead option allows to specify the session ticket protection. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-01-12 16:21:15 +01:00
Andrzej Kurek	03e01461ad	Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO Fix library references, tests and programs. Testing is performed in the already present all.sh test. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-03 12:53:24 +01:00
Ronald Cron	6f135e1148	Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:47:55 +01:00
Paul Elliott	ef9cccaf3c	Fix printf format specifier Also mark function as printf variant so compiler will pickup any future issues. Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-09 17:25:04 +00:00
Paul Elliott	3820c150d1	Prevent resource leak If -f was used as an argument twice to the program, then it would leak the file resource, due to overwriting it on the second pass Signed-off-by: Paul Elliott <paul.elliott@arm.com>	2021-12-09 12:48:51 +00:00
Xiaofei Bai	d25fab6f79	Update based on comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-12-02 06:36:27 +00:00
Xiaofei Bai	6dc90da740	Rebased on `74217ee` and add fixes Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:12:43 +00:00
Xiaofei Bai	9539501120	Rebase and add fixes Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:09:26 +00:00
Xiaofei Bai	746f9481ea	Fix 1_3/13 usages in macros and function names Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00
XiaokangQian	4d2329fd8a	Change code based on reviews Remove support signature PKCS1 v1.5 in CertificateVerify. Remove useless server states in test script Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-25 02:21:16 +00:00
XiaokangQian	25476a48b9	Change code based on review Remove useless component in all.sh Remove use server logs in ssh-opt.sh Remove useless guards in ssl_client2.c Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-23 14:01:21 +00:00
XiaokangQian	ff5f6c8bb0	Refine test code and test scripts Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-23 08:49:51 +00:00
XiaokangQian	f977e9af6d	Add componet test and rsa signature options Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-23 07:19:23 +00:00
XiaokangQian	bdf26de384	Fix test failure and remove useless code Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 09:52:56 +00:00
XiaokangQian	4b82ca1b70	Refine test code and test scripts Change client test code to support rsa pss signatures Add test cases for rsa pss signature in ssl-opt.sh Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>	2021-11-22 05:50:12 +00:00
paul-elliott-arm	61f797adfd	Merge pull request #5111 from mprse/aps_mem_leak ssl_client2, ssl_server2: add check for psa memory leaks	2021-11-17 11:54:44 +00:00
Przemyslaw Stekiel	d6914e3196	ssl_client2/ssl_server2: Rework ordering of cleanup Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-11-10 10:46:11 +01:00
Przemyslaw Stekiel	505712338e	ssl_client2: move memory leak check before rng_free() Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-11-03 14:19:52 +01:00
Przemyslaw Stekiel	53de2622f3	Move psa_crypto_slot_management.h out from psa_crypto_helpers.h Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-11-03 09:35:35 +01:00
Przemyslaw Stekiel	bbb22bbd9e	ssl_client2/ssl_server2: Move is_psa_leaking() before mbedtls_psa_crypto_free() (and rng_free()) Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-11-03 09:06:09 +01:00
Manuel Pégourié-Gonnard	0dbe1dfa1c	Merge pull request #4859 from brett-warren-arm/supported_groups Add mbedtls_ssl_conf_groups to API	2021-11-02 10:49:09 +01:00
Brett Warren	25386b7652	Refactor ssl_{server2,client2} for NamedGroup IDs Signed-off-by: Brett Warren <brett.warren@arm.com>	2021-10-29 14:07:46 +01:00
Przemyslaw Stekiel	fed825a9aa	ssl_client2, ssl_server2: add check for psa memory leaks Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-29 12:32:26 +02:00
Manuel Pégourié-Gonnard	4c9313fcd9	Merge pull request #4514 from mpg/generated-files-cmake Generated files cmake	2021-10-28 09:23:41 +02:00
Manuel Pégourié-Gonnard	9317e09d15	Merge pull request #5007 from mprse/pk_opaque Add key_opaque option to ssl_server2.c + test	2021-10-27 10:52:13 +02:00
Przemyslaw Stekiel	c2d2f217fb	ssl_client2/ssl_server_2: use PSA_ALG_ANY_HASH as algorithm for opaque key Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-26 12:24:34 +02:00
David Horstmann	a8d1406107	Rename DEV_MODE to GEN_FILES GEN_FILES is a bit clearer as it describes what the setting does more precisely. Signed-off-by: David Horstmann <david.horstmann@arm.com>	2021-10-25 13:16:04 +01:00
