mbedtls

Author	SHA1	Message	Date
Valerio Setti	785116a5be	test: pake: modify opaque key verification before destruction Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-12 11:59:25 +01:00
Valerio Setti	eb3f788b03	tls: pake: do not destroy password key in TLS Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-08 18:42:58 +01:00
Valerio Setti	d5fa0bfb85	test: pake: check psa key validity before destroying it Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-07 16:02:42 +01:00
Valerio Setti	d6feb20869	test: pake: allow opaque password only when USE_PSA is enabled Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-02 14:28:49 +01:00
Valerio Setti	661b9bca75	test: psa_pake: add specific log message for the opaque password Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-29 17:28:17 +01:00
Valerio Setti	77e8315f5b	fix formatting and typos Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-29 17:28:04 +01:00
Valerio Setti	d572a82df9	tls: psa_pake: add test for opaque password Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-29 11:30:56 +01:00
Bence Szépkúti	a17d038ee1	Merge branch 'development' into pr3431	2022-11-22 15:54:52 +01:00
Ronald Cron	d12922a69a	Merge pull request #6486 from xkqian/tls13_add_early_data_indication The merge job of the internal CI ran successfully. This is good to go.	2022-11-17 12:48:50 +01:00
Gilles Peskine	32605b24be	Merge pull request #6559 from ihsinme/patch-1 dh_genprime: Fix issue where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure	2022-11-15 12:38:41 +01:00
Xiaokang Qian	2cd5ce0c6b	Fix various issues cause rebase to latest code Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-15 10:33:53 +00:00
Xiaokang Qian	9a0aafbe79	Enable/disable MBEDTLS_SSL_EARLY_DATA for cases in ssl-opt.sh Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-15 02:49:46 +00:00
Xiaokang Qian	0e97d4d16d	Add early data indication to client side Add fields to mbedtls_ssl_context Add write early data indication function Add check whether write early data indication Add early data option to ssl_client2 Add test cases for early data Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-11-14 03:13:50 +00:00
Gilles Peskine	fd7aa13671	Merge pull request #6436 from yanrayw/ssl_client2-add-build-version Add build version to the output of ssl_client2 and ssl_server2	2022-11-10 14:39:38 +01:00
ihsinme	d21ecd71c0	dh_genprime: Fix issue where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure In 'dh_genprime.c', the following condition can be found inside an 'if' statement: ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) != 0 As the '!=' operator binds closer than the assignment operator ('='), the value assigned to 'ret' will be the boolean result of the comparison (0 or 1) instead of the status code returned by 'mbedtls_mpi_write_file'. This means that the above statement is actually equivalent to: ret = ( mbedtls_mpi_write_file( "P = ", &P, 16, fout ) != 0 ) What we want instead is for the the status code to be assigned to 'ret'. If the value assigned is non-zero, it will be 'truthy' and the 'if' branch will be taken. ( ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) ) != 0 This PR fixes the issue by explicitly specifying the precedence of operations with parentheses. Signed-off-by: ihsinme <ihsinme@gmail.com>	2022-11-10 12:58:15 +03:00
Dave Rodgman	f58172fe43	Merge remote-tracking branch 'origin/development' into pr3431	2022-11-10 09:54:49 +00:00
Gilles Peskine	bf249accc7	Merge pull request #6498 from yuhaoth/pr/fix-session-resumption-fail-when-hostname-is-not-localhost BUG: Fix session resumption fail when hostname is not localhost	2022-11-07 17:33:38 +01:00
Dave Rodgman	55fd0b9fc1	Merge pull request #6121 from daverodgman/pr277 cert_write - add a way to set extended key usages - rebase	2022-10-31 13:27:49 +00:00
Jerry Yu	2883219edb	Improve output message Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-30 13:53:31 +08:00
Jerry Yu	c3a7fa386e	Update output message when certification verified fail Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-28 12:38:33 +08:00
Jerry Yu	ad9e99bd2e	fix session resumption fail when hostname is not localhost Change-Id: Icb2f625bb11debb5c7cae36e34d7270f7baae4d5 Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-28 12:30:58 +08:00
Yanray Wang	eaf46d1291	Add output of build version in ssl_server2 Usage: - By default, build version is printed out in the beginning of ssl_server2 application. - ./ssl_server2 build_version=1 only prints build verison and stop Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2022-10-28 10:53:50 +08:00
