Commit graph

2153 commits

Author SHA1 Message Date
Neil Armstrong
94e371af91 Update mbedtls_pk_wrap_as_opaque() usage in SSL client2 & server2
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-28 13:27:59 +02:00
Gilles Peskine
72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap
Improve benchmarking of ECC heap usage
2022-04-22 16:43:11 +02:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
Add client hello into server side
2022-04-22 10:26:00 +02:00
Manuel Pégourié-Gonnard
21f82c7510
Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12
RSA sign 3b: TLS 1.2 integration testing
2022-04-22 10:05:43 +02:00
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk
Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:53 +02:00
XiaokangQian
318dc763a6 Fix test failure issue and update code styles
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 09:43:51 +00:00
Paul Elliott
a2da9c7e45
Merge pull request #5631 from gstrauss/enum-tls-vers
Unify internal/external TLS protocol version enums
2022-04-19 17:05:26 +01:00
Glenn Strauss
e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Neil Armstrong
f0b1271a42 Support RSA Opaque PK keys in ssl_server2
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:49:25 +02:00
Dave Rodgman
ed35887fc8
Merge pull request #2104 from hanno-arm/iotssl-2071
Check that integer types don't use padding bits in selftest
2022-04-11 17:26:08 +01:00
Dave Rodgman
8f5a29ae40 Improve fix for printf specifier
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-11 12:59:45 +01:00
Dave Rodgman
eaba723139 Fix printf specifier
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-11 10:07:38 +01:00
Dave Rodgman
e2e7e9400b Fail for types not of size 2, 4 or 8
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:46:30 +01:00
Hanno Becker
baae59cd49 Improve documentation of absence-of-padding check
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:46:29 +01:00
Hanno Becker
0d7dd3cd43 Check that size_t and ptrdiff_t don't have padding
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:46:26 +01:00
Hanno Becker
4ab3850605 Check that integer types don't use padding bits in selftest
This commit modifies programs/test/selftest to include a check that
none of the standard integer types (unsigned) [short, int, long, long]
uses padding bits, which we currently don't support.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-04-08 12:45:05 +01:00
Gilles Peskine
e756f642cd Seed the PRNG even if time() isn't available
time() is only needed to seed the PRNG non-deterministically. If it isn't
available, do seed it, but pick a static seed.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-04-08 04:46:41 -04:00
Gilles Peskine
99a732bf0c Fix off-by-one in buffer_size usage
The added null byte was accounted for twice, once by taking
opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1
when filling the buffer. Make opt.buffer_size the size that is actually
read, it's less confusing that way.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 23:34:36 +02:00
Gilles Peskine
8bb96d96cd Fix buffer size calculation
Make sure that buf always has enough room for what it will contain. Before,
this was not the case if the buffer was smaller than the default response,
leading to memory corruption in ssl_server2.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 23:31:05 +02:00
Dave Rodgman
017a19997a Update references to old Github organisation
Replace references to ARMmbed organisation with the new
org, Mbed-TLS, following project migration.

Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-03-31 14:43:16 +01:00
Jerry Yu
79c004148d Add PSA && TLS1_3 check_config
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
3a58b462b6 add pss_rsae_sha{384,512}
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
server certificate selection callback
2022-03-10 11:51:42 +01:00
Manuel Pégourié-Gonnard
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
2022-03-08 11:43:45 +01:00
Andrzej Kurek
541318ad70 Refactor ssl_context_info time printing
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
554b820747 Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
6056e7af4f Fix benchmark and udp_proxy dependency on MBEDTLS_HAVE_TIME
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
06a00afeec Fix requirement mismatch in fuzz/common.c
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
ca53459bed programs/fuzz: Remove superfluous MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME_ALT implies MBEDTLS_HAVE_TIME, so an extra
check for MBEDTLS_HAVE_TIME is not needed.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
4e0cc40d0f programs/fuzz: Use build_info.h in common.h
Remove direct inclusion of mbedtls_config.h and replace with
build_info.h, as is the convention in Mbed TLS 3.0.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
David Horstmann
5b9cb9e8ca programs/test: fix build without MBEDTLS_HAVE_TIME
Allow programs/test/udp_proxy.c to build when MBEDTLS_HAVE_TIME is
not defined. In this case, do not attempt to seed the pseudo-random
number generator used to sometimes produce corrupt packets and other
erroneous data.

Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-03-04 05:07:45 -05:00
Raoul Strackx
9ed9bc9377 programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Daniel Axtens
f071024bf8 Do not include time.h without MBEDTLS_HAVE_TIME
MBEDTLS_HAVE_TIME is documented as: "System has time.h and time()."

If that is not defined, do not attempt to include time.h.

A particular problem is platform-time.h, which should only be included if
MBEDTLS_HAVE_TIME is defined, which makes everything messier. Maybe it
should be refactored to have the check inside the header.

Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Przemek Stekiel
3f076dfb6d Fix comments for conditional compilation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-04 09:36:46 +01:00
Glenn Strauss
48a37f01b3 Add cert_cb use to programs/ssl/ssl_server2.c
(for use by some tests/)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Gilles Peskine
fd222da2e9 Fix the build when MBEDTLS_PLATFORM_C is unset
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-02-25 15:26:40 +01:00
Manuel Pégourié-Gonnard
6d2479516c
Merge pull request #5533 from paul-elliott-arm/fix_fuzz_privkey_null_ctx
Fix null context when using dummy_rand with mbedtls_pk_parse_key()
2022-02-16 09:55:01 +01:00
Paul Elliott
5d7e61fb61 Fix uninitialised return value.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-15 16:05:17 +00:00
Manuel Pégourié-Gonnard
a1b506996d
Merge pull request #5526 from paul-elliott-arm/fix_fuzzer_null_ref
Ensure ctr_drbg is initialised every time in fuzz_server
2022-02-15 10:31:03 +01:00
Paul Elliott
a1dc3e5a60 Add safety to dummy_random in case of NULL context
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-14 18:26:21 +00:00
Przemyslaw Stekiel
169f115bf0 ssl_client2: init psa crypto for TLS 1.3 build
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 17:15:04 +01:00
Paul Elliott
bb0168144e Ensure valid context is used in fuzz_dtlsserver
A valid ctr_drbg context is now a prerequisite for using dummy_random()

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-14 15:57:11 +00:00
Paul Elliott
51a7679a8e Ensure context is passed in to dummy_rand
In fuzz_privkey, we switched over to using dummy_rand(), which uses
ctr_drbg internally, and thus requires an initialised ctr_drbg_context
to be passed in via p_rng when calling mbedtls_pk_parse_key().

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-11 19:10:14 +00:00
Paul Elliott
00738bf65e Ensure ctr_drbg is initialised every time
ctr_drbg is a local variable and thus needs initialisation every time
LLVMFuzzerTestOneInput() is called, the rest of the variables inside the
if(initialised) block are all static.

Add extra validation to attempt to catch this issue in future.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-02-10 18:38:53 +00:00
Glenn Strauss
a941b62985 Create public macros for ssl_ticket key,name sizes
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 15:28:28 -05:00
Glenn Strauss
e328245618 Add test case use of mbedtls_ssl_ticket_rotate
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 14:33:16 -05:00
Manuel Pégourié-Gonnard
9193f7d836
Merge pull request #5436 from mpg/prog-hmac-cipher-psa
PSA: example programs for HMAC and AEAD vs legacy
2022-02-09 10:53:49 +01:00
Manuel Pégourié-Gonnard
ae1bae8412 Give a magic constant a name
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-02-08 11:36:28 +01:00