Paul Elliott
2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets
...
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
2022-09-23 15:48:33 +01:00
Manuel Pégourié-Gonnard
d433cd7d07
Merge pull request #6283 from mpg/driver-only-hashes-wrap-up
...
Driver only hashes wrap-up
2022-09-21 08:29:46 +02:00
Ronald Cron
50969e3af5
ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 15:57:57 +02:00
Jerry Yu
7a51305478
Add multi-session tickets test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:26:07 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets
2022-09-18 21:18:13 +02:00
Manuel Pégourié-Gonnard
e896705c1a
Take advantage of legacy_or_psa.h being public
...
Opportunities for using the macros were spotted using:
git grep -E -n -A2 'MBEDTLS_(MD|SHA)[0-9]+_C' | egrep 'PSA_WANT_ALG_(MD|SHA)'
then manually filtering the results.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Gilles Peskine
945b23c46f
Include platform.h unconditionally: automatic part
...
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.
There should be no change in behavior since just including the header should
not change the behavior of a program.
This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:
```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:33:07 +02:00
Przemek Stekiel
632939df4b
ssl_client2: print pk key name when provided using key_opaque_algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:16:11 +02:00
Jerry Yu
4746b10c2e
fix various issues
...
- Format issues
- Possible memory leak
- Improve naming and comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 15:37:46 +08:00
Andrzej Kurek
0bc834b27f
Enable signature algorithms in ssl programs with PSA based hashes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:37:46 -04:00
Jerry Yu
0203534c64
Add session save after got new session ticket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 23:24:25 +08:00
Ronald Cron
e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation
...
TLS 1.3: SRV: Finalize external PSK negotiation
2022-08-31 17:21:57 +02:00
Andrzej Kurek
dcce505a08
Add a missing guard in an example program
...
MD variable is not used in builds without MD.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-30 17:56:08 -04:00
Jerry Yu
c5a23a0f12
fix various issues
...
- code style
- variable initialize
- update comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-25 11:09:35 +08:00
Andrzej Kurek
cccb044804
Style & formatting fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:26:02 -04:00
Andrzej Kurek
8c95ac4500
Add missing dependencies / alternatives
...
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate,
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Jerry Yu
5d01c05d93
fix various issues
...
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:55:01 +08:00
Jerry Yu
2b7a51ba8f
Add psk_or_ephemeral mode and tests
...
psk_or_ephemeral exists in theory. This change is for
improving test coverage.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:51:53 +08:00
Jan Bruckner
25fdc2addb
Fix minor typos
...
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2022-07-26 10:52:46 +02:00
Jerry Yu
2b4f02d7fb
Add new_session_ticket err handler
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Ronald Cron
ce7d76e2ee
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
Paul Elliott
41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf
...
Turn off stdio buffering with setbuf()
2022-07-04 10:12:22 +01:00
Ronald Cron
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk
...
Refactor signature algorithm chooser
2022-07-04 09:10:08 +02:00
Paul Elliott
ff15dbab4c
Make definition order a bit neater
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-01 16:30:08 +01:00
Gilles Peskine
6d576c9646
Call setbuf when reading or writing files: programs
...
After opening a file containing sensitive data, call mbedtls_setbuf() to
disable buffering. This way, we don't expose sensitive data to a memory
disclosure vulnerability in a buffer outside our control.
This commit adds a call to mbedtls_setbuf() after each call to fopen(),
but only in sample programs that were calling mbedtls_platform_zeroize().
