Commit graph

2445 commits

Author SHA1 Message Date
Dave Rodgman
6dd757a8ba Fix use of sizeof without brackets
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 12:40:50 +00:00
Aditya Deshpande
644a5c0b2b Fix bugs in example programs: change argc == 0 to argc < 2
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 16:48:13 +00:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843
Improve X.509 cert writing serial number management
2023-01-30 13:08:57 +01:00
Valerio Setti
af4815c6a4 x509: replace/fix name of new function for setting serial
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-26 17:43:09 +01:00
Pengyu Lv
e2f1dbf5ae update docs of ssl_client2 and improve code format
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 12:38:12 +08:00
Pengyu Lv
302feb3955 add cases to test session resumption with different ticket_flags
This commit add test cases to test if the check of kex change mode
in SessionTicket works well.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:56 +08:00
Valerio Setti
48fdbb3940 programs: cert_write: fixed bug in parsing dec serial
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
791bbe629d programs: improved cert_write serial management
Now it can accept serial both as decimal and hex number (only one format
at a time, of course, not simultaneously).

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
acf12fb744 x509: fix endianness and input data format for x509write_crt_set_serial_new
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
5d164c4e23 fix: add missing deprecation guards
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
da0afcc2fb x509: remove direct dependency from BIGNUM_C
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Gilles Peskine
449bd8303e Switch to the new code style
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Jerry Yu
a15af37867 Change time resolution of reco_delay from second to millionseconds
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.

From test result of #6712, this can improve the fail rate from 4%
to 92%.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-07 13:01:42 +08:00
David Horstmann
e3d8f31ba1 Workaround Uncrustify parsing of "asm"
The following code:

 #ifndef asm
 #define asm __asm
 #endif

causes Uncrustify to stop correcting the rest of the file. This may be
due to parsing the "asm" keyword in the definition.

Work around this by wrapping the idiom in an *INDENT-OFF* comment
wherever it appears.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-03 11:07:09 +00:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
2023-01-03 09:36:58 +01:00
Valerio Setti
d10e0a6341 sha: fix minor issues/typos
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-22 14:25:26 +01:00
Dave Rodgman
2038da9266
Merge pull request #6826 from daverodgman/fix_gettimeofday
Fix gettimeofday overflow
2022-12-20 16:01:53 +00:00
Dave Rodgman
7796cc4f24 Fix overflow in mbedtls_timing_hardclock
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-20 13:12:23 +00:00
Valerio Setti
e7221a21ad test: adjust depends.py to new SHA224/SHA384 changes
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-16 14:43:48 +01:00
Gilles Peskine
6b21820bd3
Merge pull request #6687 from gilles-peskine-arm/fuzz-cflags
programs/fuzz: set sensible default CFLAGS
2022-12-15 19:47:22 +01:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
Valerio Setti
46e8fd8263 test: sha: test SHA224 and SHA256 separately
This is meant to adapt to the new library design in which
SHA224 and SHA256 can be built independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 10:58:02 +01:00
Valerio Setti
898e7a3afe test: sha: test SHA384 and SHA512 separately
This is meant to adapt to the new library design in which
SHA384 and SHA512 can be built independently from each other.

Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 10:50:54 +01:00
Manuel Pégourié-Gonnard
ebf322ddf6
Merge pull request #6629 from concatime/cmake-config-dir
Install CMake files in MbedTLS dir
2022-12-14 10:30:52 +01:00
Valerio Setti
d75c5c4405 test: pake: fail in case the opaque key is destroyed unexpectedly
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-13 11:51:32 +01:00
Valerio Setti
785116a5be test: pake: modify opaque key verification before destruction
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-12 11:59:25 +01:00
Manuel Pégourié-Gonnard
1a100b69a4
Merge pull request #6705 from davidhorstmann-arm/code-style-script-non-corrected
Add code style correction script
2022-12-09 09:41:14 +01:00
Valerio Setti
eb3f788b03 tls: pake: do not destroy password key in TLS
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-08 18:42:58 +01:00
Valerio Setti
d5fa0bfb85 test: pake: check psa key validity before destroying it
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 16:02:42 +01:00
Ronald Cron
fbba0e9d75
Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface
TLS 1.3: Refactor early data configuration interface.
2022-12-07 09:42:12 +01:00
Jerry Yu
d146a37d56 Change the definition of max_early_data_size argument.
`conf_max_early_data_size` does not reuse as en/disable. When
call it, we should call `conf_early_data()` also.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 14:56:54 +08:00
Jerry Yu
2c93fc1544 Revert "Add reco_debug_level to reduce debug output"
This reverts commit a6934776c9.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 11:05:54 +08:00
Jerry Yu
54dfcb7794 fix comments and debug info issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 15:43:09 +08:00
Tom Cosgrove
1797b05602 Fix typos prior to release
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Issam E. Maghni
760f3a0a48 Install CMake files in MbedTLS dir
Right now, CMake files are installed in <prefix>/cmake. That being said,
it gets easily bloated, and the standard is to use a directory with the
same name as the project.

I discovered this issue with this "bug":
https://github.com/termux/termux-packages/issues/12416
The issue's author claimed that MbedTLS's files were not installed in
the lib directory. But the patch applied by termux team broke CMake's
search of MbedTLS config files. So I wanted to upstream the real fix
here instead.

Here are some examples of projects using directories:
 - https://github.com/xiph/flac/blob/1.4.2/CMakeLists.txt#L239
 - https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.15.2/CMakeLists.txt#L675
 - https://github.com/catchorg/Catch2/blob/v3.2.0/CMakeLists.txt#L62
 - https://github.com/capnproto/capnproto/blob/v0.10.2/c++/CMakeLists.txt#L162

Signed-off-by: Issam E. Maghni <issam.e.maghni@mailbox.org>
2022-12-04 03:00:38 +00:00
Valerio Setti
d6feb20869 test: pake: allow opaque password only when USE_PSA is enabled
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 14:28:49 +01:00
Jerry Yu
7854a4e019 Add max_early_data_size option for ssl_sever2
- to set max_early_data_set

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Jerry Yu
a6934776c9 Add reco_debug_level to reduce debug output
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Valerio Setti
661b9bca75 test: psa_pake: add specific log message for the opaque password
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 17:28:17 +01:00
Valerio Setti
77e8315f5b fix formatting and typos
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 17:28:04 +01:00
Gilles Peskine
9ec14f6dcb programs/fuzz: set sensible default CFLAGS
Running make from programs/fuzz didn't set any optimization flags (running
make from programs or from the root inherited the parent's optimization
flags). Default to -O2.

There were no -W flags. Default to -Wall -Wextra, but not -Werror in line
with the other makefiles.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-29 17:23:19 +01:00
Valerio Setti
d572a82df9 tls: psa_pake: add test for opaque password
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 11:30:56 +01:00
Bence Szépkúti
a17d038ee1 Merge branch 'development' into pr3431 2022-11-22 15:54:52 +01:00
Ronald Cron
d12922a69a
Merge pull request #6486 from xkqian/tls13_add_early_data_indication
The merge job of the internal CI ran successfully. This is good to go.
2022-11-17 12:48:50 +01:00
Gilles Peskine
32605b24be
Merge pull request #6559 from ihsinme/patch-1
dh_genprime: Fix issue where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure
2022-11-15 12:38:41 +01:00
Xiaokang Qian
2cd5ce0c6b Fix various issues cause rebase to latest code
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 10:33:53 +00:00
Xiaokang Qian
9a0aafbe79 Enable/disable MBEDTLS_SSL_EARLY_DATA for cases in ssl-opt.sh
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 02:49:46 +00:00
David Horstmann
5b98d73864 Linewrap for the benefit of Uncrustify
The last line of programs/psa/key_ladder_demo.c is of the following
form:

