Daniel Axtens
aa91d4ef0b
pkcs7: build under CMake
...
The patch updates CMakeLists.txt to include pkcs7.
Signed-off-by: Daniel Axtens <dja@axtens.net>
2022-09-01 19:45:41 -05:00
Nayna Jain
ca07f06024
mbedtls: add pkcs7 in generate_errors.pl
...
This patch updates the generate_errors.pl to handle
PKCS7 code as well.
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
2022-09-01 19:45:41 -05:00
Nayna Jain
673a226698
pkcs7: add support for signed data
...
OpenSSL provides APIs to generate only the signted data
format PKCS7 i.e. without content type OID. This patch
adds support to parse the data correctly even if formatted
only as signed data
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
2022-09-01 19:45:41 -05:00
Nayna Jain
c9deb184b0
mbedtls: add support for pkcs7
...
PKCS7 signing format is used by OpenPOWER Key Management, which is
using mbedtls as its crypto library.
This patch adds the limited support of pkcs7 parser and verification
to the mbedtls. The limitations are:
* Only signed data is supported.
* CRLs are not currently handled.
* Single signer is supported.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Eric Richter <erichte@linux.ibm.com>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
2022-09-01 19:45:33 -05:00
Ronald Cron
e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation
...
TLS 1.3: SRV: Finalize external PSK negotiation
2022-08-31 17:21:57 +02:00
Jerry Yu
6688669124
replace psk&dhe with psk_or_ephemeral
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 17:08:34 +08:00
Gilles Peskine
6d1fc45f08
Merge pull request #6249 from AndrzejKurek/fix-ssl-programs-no-md
...
Add a missing guard in an example program
2022-08-31 09:56:40 +02:00
Jerry Yu
7101b87040
fix wrong description
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 14:15:23 +08:00
Jerry Yu
1e05b6dd6d
fix coding style and unnecessary assignment
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 10:35:52 +08:00
Andrzej Kurek
dcce505a08
Add a missing guard in an example program
...
MD variable is not used in builds without MD.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-30 17:56:08 -04:00
Manuel Pégourié-Gonnard
bf22a2500b
Merge pull request #6208 from AndrzejKurek/tls-tests-no-md-structured
...
Remove the dependency on MD from TLS 1.2 tests
2022-08-30 12:34:37 +02:00
Manuel Pégourié-Gonnard
a84ce3fa81
Merge pull request #6111 from superna9999/6101-programs-dont-build-with-libtestdriver-and-use-psa
...
Programs don't build with libtestdriver and USE_PSA
2022-08-30 12:29:01 +02:00
Dave Rodgman
0edfa9dd26
Merge pull request #6207 from daverodgman/ticket_time
...
Fix type used for capturing TLS ticket generation time
2022-08-30 10:03:06 +01:00
Jerry Yu
63d40e6b46
shorten the description
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-30 09:45:40 +08:00
Jerry Yu
e5834fd0d7
remove unnecessary test
...
also optimize check sum
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-29 20:33:33 +08:00
Jerry Yu
e7b4b58403
Add psk kex mode tests
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-25 20:47:44 +08:00
Jerry Yu
3e06fce260
Remove old tests.
...
only reserve "no valid ciphersuite" test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-25 17:51:57 +08:00
Jerry Yu
3c01d47ef7
Update test cases
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-25 11:34:36 +08:00
Jerry Yu
0baf907e11
remove select_ciphersuite
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-25 11:21:04 +08:00
Jerry Yu
c5a23a0f12
fix various issues
...
- code style
- variable initialize
- update comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-25 11:09:35 +08:00
Dave Rodgman
fac3ea5656
Merge pull request #6184 from leorosen/ssl_tls_curve_group_id_null_protect
...
mbedtls_ssl_check_curve prevent potential NULL pointer dereferencing
2022-08-24 15:16:45 +01:00
Tom Cosgrove
bcc13c943f
Add further missing whitespaces inside parentheses
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-24 15:08:16 +01:00
Tom Cosgrove
20c1137350
Fix coding style
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
Co-authored-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-24 15:06:13 +01:00
Dave Rodgman
5a28142410
Merge pull request #6189 from Kxuan/fix-ctr_drbg-uninit
...
ctr_drbg: fix free uninitialized aes context
2022-08-24 14:58:44 +01:00
Jerry Yu
2185c0f2e9
add force ciphersuite tls-aes-256-gcm-sha384 test
...
