As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
Remove useless component in all.sh
Remove use server logs in ssh-opt.sh
Remove useless guards in ssl_client2.c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
This option only gated an ability to set a callback,
but was deemed unnecessary as it was yet another define to
remember when writing tests, or test configurations. Fixes#4653.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
If socket setup fail, ssl structure setup won't be called.
And the order of them do not affect final result, but it
will break ssl setup negative tests.
Change the order can fix that.
issue: #4844
Change-Id: I2488ed5f74773421eb1eac0cfd7f1ce4fbb0b32d
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
To support tls1.3 relative tests, add `tls1_3`
parameter for `{min,max}_version` and `force_version`
issues: #4844
Change-Id: I1b22a076582374b8aabc733086562e9d03a94a2a
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
This is necessary for the case where the public part of an EC keypair
needs to be computed from the private part - either because it was not
included (it's an optional component) or because it was compressed (a
format we can't parse).
This changes the API of two public functions: mbedtls_pk_parse_key() and
mbedtls_pk_parse_keyfile().
Tests and programs have been adapted. Some programs use a non-secure RNG
(from the test library) just to get things to compile and run; in a
future commit this should be improved in order to demonstrate best
practice.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
Commit removes code dependent on
MBEDTLS_SSL_TRUNCATED_HMAC from SSL
client and sever example programs.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
Conflicts:
include/mbedtls/ssl.h
include/psa/crypto_struct.h
Conflicts fixed by using the code from development branch
and manually re-applying the MBEDTLS_PRIVATE wrapping.
This commit makes the API
- mbedtls_ssl_get_output_max_frag_len()
- mbedtls_ssl_get_input_max_frag_len()
- mbedtls_ssl_get__max_frag_len()
for querying the state of the Maximum Fragment Length
extension internal.
Rationale: The value those APIs provide to the user is in
upper bounds for the size of incoming and outgoing records,
which can be used to size application data buffers apporpriately
before passing them to mbedtls_ssl_{read,write}(). However,
there are other factors which influence such upper bounds,
such as the MTU or other extensions (specifically, the
record_size_limit extension which is still to be implemented)
which should be taken into account.
There should be more general APIs for querying the maximum
size of incoming and outgoing records.
For the maximum size of outgoing records, we already have such,
namely mbedtls_ssl_get_max_out_record_payload().
For the maximum size of incoming records, a new API will be
added in a subsequent commit.
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