Don't bother protecting stdio buffers in programs where application buffers
weren't protected.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 17:06:11 +02:00
Jerry Yu
cc5391048e
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:18:30 +08:00
Jerry Yu
202919c23d
refine supported sig alg print
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:18:29 +08:00
Jerry Yu
64f410c246
Add tls13 sig alg parameters
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:09 +08:00
Jerry Yu
a1255e6b8c
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:09 +08:00
Jerry Yu
9bb3ee436b
Revert rsa_pss_rsae_* support for tls12
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:08 +08:00
Jerry Yu
3896ac6e5b
fix ordered sig algs fail for openssl
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:06 +08:00
Jerry Yu
9f4cc5ff65
Add pss_rsae sig algs into test conf
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:41 +08:00
Glenn Strauss
bd10c4e2af
Test accessors to config DN hints for cert request
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-06-29 02:54:28 -04:00
Ronald Cron
ba65fbbe30
Fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-22 17:36:12 +02:00
Ronald Cron
903c979376
programs: ssl: Add one RSA PSS signature algorithm
...
Add one RSA PSS signature algorithm to the
test list of signature algorithms. This allows
certificate chains exposing an RSA key with
signatures using SHA-1 to be used in tests
where an TLS 1.3 handshake is performed.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-17 08:45:30 +02:00
XiaokangQian
d5d5b60c07
Add comprehensive test cases for TLS1.3 server side
...
Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-31 02:51:26 +00:00
bootstrap-prime
6dbbf44d78
Fix typos in documentation and constants with typo finding tool
...
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>
2022-05-18 14:15:33 -04:00
Manuel Pégourié-Gonnard
9bc53a2e84
Merge pull request #5806 from josesimoes/fix-3031
...
Remove prompt to exit in all programs
2022-05-12 10:50:31 +02:00
Shaun Case
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
josesimoes
23419560c9
Remove prompt to exit in all programs
...
Signed-off-by: José Simões <jose.simoes@eclo.solutions>
2022-05-06 17:11:22 +01:00
Przemek Stekiel
cb20d202d2
Further code optimization
...
- key_opaque_set_alg_usage(): set alg/usage in loop
- key_opaque_set_alg_usage(): add key paramteter to set default alg/usage if it is not specified by command line parameters
- unify default alg/usage for client and server
- optimize opaque code on client and server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 09:34:30 +02:00
Przemek Stekiel
296bfba924
ssl_server2: add key_opaque_algs2 usage info
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 11:08:34 +02:00
Przemek Stekiel
1d25e076f3
ssl_client2: fix default key opaque algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 11:05:10 +02:00
Przemek Stekiel
488efa05b6
Fix compiler warnings: initialize local variables: psa_alg, psa_alg2, psa_usage
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
134eb8b6e2
Fix style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
092128324f
ssl_client2/ss_server2: optimize code for opaque key
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
76a41f5a52
ssl_test_lib: fix compilation flags for default config
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
e5e9ba920f
ssl_server2: refactor opaque code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
89132a6ab0
Fix call to mbedtls_pk_wrap_as_opaque(): use usage variable instead PSA_KEY_USAGE_SIGN_HASH
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
b58c47a666
ssl_server2: use key opaque algs given from command line
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
344c561292
ssl_server2: Add support for key_opaque_algs2 command line paramtere
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
a17b5c6ba2
ssl_client: use key opaque algs given from command line
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
01396a16da
ssl_test_lib: add function translate given opaque algoritms to psa
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
77fc9ab1ba
Fix typos and code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
4ca0d72c3b
ssl server: add key_opaque_algs command line option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
f1822febc4
ssl client: add key_opaque_algs command line option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
85d692d1c4
ssl client/server: add parsing function for key_opaque_algs command line option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque
...
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
2022-05-02 09:06:49 +02:00
Neil Armstrong
94e371af91
Update mbedtls_pk_wrap_as_opaque() usage in SSL client2 & server2
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-28 13:27:59 +02:00
Przemek Stekiel
cb322eac6b
Enable support for psa opaque DHE-PSK key exchange on the server side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
b293aaa61b
Enable support for psa opaque DHE-PSK key exchange on the client side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
14d11b0877
Enable support for psa opaque ECDHE-PSK key exchange on the server side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:53:55 +02:00
Przemek Stekiel
19b80f8151
Enable support for psa opaque ECDHE-PSK key exchange on the client side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
aeb710fec5
Enable support for psa opaque RSA-PSK key exchange on the server side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
fc72e428ed
ssl_client2: Enable support for TLS 1.2 RSA-PSK opaque ciphersuite
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:27 +02:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
...