David Horstmann	d64f4b249c	Fix assorted spelling and wording issues Signed-off-by: David Horstmann <david.horstmann@arm.com>	2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard	e90e405e15	Introduce "Dev mode" option When the option is On, CMake will have rules to generate the generated files using scripts etc. When the option is Off, CMake will assume the files are available from the source tree; in that mode, it won't require any extra tools (Perl for example) compared to when we committed the files to git. The intention is that users will never need to adjust this option: - in the development branch (and features branches etc.) the option is always On (development mode); - in released tarballs, which include the generated files, we'll switch the option to Off (release mode) in the same commit that re-adds the generated files. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard	86cfa6c27f	Allow CMake to generate query_config.c This one was trickier for two reasons: 1. It's used from another directory, see https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#how-can-i-add-a-dependency-to-a-source-file-which-is-generated-in-a-subdirectory 2. The C file being generated after CMake is run means CMake can't automatically scan for included headers and do its usual magic, so we need to declare the dependency and more importantly the include path. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-10-25 13:16:03 +01:00
Manuel Pégourié-Gonnard	aedca0c993	Simplify source declarations in ssl/CMakeLists.txt query_config was added twice, and while at it let's declare all the sources in one place Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-10-25 13:16:03 +01:00
Przemyslaw Stekiel	8132c2ff46	Address review comments Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-21 12:26:58 +02:00
Gilles Peskine	6210320215	Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on	2021-10-18 17:53:56 +02:00
Przemyslaw Stekiel	db0ed7c579	ssl_server2.c: fix build err (key_slot - unused variable) Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-07 15:11:43 +02:00
Przemyslaw Stekiel	0483e3d652	Add key_opaque option to ssl_server2.c + test Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-04 11:28:22 +02:00
Andrzej Kurek	5902cd64e2	Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on This option only gated an ability to set a callback, but was deemed unnecessary as it was yet another define to remember when writing tests, or test configurations. Fixes #4653. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2021-09-29 10:15:42 -04:00
Gilles Peskine	ca939959e4	Allow read-only access to lists of certificates, CRL, CRL entries Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-08-31 23:18:07 +02:00
Gilles Peskine	b11d61e095	mbedtls_net_context: make fd public on Unix/POSIX platforms On platforms with BSD-like sockets, it is useful for applications to have access to the underlying file descriptor so that they can use functions like select() and poll(). Do not promise that the field will exist on other platforms such as Windows (where the type and name of the field are technically wrong because Windows socket handles are actually not file descriptors). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-08-31 22:54:27 +02:00
Manuel Pégourié-Gonnard	e45ee40f7e	Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api Add TLS 1.3 ciphersuite and key exchange identifiers and API	2021-08-30 09:47:46 +02:00
Jerry Yu	31c01d303e	Rename available values for tls13_kex_modes Rename `psk_pure` to `psk` and `ephemeral_pure` to `ephemeral` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-25 18:13:53 +08:00
Jerry Yu	447a3bee17	fix wrong typo and format issues Change-Id: I99a4c7d28c26bfcc43bc8947485d1dfafb6974dc Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-18 09:55:36 +08:00
Jerry Yu	7276f13c93	fix comments for sig_algs parser Change-Id: I68bd691c4b67fb18ff9d55ead34f5517b1b981de Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-17 18:25:57 +08:00
Hanno Becker	a9e4e6fd6f	ssl_server2: Add usage string for TLS 1.3 key exchange modes Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-08-12 06:31:52 +01:00
Hanno Becker	cfa4d4b3f5	ssl_client2: Adjust usage string to recognized cmd line parameter Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-08-12 06:31:14 +01:00