PSK hash alg of server is sha256. If client send only
tls-aes-256-gcm-384, there is no valid ciphersuite
available, handshake should be abort.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 22:01:58 +08:00
Jerry Yu
f35ba384ff
Add select ciphersuite entry function
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 22:01:58 +08:00
Jerry Yu
dd1bef788e
Add ciphersuite_info check
...
return null if no valid ciphersuite info
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 17:57:02 +08:00
Jerry Yu
29d9faa468
fix various issues.
...
- comments issues
- code format style issues
- naming improvement.
- error return improvements
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 17:53:43 +08:00
Andrzej Kurek
32bd063773
test_suite_ssl: Add minimal handshake requirements
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:42:44 -04:00
Andrzej Kurek
299b1d6c93
Remove unnecessary psa/crypto.h
include
...
This is now included in `legacy_or_psa.h`.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:42:33 -04:00
Andrzej Kurek
cccb044804
Style & formatting fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:26:02 -04:00
Janos Follath
645ff5b8ff
Merge pull request #6095 from gabor-mezei-arm/6016_add_new_modulus_and_residue_structures
...
Add the new modulus and the residue structures with low level I/O operations
2022-08-23 09:02:43 +01:00
Jerry Yu
66f35f2402
fix wrong requires setting
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-23 15:33:37 +08:00
Andrzej Kurek
e02da81086
Update TLS1.2 dependencies description in mbedtls_config.h
...
It is possible to use it without MBEDTLS_SHAXXX defines and USE_PSA_CRYPTO
instead.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
21b6870301
test_suite_ssl: remove unnecessary usage of mbedtls_md_get_size
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
180b6b9608
Enable TLS 1.2 tests without MD and with USE_PSA in all.sh
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
7e16ce3a72
Clarify TLS 1.2 dependencies with and without PSA crypto
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
8c95ac4500
Add missing dependencies / alternatives
...
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate,
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
7bb8bab457
Update SHA and MD5 dependencies in the SSL tests
...
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO
is defined and respective SHA / MD5 defines are missing.
A new set of macros added in #6065 is used to reflect these dependencies.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
25f271557b
Update SHA and MD5 dependencies in the SSL module
...
The same elements are now also used when MBEDTLS_USE_PSA_CRYPTO
is defined and respective SHA / MD5 defines are missing.
A new set of macros added in #6065 is used to reflect these dependencies.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
635c2c2be5
test_suite_ssl: replace CTR_DRBG with a fake rng source
...
This way there are less dependencies in the SSL test suite.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
0ce592169e
Use hash_info_get_size in ssl_tls12_client
...
This way the code does not rely on the MBEDTLS_MD_C define
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Andrzej Kurek
a242e83b21
Rename the sha384 checksum context to reflect its purpose
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:02:04 -04:00
Dave Rodgman
0ce93933e8
Merge pull request #6219 from KloolK/development
...
Fix minor typos
2022-08-22 21:47:21 +01:00
Gilles Peskine
e5018c97f9
Merge pull request #6195 from superna9999/6149-driver-only-hashes-ec-j-pake
...
Driver-only hashes: EC J-PAKE
2022-08-22 17:28:15 +02:00
Gilles Peskine
194556034d
Merge pull request #6169 from tom-cosgrove-arm/fix-incorrect-use-of-mbedtls_ecp_group_id
...
Fix incorrect use of mbedtls_ecp_group_id in test_suite_ssl.function
2022-08-22 17:26:18 +02:00
Gilles Peskine
20ebaac85e
Merge pull request #6211 from tom-cosgrove-arm/explicit-warning-re-ct-conditions-not-0-or-1
...
Be explicit about constant time bignum functions that must take a 0 or 1 condition value
2022-08-22 17:24:04 +02:00
Gilles Peskine
03f1c39ac7
Merge pull request #6171 from mprse/md_x509_test
...
Driver-only hashes: X.509
2022-08-22 17:18:47 +02:00
Jan Bruckner
9ff6f8cdbd
Fix minor typos
...
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2022-08-22 16:05:58 +02:00
Janos Follath
2e328c8591
Remove confusing const qualifier
...
Since a is not a pointer, it is passed by value and declaring it const
doesn’t make any sense and on the first read can make me miss the fact
that a is not a pointer.
Signed-off-by: Janos Follath <janos.follath@arm.com>
2022-08-22 11:19:10 +01:00