Add client hello into server side
2022-04-22 10:26:00 +02:00
Manuel Pégourié-Gonnard
21f82c7510
Merge pull request #5709 from superna9999/5625-pk-opaque-rsa-tls12
...
RSA sign 3b: TLS 1.2 integration testing
2022-04-22 10:05:43 +02:00
Gilles Peskine
afbfed9397
Merge pull request #5582 from gilles-peskine-arm/ssl-opt-auto-psk
...
Run ssl-opt.sh in more reduced configurations
2022-04-21 12:03:53 +02:00
XiaokangQian
318dc763a6
Fix test failure issue and update code styles
...
Change-Id: I0b08da1b083abdb19dc383e6f4b210f66659c109
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-04-20 09:43:51 +00:00
Glenn Strauss
e3af4cb72a
mbedtls_ssl_(read|write)_version using tls_version
...
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f
mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
...
Store the TLS version in tls_version instead of major, minor version num
Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.
Reduce size of mbedtls_ssl_ciphersuite_t
members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Neil Armstrong
f0b1271a42
Support RSA Opaque PK keys in ssl_server2
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-13 10:49:25 +02:00
Gilles Peskine
99a732bf0c
Fix off-by-one in buffer_size usage
...
The added null byte was accounted for twice, once by taking
opt.buffer_size+1 when allocating the buffer and once by taking opt.buffer-1
when filling the buffer. Make opt.buffer_size the size that is actually
read, it's less confusing that way.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 23:34:36 +02:00
Gilles Peskine
8bb96d96cd
Fix buffer size calculation
...
Make sure that buf always has enough room for what it will contain. Before,
this was not the case if the buffer was smaller than the default response,
leading to memory corruption in ssl_server2.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-04-06 23:31:05 +02:00
Jerry Yu
79c004148d
Add PSA && TLS1_3 check_config
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Jerry Yu
3a58b462b6
add pss_rsae_sha{384,512}
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Dave Rodgman
2cecd8aaad
Merge pull request #3624 from daxtens/timeless
...
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
Manuel Pégourié-Gonnard
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
...
server certificate selection callback
2022-03-10 11:51:42 +01:00
Manuel Pégourié-Gonnard
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c
...
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
2022-03-08 11:43:45 +01:00
Andrzej Kurek
541318ad70
Refactor ssl_context_info time printing
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Andrzej Kurek
554b820747
Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-03-04 05:07:45 -05:00
Raoul Strackx
9ed9bc9377
programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined
...
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com>
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-03-04 05:07:45 -05:00
Przemek Stekiel
3f076dfb6d
Fix comments for conditional compilation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-04 09:36:46 +01:00
Glenn Strauss
48a37f01b3
Add cert_cb use to programs/ssl/ssl_server2.c
...
(for use by some tests/)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-25 19:55:53 -05:00
Przemyslaw Stekiel
169f115bf0
ssl_client2: init psa crypto for TLS 1.3 build
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 17:15:04 +01:00
Glenn Strauss
a941b62985
Create public macros for ssl_ticket key,name sizes
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 15:28:28 -05:00
Glenn Strauss
e328245618
Add test case use of mbedtls_ssl_ticket_rotate
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-02-09 14:33:16 -05:00
Manuel Pégourié-Gonnard
6f20595b6e
Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity
...
Clarify key types message from ssl_client2 and ssl_server2
2022-02-03 11:33:03 +01:00
Manuel Pégourié-Gonnard
1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs
...
Resolve problems with reduced configs using USE_PSA_CRYPTO
2022-02-02 10:20:26 +01:00
Gilles Peskine
cc50f1be43
Fix copypasta
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-31 22:53:30 +01:00
Gilles Peskine
05bf89da34
Clarify key types message from ssl_client2 and ssl_server2
...