 #endif /* Very long comment ... */

Uncrustify tries to reduce the length:

 #endif \
     /* Very long comment ... */

and causes a compiler error as there is a continuation line with no
actual code in it. Work around this by linewrapping the comment
in advance.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-11-14 12:10:37 +00:00
Xiaokang Qian
0e97d4d16d Add early data indication to client side
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:50 +00:00
Gilles Peskine
fd7aa13671
Merge pull request #6436 from yanrayw/ssl_client2-add-build-version
Add build version to the output of ssl_client2 and ssl_server2
2022-11-10 14:39:38 +01:00
ihsinme
d21ecd71c0 dh_genprime: Fix issue where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure
In 'dh_genprime.c', the following condition can be found inside an 'if' statement:

ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) != 0

As the '!=' operator binds closer than the assignment operator ('='), the value assigned to 'ret' will be the boolean result of the comparison (0 or 1) instead of the status code returned by 'mbedtls_mpi_write_file'. This means that the above statement is actually equivalent to:

ret = ( mbedtls_mpi_write_file( "P = ", &P, 16, fout ) != 0 )

What we want instead is for the the status code to be assigned to 'ret'. If the value assigned is non-zero, it will be 'truthy' and the 'if' branch will be taken.

( ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) )  != 0

This PR fixes the issue by explicitly specifying the precedence of operations with parentheses.

Signed-off-by: ihsinme <ihsinme@gmail.com>
2022-11-10 12:58:15 +03:00
Dave Rodgman
f58172fe43 Merge remote-tracking branch 'origin/development' into pr3431 2022-11-10 09:54:49 +00:00
Gilles Peskine
bf249accc7
Merge pull request #6498 from yuhaoth/pr/fix-session-resumption-fail-when-hostname-is-not-localhost
BUG: Fix session resumption fail when hostname is not localhost
2022-11-07 17:33:38 +01:00
Dave Rodgman
55fd0b9fc1
Merge pull request #6121 from daverodgman/pr277
cert_write - add a way to set extended key usages - rebase
2022-10-31 13:27:49 +00:00
Jerry Yu
2883219edb Improve output message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-30 13:53:31 +08:00
Jerry Yu
c3a7fa386e Update output message when certification verified fail
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-28 12:38:33 +08:00
Jerry Yu
ad9e99bd2e fix session resumption fail when hostname is not localhost
Change-Id: Icb2f625bb11debb5c7cae36e34d7270f7baae4d5
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-28 12:30:58 +08:00
Yanray Wang
eaf46d1291 Add output of build version in ssl_server2
Usage:
- By default, build version is printed out in the beginning of
ssl_server2 application.
- ./ssl_server2 build_version=1 only prints build verison and stop

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-28 10:53:50 +08:00
Yanray Wang
84645e92c6 Simplify code of adding output in ssl_client2
- print build version macro defined in build_info.h directly
- Remove all the MBEDTLS_VERSION_C guards as build version
  information is always available in build_info.h

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-28 10:53:22 +08:00
Dave Rodgman
66e05505b6 Support generating DER format certificates
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-27 17:41:40 +01:00
Gilles Peskine
744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0
Fix unusual macros
2022-10-25 19:55:29 +02:00
David Horstmann
3f44e5b11a Refactor macro-spanning if in ssl_server2.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-24 13:12:19 +01:00
David Horstmann
f160ef1dd1 Refactor macro-spanning if in ssl_client2.c
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-24 13:11:38 +01:00
Yanray Wang
7f9ddb584a
Merge branch 'Mbed-TLS:development' into ssl_client2-add-build-version 2022-10-24 12:19:39 +08:00
Ronald Cron
73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
81378b72e8 programs: ssl: Remove dependency on TLS 1.3 for "sig_algs" option
Signature algorithms can be specified through
the sig_algs option for TLS 1.2 as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:40:56 +02:00
Ronald Cron
20a8e63b23 programs: ssl: Fix some mbedtls_ssl_conf_sig_algs() guards
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:36:43 +02:00
Yanray Wang
076b2d062f Improve the method of printing string build version
Following changes are introduced with this commit:
- Call mbedtls_version_get_string before printing string
  build version instead of printing macro directly
- Output build version in the beginning of ssl_client2 program