Yanray Wang	84645e92c6	Simplify code of adding output in ssl_client2 - print build version macro defined in build_info.h directly - Remove all the MBEDTLS_VERSION_C guards as build version information is always available in build_info.h Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2022-10-28 10:53:22 +08:00
Dave Rodgman	66e05505b6	Support generating DER format certificates Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>	2022-10-27 17:41:40 +01:00
Gilles Peskine	744fd37d23	Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0 Fix unusual macros	2022-10-25 19:55:29 +02:00
David Horstmann	3f44e5b11a	Refactor macro-spanning if in ssl_server2.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-24 13:12:19 +01:00
David Horstmann	f160ef1dd1	Refactor macro-spanning if in ssl_client2.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-24 13:11:38 +01:00
Yanray Wang	7f9ddb584a	Merge branch 'Mbed-TLS:development' into ssl_client2-add-build-version	2022-10-24 12:19:39 +08:00
Ronald Cron	73fe8df922	Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to guard TLS code (both 1.2 and 1.3) specific to handshakes involving PSKs. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	e68ab4f55e	Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to guard TLS code (both TLS 1.2 and 1.3) specific to handshakes involving certificates. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	81378b72e8	programs: ssl: Remove dependency on TLS 1.3 for "sig_algs" option Signature algorithms can be specified through the sig_algs option for TLS 1.2 as well. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:40:56 +02:00
Ronald Cron	20a8e63b23	programs: ssl: Fix some mbedtls_ssl_conf_sig_algs() guards Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:36:43 +02:00
Yanray Wang	076b2d062f	Improve the method of printing string build version Following changes are introduced with this commit: - Call mbedtls_version_get_string before printing string build version instead of printing macro directly - Output build version in the beginning of ssl_client2 program Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2022-10-21 11:22:44 +08:00
Andrzej Kurek	b50754ae86	Switch from x509_CRT_PARSE to KEY_EXCHANGE_WITH_CERT_ENABLED Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	d0786f5f26	Revert one of the changes to ssl_server2 dependencies Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	6ee1e20d7f	Replace x509_CRT_PARSE_C with KEY_EXCHANGE_WITH_CERT_ENABLED SSL programs use certificates in an exchange, so it's more natural to have such dependency instead of just certificate parsing. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	eabeb30c65	Fix SHA512 vs SHA384 dependencies When building SHA512 without SHA384, there are some code paths that resulted in unused variables or usage of undefined code. This commit fixes that. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	e38b788b79	Add missing key exchange dependencies Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	68327748d3	Add missing dependencies Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Yanray Wang	ff4181e246	Fix build error in cmake while printing digital build version Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2022-10-18 18:20:40 +08:00
Yanray Wang	d976673dd6	Add build version to the output of ssl_client2 Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2022-10-18 10:53:49 +08:00
Ronald Cron	49e4184812	Merge pull request #6299 from xkqian/tls13_add_servername_check Add server name check when proposing pre-share key	2022-10-13 16:00:59 +02:00
Gilles Peskine	0fe6631486	Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2 Include platform.h unconditionally	2022-10-13 10:19:22 +02:00
Xiaokang Qian	bc663a0461	Refine code based on commnets Change code layout Change hostname_len type to size_t Fix various issues Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:06:01 +00:00
Xiaokang Qian	adf84a4a8c	Remove public api mbedtls_ssl_reset_hostname() Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:05:11 +00:00
Xiaokang Qian	fb8ac46add	Change the name of servername when re-connect Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:03:44 +00:00
Xiaokang Qian	281fd1bdd8	Add server name check when proposeing pre-share key Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>	2022-10-12 11:03:41 +00:00
Gilles Peskine	8fd3254cfc	Merge pull request #6374 from mprse/enc_types Test TLS 1.2 builds with each encryption type	2022-10-12 12:45:50 +02:00
Jerry Yu	c79742303d	Remove unnecessary empty line and fix format issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-11 21:22:33 +08:00
Przemek Stekiel	d61a4d3d1a	Fix missing guard and double-space Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-11 09:40:40 +02:00

1 2 3 4 5 ...

2305 commits