If no key is loaded in a slot, say "none", not "invalid PK".
When listing two key types, use punctuation that's visibly a sequence
separator (",").
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-01-25 17:50:25 +01:00
Jerry Yu
11f0a9c2c4
fix deprecated-declarations error
...
replace sig_hashes with sig_alg
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-01-25 12:46:17 +08:00
Manuel Pégourié-Gonnard
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite
...
Add accessors for ciphersuite info
2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard
ff743a7f38
Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets
...
TLS Cipher 1a: extend testing of tickets
2022-01-24 10:25:29 +01:00
Glenn Strauss
6eef56392a
Add tests for accessors for ciphersuite info
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-01-23 08:37:02 -05:00
Andrzej Kurek
7a58d5283b
Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
...
Fix dependencies across test ssl programs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-19 12:34:02 -05:00
Gabor Mezei
d4bea1efd5
Add ticket_aead option for ssl_server2
...
The ticket_aead option allows to specify the session ticket protection.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>
2022-01-12 16:21:15 +01:00
Andrzej Kurek
03e01461ad
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
...
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-01-03 12:53:24 +01:00
Ronald Cron
6f135e1148
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
...
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2021-12-10 13:47:55 +01:00
Paul Elliott
ef9cccaf3c
Fix printf format specifier
...
Also mark function as printf variant so compiler will pickup any future
issues.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 17:25:04 +00:00
Paul Elliott
3820c150d1
Prevent resource leak
...
If -f was used as an argument twice to the program, then it would leak
the file resource, due to overwriting it on the second pass
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2021-12-09 12:48:51 +00:00
Xiaofei Bai
d25fab6f79
Update based on comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-12-02 06:36:27 +00:00
Xiaofei Bai
6dc90da740
Rebased on 74217ee
and add fixes
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:12:43 +00:00
Xiaofei Bai
9539501120
Rebase and add fixes
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:09:26 +00:00
Xiaofei Bai
746f9481ea
Fix 1_3/13 usages in macros and function names
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>
2021-11-26 08:08:36 +00:00
XiaokangQian
4d2329fd8a
Change code based on reviews
...
Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-25 02:21:16 +00:00
XiaokangQian
25476a48b9
Change code based on review
...
Remove useless component in all.sh
Remove use server logs in ssh-opt.sh
Remove useless guards in ssl_client2.c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 14:01:21 +00:00
XiaokangQian
ff5f6c8bb0
Refine test code and test scripts
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 08:49:51 +00:00
XiaokangQian
f977e9af6d
Add componet test and rsa signature options
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-23 07:19:23 +00:00
XiaokangQian
bdf26de384
Fix test failure and remove useless code
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 09:52:56 +00:00
XiaokangQian
4b82ca1b70
Refine test code and test scripts
...
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2021-11-22 05:50:12 +00:00
paul-elliott-arm
61f797adfd
Merge pull request #5111 from mprse/aps_mem_leak
...
ssl_client2, ssl_server2: add check for psa memory leaks
2021-11-17 11:54:44 +00:00
Przemyslaw Stekiel
d6914e3196
ssl_client2/ssl_server2: Rework ordering of cleanup
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-10 10:46:11 +01:00
Przemyslaw Stekiel
505712338e
ssl_client2: move memory leak check before rng_free()
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-03 14:19:52 +01:00
Przemyslaw Stekiel
53de2622f3
Move psa_crypto_slot_management.h out from psa_crypto_helpers.h
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-03 09:35:35 +01:00
Przemyslaw Stekiel
bbb22bbd9e
ssl_client2/ssl_server2: Move is_psa_leaking() before mbedtls_psa_crypto_free() (and rng_free())
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-11-03 09:06:09 +01:00
Manuel Pégourié-Gonnard
0dbe1dfa1c
Merge pull request #4859 from brett-warren-arm/supported_groups
...