Hanno Becker	2c0f697fbc	Support TLS 1.3 key exchange config in ssl_client2/ssl_server2 Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-08-12 06:31:14 +01:00
Hanno Becker	11ceadd382	Add cmdline param for TLS 1.3 sig alg config to ssl_{client,server}2 Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-08-10 13:55:46 +01:00
Jerry Yu	2a572cf376	Move socket setup behind ssl structure setup. If socket setup fail, ssl structure setup won't be called. And the order of them do not affect final result, but it will break ssl setup negative tests. Change the order can fix that. issue: #4844 Change-Id: I2488ed5f74773421eb1eac0cfd7f1ce4fbb0b32d Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-09 18:57:24 +08:00
Jerry Yu	b1dc59a125	Add tls1.3 parameters to ssl_{client,server2} To support tls1.3 relative tests, add `tls1_3` parameter for `{min,max}_version` and `force_version` issues: #4844 Change-Id: I1b22a076582374b8aabc733086562e9d03a94a2a Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-09 18:57:24 +08:00
Manuel Pégourié-Gonnard	e5306f6c1d	Use distinct variables for distinct purposes Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-07-07 10:48:26 +02:00
Manuel Pégourié-Gonnard	69c10a41c7	Fix memory leak on failure path in test code Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-07-06 12:05:23 +02:00
Ronald Cron	8682faeb09	Merge pull request #4694 from gilles-peskine-arm/out_size-3.0 Add output size parameter to signature functions	2021-06-29 09:43:17 +02:00
Bence Szépkúti	bb0cfeb2d4	Rename config.h to mbedtls_config.h This commit was generated using the following script: # ======================== #!/bin/sh git ls-files \| grep -v '^ChangeLog' \| xargs sed -b -E -i ' s/((check\|crypto\|full\|mbedtls\|query)_config)\.h/\1\nh/g s/config\.h/mbedtls_config.h/g y/\n/./ ' mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:28:33 +01:00
Bence Szépkúti	c662b36af2	Replace all inclusions of config.h Also remove preprocessor logic for MBEDTLS_CONFIG_FILE, since build_info.h alreadyy handles it. This commit was generated using the following script: # ======================== #!/bin/sh git ls-files \| grep -v '^include/mbedtls/build_info\.h$' \| xargs sed -b -E -i ' /^#if !?defined$MBEDTLS_CONFIG_FILE$/i#include "mbedtls/build_info.h" //,/^#endif/d ' # ======================== Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>	2021-06-28 09:24:07 +01:00
Gilles Peskine	f00f152444	Add output size parameter to signature functions The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(), mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable() now take an extra parameter indicating the size of the output buffer for the signature. No change to RSA because for RSA, the output size is trivial to calculate. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-25 00:46:22 +02:00
Gilles Peskine	e9bc857327	Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export Implement modified key export API for Mbed TLS 3.0	2021-06-22 18:52:37 +02:00
Manuel Pégourié-Gonnard	508d3a5824	Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext Remove truncated HMAC extension	2021-06-22 11:53:10 +02:00
Manuel Pégourié-Gonnard	a805d57261	Merge pull request #4588 from TRodziewicz/remove_MD2_MD4_RC4_Blowfish_and_XTEA Remove MD2, MD4, RC4, Blowfish and XTEA	2021-06-22 09:27:41 +02:00
Hanno Becker	296fefeb98	Fix return type of example key export callbacks Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-21 09:33:02 +01:00
Hanno Becker	7e6c178b6d	Make key export callback and context connection-specific Fixes #2188 Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Hanno Becker	c4c38caca5	Adjust example programs to new key export API Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Hanno Becker	2d6e6f8fec	Remove '_ext' suffix from SSL key exporter API Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard	9a32d45819	Merge pull request #4517 from hanno-arm/ticket_api_3_0 Implement 3.0-API for SSL session resumption	2021-06-18 18:34:45 +02:00
Manuel Pégourié-Gonnard	6f19ce317b	Fix async support in ssl_server2 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-17 09:41:00 +02:00
Manuel Pégourié-Gonnard	1503a9adab	Use a proper DRBG in programs Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-17 09:40:15 +02:00