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-21 11:22:44 +08:00
Andrzej Kurek
b50754ae86 Switch from x509_CRT_PARSE to KEY_EXCHANGE_WITH_CERT_ENABLED
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
d0786f5f26 Revert one of the changes to ssl_server2 dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
6ee1e20d7f Replace x509_CRT_PARSE_C with KEY_EXCHANGE_WITH_CERT_ENABLED
SSL programs use certificates in an exchange, so it's more natural
to have such dependency instead of just certificate parsing.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
eabeb30c65 Fix SHA512 vs SHA384 dependencies
When building SHA512 without SHA384,
there are some code paths that resulted
in unused variables or usage of undefined code.
This commit fixes that.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
e38b788b79 Add missing key exchange dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
68327748d3 Add missing dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Yanray Wang
ff4181e246 Fix build error in cmake while printing digital build version
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-18 18:20:40 +08:00
Yanray Wang
d976673dd6 Add build version to the output of ssl_client2
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-18 10:53:49 +08:00
Ronald Cron
49e4184812
Merge pull request #6299 from xkqian/tls13_add_servername_check
Add server name check when proposing pre-share key
2022-10-13 16:00:59 +02:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
Pol Henarejos
c9754c3ec1
Merge branch 'Mbed-TLS:development' into sha3 2022-10-13 08:28:13 +02:00
Xiaokang Qian
bc663a0461 Refine code based on commnets
Change code layout
Change hostname_len type to size_t
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:01 +00:00
Xiaokang Qian
adf84a4a8c Remove public api mbedtls_ssl_reset_hostname()
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:05:11 +00:00
Xiaokang Qian
fb8ac46add Change the name of servername when re-connect
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:44 +00:00
Xiaokang Qian
281fd1bdd8 Add server name check when proposeing pre-share key
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:41 +00:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types
Test TLS 1.2 builds with each encryption type
2022-10-12 12:45:50 +02:00
Jerry Yu
c79742303d Remove unnecessary empty line and fix format issue
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-11 21:22:33 +08:00
Przemek Stekiel
d61a4d3d1a Fix missing guard and double-space
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-11 09:40:40 +02:00
Jerry Yu
6916e70521 fix various issues
- adjust guards. Remove duplicate guards and adjust format.
- Return success at function end. Not `ret`
- change input len

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 21:33:51 +08:00
Przemek Stekiel
68a01a6720 Fix session tickets related build flags in fuzz_server and ssl_server2
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 13:30:43 +02:00
Jerry Yu
03b8f9d299 Adjust guards for dummy_tickets
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:56:38 +08:00
Jerry Yu
25ab654781 Add dummy ticket support
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
Paul Elliott
2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
2022-09-23 15:48:33 +01:00
Manuel Pégourié-Gonnard
d433cd7d07
Merge pull request #6283 from mpg/driver-only-hashes-wrap-up
Driver only hashes wrap-up
2022-09-21 08:29:46 +02:00
Ronald Cron
50969e3af5 ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 15:57:57 +02:00
Jerry Yu
7a51305478 Add multi-session tickets test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:26:07 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00
Manuel Pégourié-Gonnard
e896705c1a Take advantage of legacy_or_psa.h being public
Opportunities for using the macros were spotted using:

    git grep -E -n -A2 'MBEDTLS_(MD|SHA)[0-9]+_C' | egrep 'PSA_WANT_ALG_(MD|SHA)'

then manually filtering the results.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Gilles Peskine
e9b55929dc Remove useless platform macro redefinitions: automatic part
Some source files had code to set mbedtls_xxx aliases when
MBEDTLS_PLATFORM_C is not defined. These aliases are defined unconditionally
by mbedtls/platform.h, so these macro definitions were redundant. Remove
them.