Add mbedtls_ssl_conf_groups to API
2021-11-02 10:49:09 +01:00
Brett Warren
25386b7652
Refactor ssl_{server2,client2} for NamedGroup IDs
...
Signed-off-by: Brett Warren <brett.warren@arm.com>
2021-10-29 14:07:46 +01:00
Przemyslaw Stekiel
fed825a9aa
ssl_client2, ssl_server2: add check for psa memory leaks
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-29 12:32:26 +02:00
Manuel Pégourié-Gonnard
4c9313fcd9
Merge pull request #4514 from mpg/generated-files-cmake
...
Generated files cmake
2021-10-28 09:23:41 +02:00
Manuel Pégourié-Gonnard
9317e09d15
Merge pull request #5007 from mprse/pk_opaque
...
Add key_opaque option to ssl_server2.c + test
2021-10-27 10:52:13 +02:00
Przemyslaw Stekiel
c2d2f217fb
ssl_client2/ssl_server_2: use PSA_ALG_ANY_HASH as algorithm for opaque key
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-26 12:24:34 +02:00
David Horstmann
a8d1406107
Rename DEV_MODE to GEN_FILES
...
GEN_FILES is a bit clearer as it describes what the setting
does more precisely.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
David Horstmann
d64f4b249c
Fix assorted spelling and wording issues
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
e90e405e15
Introduce "Dev mode" option
...
When the option is On, CMake will have rules to generate the generated
files using scripts etc. When the option is Off, CMake will assume the
files are available from the source tree; in that mode, it won't require
any extra tools (Perl for example) compared to when we committed the
files to git.
The intention is that users will never need to adjust this option:
- in the development branch (and features branches etc.) the option is
always On (development mode);
- in released tarballs, which include the generated files, we'll switch
the option to Off (release mode) in the same commit that re-adds the
generated files.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:04 +01:00
Manuel Pégourié-Gonnard
86cfa6c27f
Allow CMake to generate query_config.c
...
This one was trickier for two reasons:
1. It's used from another directory, see
https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#how-can-i-add-a-dependency-to-a-source-file-which-is-generated-in-a-subdirectory
2. The C file being generated after CMake is run means CMake can't
automatically scan for included headers and do its usual magic, so we
need to declare the dependency and more importantly the include path.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:03 +01:00
Manuel Pégourié-Gonnard
aedca0c993
Simplify source declarations in ssl/CMakeLists.txt
...
query_config was added twice, and while at it let's declare all the
sources in one place
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-10-25 13:16:03 +01:00
Przemyslaw Stekiel
8132c2ff46
Address review comments
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-21 12:26:58 +02:00
Gilles Peskine
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys
...
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
2021-10-18 17:53:56 +02:00
Przemyslaw Stekiel
db0ed7c579
ssl_server2.c: fix build err (key_slot - unused variable)
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-07 15:11:43 +02:00
Przemyslaw Stekiel
0483e3d652
Add key_opaque option to ssl_server2.c + test
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2021-10-04 11:28:22 +02:00
Andrzej Kurek
5902cd64e2
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
...
This option only gated an ability to set a callback,
but was deemed unnecessary as it was yet another define to
remember when writing tests, or test configurations. Fixes #4653 .
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2021-09-29 10:15:42 -04:00
Gilles Peskine
ca939959e4
Allow read-only access to lists of certificates, CRL, CRL entries
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 23:18:07 +02:00
Gilles Peskine
b11d61e095
mbedtls_net_context: make fd public on Unix/POSIX platforms
...
On platforms with BSD-like sockets, it is useful for applications to have
access to the underlying file descriptor so that they can use functions like
select() and poll().
Do not promise that the field will exist on other platforms such as
Windows (where the type and name of the field are technically wrong because
Windows socket handles are actually not file descriptors).
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-08-31 22:54:27 +02:00
Manuel Pégourié-Gonnard
e45ee40f7e
Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api
...
Add TLS 1.3 ciphersuite and key exchange identifiers and API
2021-08-30 09:47:46 +02:00
Jerry Yu
31c01d303e
Rename available values for tls13_kex_modes
...