Manuel Pégourié-Gonnard	84dea01f36	Add RNG params to private key parsing This is necessary for the case where the public part of an EC keypair needs to be computed from the private part - either because it was not included (it's an optional component) or because it was compressed (a format we can't parse). This changes the API of two public functions: mbedtls_pk_parse_key() and mbedtls_pk_parse_keyfile(). Tests and programs have been adapted. Some programs use a non-secure RNG (from the test library) just to get things to compile and run; in a future commit this should be improved in order to demonstrate best practice. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-17 09:38:38 +02:00
Thomas Daubney	40d49b1e54	Removes truncated HMAC code from ssl_context_info program Commit removes conditional compilation block which depends on MBEDTLS_SSL_TRUNCATED_HMAC config option. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-06-16 16:19:53 +01:00
Thomas Daubney	22989d027a	Removes MBEDTLS_SSL_TRUNCATED_HMAC code from ssl programs Commit removes code dependent on MBEDTLS_SSL_TRUNCATED_HMAC from SSL client and sever example programs. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-06-16 16:19:53 +01:00
TRodziewicz	10e8cf5fef	Remove MD2, MD4, RC4, Blowfish and XTEA Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-06-16 10:34:25 +02:00
Ronald Cron	c4c761e35e	Merge remote-tracking branch 'mbedtls/development' into mbedtls_private_with_python Conflicts: include/mbedtls/ssl.h include/psa/crypto_struct.h Conflicts fixed by using the code from development branch and manually re-applying the MBEDTLS_PRIVATE wrapping.	2021-06-14 16:17:32 +02:00
Manuel Pégourié-Gonnard	16fdab79a5	Merge pull request #4382 from hanno-arm/max_record_payload_api Remove MFL query API and add API for maximum plaintext size of incoming records	2021-06-08 11:07:27 +02:00
Hanno Becker	59d3670fa5	Fix ssl-opt.sh test cases grepping for MFL configuration output Use and grep for the new max in/out record payload length API instead. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-08 05:35:29 +01:00
Manuel Pégourié-Gonnard	cac90a15ed	Hide constants for TLS 1.0 and TLS 1.1 ssl_server2 had a check that we never try to use a minor version lower than 2 with DTLS, but that check is no longer needed, as there's no way that would happen now that MBEDTLS_SSL_MINOR_VERSION_1 is no longer public. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-04 12:29:33 +02:00
Hanno Becker	d60b6c62d5	Remove per-version ciphersuite configuration API This commit removes the API ``` mbedtls_ssl_conf_ciphersuites_for_version() ``` which allows to configure lists of acceptable ciphersuites for each supported version of SSL/TLS: SSL3, TLS 1.{0,1,2}. With Mbed TLS 3.0, support for SSL3, TLS 1.0 and TLS 1.1 is dropped. Moreover, upcoming TLS 1.3 support has a different notion of cipher suite and will require a different API. This means that it's only for TLS 1.2 that we require a ciphersuite configuration API, and ``` mbedtls_ssl_conf_ciphersuites() ``` can be used for that. The version-specific ciphersuite configuration API `mbedtls_ssl_conf_ciphersuites_for_version()`, in turn, is no longer needed. Signed-off-by: Hanno Becker <hanno.becker@arm.com> Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-04 12:20:10 +02:00
Mateusz Starzyk	e7dce558c9	Merge branch 'development' into mbedtls_private_with_python Conflicts: include/mbedtls/ssl.h Conflicts resolved by using code from development branch and manually re-applying MBEDTLS_PRIVATE wrapping.	2021-05-27 16:02:46 +02:00
Mateusz Starzyk	55768f26fc	Fix MBEDTLS_PRIVATE wrapping in tests and sample programs. Signed-off-by: Mateusz Starzyk <mateusz.starzyk@mobica.com>	2021-05-27 15:53:27 +02:00
TRodziewicz	46cccb8f39	_SSL_DTLS_BADMAC_LIMIT config.h option removed Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-26 13:36:21 +02:00
TRodziewicz	4ca18aae38	Corrections after the code review Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-24 13:38:00 +02:00
TRodziewicz	6370dbeb1d	Remove the _SSL_FALLBACK_ parts Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-24 12:49:59 +02:00
TRodziewicz	55bd84bebc	Correction to the ssl client/server usage comment. Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-24 12:48:40 +02:00
TRodziewicz	28126050f2	Removal of constants and functions and a new ChangeLog file Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-24 12:48:12 +02:00
TRodziewicz	0f82ec6740	Remove the TLS 1.0 and 1.1 support Signed-off-by: TRodziewicz <tomasz.rodziewicz@mobica.com>	2021-05-24 12:45:20 +02:00

1 2 3 4 5 ...

1107 commits