This commit used the following code:
```
perl -i -0777 -pe 's~#if !defined\(MBEDTLS_PLATFORM_C\)\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*#endif.*\n~~mg' $(git grep -l -F '#if !defined(MBEDTLS_PLATFORM_C)')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:15 +02:00
Gilles Peskine
945b23c46f Include platform.h unconditionally: automatic part
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.

There should be no change in behavior since just including the header should
not change the behavior of a program.

This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:

```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:33:07 +02:00
Przemek Stekiel
632939df4b ssl_client2: print pk key name when provided using key_opaque_algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:16:11 +02:00
Jerry Yu
4746b10c2e fix various issues
- Format issues
- Possible memory leak
- Improve naming and comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 15:37:46 +08:00
Andrzej Kurek
0bc834b27f Enable signature algorithms in ssl programs with PSA based hashes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:37:46 -04:00
Dave Rodgman
1577c548d1 Use NULL instead of 0
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-09-09 10:22:15 +01:00
Nayna Jain
106a0afc5a pkcs7: provide fuzz harness
This allows for pkcs7 fuzz testing with OSS-Fuzz.

Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
2022-09-01 19:45:41 -05:00
Jerry Yu
0203534c64 Add session save after got new session ticket
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 23:24:25 +08:00
Ronald Cron
e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation
TLS 1.3: SRV: Finalize external PSK negotiation
2022-08-31 17:21:57 +02:00
Andrzej Kurek
dcce505a08 Add a missing guard in an example program
MD variable is not used in builds without MD.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-30 17:56:08 -04:00
Manuel Pégourié-Gonnard
bf22a2500b
Merge pull request #6208 from AndrzejKurek/tls-tests-no-md-structured
Remove the dependency on MD from TLS 1.2 tests
2022-08-30 12:34:37 +02:00
Manuel Pégourié-Gonnard
a84ce3fa81
Merge pull request #6111 from superna9999/6101-programs-dont-build-with-libtestdriver-and-use-psa
Programs don't build with libtestdriver and USE_PSA
2022-08-30 12:29:01 +02:00
Dave Rodgman
c5e0a8a890 Add missing error message
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:25:45 +01:00
Dave Rodgman
64937856e0 Correct order of extended key usage attributes
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:25:45 +01:00
Dave Rodgman
18b02d35d6 Remove redundant sig_alg argument
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:25:45 +01:00
Dave Rodgman
2ee7bbd10a Replace some constant values with sizeof
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:25:45 +01:00
Dave Rodgman
5f3f0d06e6 Address minor review comments
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:25:45 +01:00
Dave Rodgman
ec9f6b4de1 Fix minor compile errors
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:25:45 +01:00
Nicholas Wilson
99a96b1c22 Improve programs/cert_write with a way to set the signature digest
This is useful for generating SHA-1 and MD5 certificates for test
purposes.  I guess RSA-PSS could be added too, but I don't need that
now.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:08:43 +01:00
Nicholas Wilson
8e5bdfbbcf Improve programs/cert_write with a way to set extended key usages
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:08:43 +01:00
Jerry Yu
c5a23a0f12 fix various issues
- code style
- variable initialize
- update comments


Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-25 11:09:35 +08:00
Andrzej Kurek
cccb044804 Style & formatting fixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:26:02 -04:00
Andrzej Kurek
8c95ac4500 Add missing dependencies / alternatives
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate, 
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Jerry Yu
5d01c05d93 fix various issues
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:55:01 +08:00
Jerry Yu
2b7a51ba8f Add psk_or_ephemeral mode and tests
psk_or_ephemeral exists in theory. This change is for
improving test coverage.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:51:53 +08:00
Jerry Yu
62c8763de7 Improve macro expansion help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 10:18:36 +08:00
Jerry Yu
08dccc1f75 Improve help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-10 10:02:04 +08:00
Neil Armstrong
9bb8e0d3c5 Fix fuzz_privkey build without MBEDTLS_ENTROPY_C defined
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-08 13:56:13 +02:00
Jerry Yu
2fcb056ea9 Add requires_{any,all}_configs_enabled functions
- requires_any_configs_enabled
- requires_all_configs_enabled
- requires_any_configs_disabled
- requires_all_configs_disabled

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-31 12:23:39 +08:00
Jan Bruckner
25fdc2addb Fix minor typos
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2022-07-26 10:52:46 +02:00
Jerry Yu
2b4f02d7fb Add new_session_ticket err handler
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Paul Elliott
7adb8cbc0e Revert "Add generated files for 3.2.0 release"
This reverts commit cb21f2eab3.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 18:18:30 +01:00
Paul Elliott
cb21f2eab3 Add generated files for 3.2.0 release
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:56:01 +01:00
Ronald Cron
ce7d76e2ee Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr 2022-07-11 10:22:37 +02:00
Paul Elliott
41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf
Turn off stdio buffering with setbuf()
2022-07-04 10:12:22 +01:00
Ronald Cron
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk
Refactor signature algorithm chooser
2022-07-04 09:10:08 +02:00
Paul Elliott
bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints
Add accessors to config DN hints for cert request
2022-07-01 17:23:14 +01:00
Paul Elliott
ff15dbab4c Make definition order a bit neater
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-01 16:30:08 +01:00
Gilles Peskine
6d576c9646 Call setbuf when reading or writing files: programs
After opening a file containing sensitive data, call mbedtls_setbuf() to
disable buffering. This way, we don't expose sensitive data to a memory
disclosure vulnerability in a buffer outside our control.

This commit adds a call to mbedtls_setbuf() after each call to fopen(),
but only in sample programs that were calling mbedtls_platform_zeroize().
Don't bother protecting stdio buffers in programs where application buffers
weren't protected.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 17:06:11 +02:00
Jerry Yu
cc5391048e fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:18:30 +08:00
Jerry Yu
202919c23d refine supported sig alg print
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:18:29 +08:00
Jerry Yu
64f410c246 Add tls13 sig alg parameters
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:09 +08:00
Jerry Yu
a1255e6b8c fix various issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:09 +08:00
Jerry Yu
9bb3ee436b Revert rsa_pss_rsae_* support for tls12
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:08 +08:00
Jerry Yu
3896ac6e5b fix ordered sig algs fail for openssl
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:06 +08:00
Jerry Yu
9f4cc5ff65 Add pss_rsae sig algs into test conf
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:41 +08:00
Glenn Strauss
bd10c4e2af Test accessors to config DN hints for cert request
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-06-29 02:54:28 -04:00
Gilles Peskine
0ff241a1ea Remove largely useless bit of test log to silence GCC 12
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.

Fixes #5974.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-25 14:29:23 +02:00
Ronald Cron
ba65fbbe30 Fix comments
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-22 17:36:12 +02:00
Ronald Cron
903c979376 programs: ssl: Add one RSA PSS signature algorithm
Add one RSA PSS signature algorithm to the
test list of signature algorithms. This allows
certificate chains exposing an RSA key with
signatures using SHA-1 to be used in tests
where an TLS 1.3 handshake is performed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-17 08:45:30 +02:00
Ronald Cron
4ccd226cbf
Merge pull request #5864 from xkqian/tls13_add_comprehensive_cases
Tls13 add comprehensive cases
2022-06-15 09:18:11 +02:00
Gilles Peskine
f940693960
Merge pull request #5725 from tom-daubney-arm/x25519_program
Rewrite x25519 example program
2022-05-31 11:27:22 +02:00