Rename `psk_pure` to `psk` and `ephemeral_pure` to `ephemeral`
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-25 18:13:53 +08:00
Jerry Yu
447a3bee17
fix wrong typo and format issues
...
Change-Id: I99a4c7d28c26bfcc43bc8947485d1dfafb6974dc
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-18 09:55:36 +08:00
Jerry Yu
7276f13c93
fix comments for sig_algs parser
...
Change-Id: I68bd691c4b67fb18ff9d55ead34f5517b1b981de
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-17 18:25:57 +08:00
Hanno Becker
a9e4e6fd6f
ssl_server2: Add usage string for TLS 1.3 key exchange modes
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:52 +01:00
Hanno Becker
cfa4d4b3f5
ssl_client2: Adjust usage string to recognized cmd line parameter
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:14 +01:00
Hanno Becker
2c0f697fbc
Support TLS 1.3 key exchange config in ssl_client2/ssl_server2
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-12 06:31:14 +01:00
Hanno Becker
11ceadd382
Add cmdline param for TLS 1.3 sig alg config to ssl_{client,server}2
...
Signed-off-by: Hanno Becker <hanno.becker@arm.com>
2021-08-10 13:55:46 +01:00
Jerry Yu
2a572cf376
Move socket setup behind ssl structure setup.
...
If socket setup fail, ssl structure setup won't be called.
And the order of them do not affect final result, but it
will break ssl setup negative tests.
Change the order can fix that.
issue: #4844
Change-Id: I2488ed5f74773421eb1eac0cfd7f1ce4fbb0b32d
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-09 18:57:24 +08:00
Jerry Yu
b1dc59a125
Add tls1.3 parameters to ssl_{client,server2}
...
To support tls1.3 relative tests, add `tls1_3`
parameter for `{min,max}_version` and `force_version`
issues: #4844
Change-Id: I1b22a076582374b8aabc733086562e9d03a94a2a
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2021-08-09 18:57:24 +08:00
Manuel Pégourié-Gonnard
e5306f6c1d
Use distinct variables for distinct purposes
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-07-07 10:48:26 +02:00
Manuel Pégourié-Gonnard
69c10a41c7
Fix memory leak on failure path in test code
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2021-07-06 12:05:23 +02:00
Ronald Cron
8682faeb09
Merge pull request #4694 from gilles-peskine-arm/out_size-3.0
...
Add output size parameter to signature functions
2021-06-29 09:43:17 +02:00
Bence Szépkúti
bb0cfeb2d4
Rename config.h to mbedtls_config.h
...
This commit was generated using the following script:
# ========================
#!/bin/sh
git ls-files | grep -v '^ChangeLog' | xargs sed -b -E -i '
s/((check|crypto|full|mbedtls|query)_config)\.h/\1\nh/g
s/config\.h/mbedtls_config.h/g
y/\n/./
'
mv include/mbedtls/config.h include/mbedtls/mbedtls_config.h
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:28:33 +01:00
Bence Szépkúti
c662b36af2
Replace all inclusions of config.h
...
Also remove preprocessor logic for MBEDTLS_CONFIG_FILE, since
build_info.h alreadyy handles it.
This commit was generated using the following script:
# ========================
#!/bin/sh
git ls-files | grep -v '^include/mbedtls/build_info\.h$' | xargs sed -b -E -i '
/^#if !?defined\(MBEDTLS_CONFIG_FILE\)/i#include "mbedtls/build_info.h"
//,/^#endif/d
'
# ========================
Signed-off-by: Bence Szépkúti <bence.szepkuti@arm.com>
2021-06-28 09:24:07 +01:00
Gilles Peskine
f00f152444
Add output size parameter to signature functions
...
The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(),
mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable()
now take an extra parameter indicating the size of the output buffer for the
signature.
No change to RSA because for RSA, the output size is trivial to calculate.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2021-06-25 00:46:22 +02:00