Gilles Peskine
c9e8a65d06
Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api
...
ssl_cache: misc improvements
2023-04-11 09:30:40 +02:00
Manuel Pégourié-Gonnard
23fc437037
SSL: fix test failures
...
1. Change USE_PSA_CRYPTO_INIT/DONE to MD_OR_USE.
2. Add missing occurrences - some of these were already necessary in
principle (in one form or another) but where missing and this was not
detected so far as `psa_hash` doesn't complain in case of a missing
init, but now MD makes it visible.
3. Add missing include in ssl_test_lib.h.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
bef824d394
SSL: use MD_CAN macros
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Pengyu Lv
b1895899f1
ssl_cache: Improve some comments
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-16 14:33:28 +08:00
Gilles Peskine
2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api
...
ssl_cache: Add cache entry removal api
2023-03-15 15:38:06 +01:00
Pengyu Lv
f30488f5cd
Move the usage string of cache_remove to USAGE_CACHE
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-15 09:53:45 +08:00
Pengyu Lv
753d02ffd4
ssl_server2: Add options to support cache removal
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-13 09:28:17 +08:00
Dave Rodgman
5e5aa4a4e6
Merge pull request #7218 from tom-cosgrove-arm/fix-typos-230307
...
Fix typos in development prior to release
2023-03-08 17:19:59 +00:00
Tom Cosgrove
5c8505f061
Fix typos
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-07 11:39:52 +00:00
Valerio Setti
5ba1d5eb2c
programs: use proper macro for ECDSA capabilities in ssl_sever2
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-23 08:15:17 +01:00
Dave Rodgman
f31c9e441b
Merge pull request #7019 from tom-cosgrove-arm/dont-use-cast-assignment-in-ssl_server2.c
...
Don't use cast-assignment in ssl_server.c
2023-02-06 12:13:08 +00:00
Tom Cosgrove
de85725507
Don't use cast-assignment in ssl_server.c
...
Would have used mbedtls_put_unaligned_uint32(), but alignment.h is in library/.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-02-03 16:38:05 +00:00
Aditya Deshpande
644a5c0b2b
Fix bugs in example programs: change argc == 0 to argc < 2
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 16:48:13 +00:00
Pengyu Lv
e2f1dbf5ae
update docs of ssl_client2 and improve code format
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 12:38:12 +08:00
Pengyu Lv
302feb3955
add cases to test session resumption with different ticket_flags
...
This commit add test cases to test if the check of kex change mode
in SessionTicket works well.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:56 +08:00
Gilles Peskine
449bd8303e
Switch to the new code style
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Jerry Yu
a15af37867
Change time resolution of reco_delay from second to millionseconds
...
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.
From test result of #6712 , this can improve the fail rate from 4%
to 92%.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-07 13:01:42 +08:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
...
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
Valerio Setti
d75c5c4405
test: pake: fail in case the opaque key is destroyed unexpectedly
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-13 11:51:32 +01:00
Valerio Setti
785116a5be
test: pake: modify opaque key verification before destruction
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-12 11:59:25 +01:00
Valerio Setti
eb3f788b03
tls: pake: do not destroy password key in TLS
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-08 18:42:58 +01:00
Valerio Setti
d5fa0bfb85
test: pake: check psa key validity before destroying it
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 16:02:42 +01:00
Ronald Cron
fbba0e9d75
Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface
...
TLS 1.3: Refactor early data configuration interface.
2022-12-07 09:42:12 +01:00
Jerry Yu
d146a37d56
Change the definition of max_early_data_size argument.
...
`conf_max_early_data_size` does not reuse as en/disable. When
call it, we should call `conf_early_data()` also.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 14:56:54 +08:00
Jerry Yu
2c93fc1544
Revert "Add reco_debug_level to reduce debug output"
...
This reverts commit a6934776c9
.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 11:05:54 +08:00
Jerry Yu
54dfcb7794
fix comments and debug info issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 15:43:09 +08:00
Tom Cosgrove
1797b05602
Fix typos prior to release
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Valerio Setti
d6feb20869
test: pake: allow opaque password only when USE_PSA is enabled
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 14:28:49 +01:00
Jerry Yu
7854a4e019
Add max_early_data_size option for ssl_sever2
...
- to set max_early_data_set
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Jerry Yu
a6934776c9
Add reco_debug_level to reduce debug output
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Valerio Setti
661b9bca75
test: psa_pake: add specific log message for the opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 17:28:17 +01:00
Valerio Setti
77e8315f5b
fix formatting and typos
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 17:28:04 +01:00
Valerio Setti
d572a82df9
tls: psa_pake: add test for opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 11:30:56 +01:00
Xiaokang Qian
2cd5ce0c6b
Fix various issues cause rebase to latest code
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 10:33:53 +00:00
Xiaokang Qian
9a0aafbe79
Enable/disable MBEDTLS_SSL_EARLY_DATA for cases in ssl-opt.sh
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 02:49:46 +00:00
Xiaokang Qian
0e97d4d16d
Add early data indication to client side
...
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:50 +00:00
Gilles Peskine
fd7aa13671
Merge pull request #6436 from yanrayw/ssl_client2-add-build-version
...
Add build version to the output of ssl_client2 and ssl_server2
2022-11-10 14:39:38 +01:00
Jerry Yu
2883219edb
Improve output message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-30 13:53:31 +08:00
Jerry Yu
c3a7fa386e
Update output message when certification verified fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-28 12:38:33 +08:00
Jerry Yu
ad9e99bd2e
fix session resumption fail when hostname is not localhost
...
Change-Id: Icb2f625bb11debb5c7cae36e34d7270f7baae4d5
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-28 12:30:58 +08:00
Yanray Wang
eaf46d1291
Add output of build version in ssl_server2
...
Usage:
- By default, build version is printed out in the beginning of
ssl_server2 application.
- ./ssl_server2 build_version=1 only prints build verison and stop
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-28 10:53:50 +08:00
Yanray Wang
84645e92c6
Simplify code of adding output in ssl_client2
...
- print build version macro defined in build_info.h directly
- Remove all the MBEDTLS_VERSION_C guards as build version
information is always available in build_info.h
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-28 10:53:22 +08:00
Gilles Peskine
744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0
...
Fix unusual macros
2022-10-25 19:55:29 +02:00
David Horstmann
3f44e5b11a
Refactor macro-spanning if in ssl_server2.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-24 13:12:19 +01:00
David Horstmann
f160ef1dd1
Refactor macro-spanning if in ssl_client2.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-24 13:11:38 +01:00
Yanray Wang
7f9ddb584a
Merge branch 'Mbed-TLS:development' into ssl_client2-add-build-version
2022-10-24 12:19:39 +08:00
Ronald Cron
73fe8df922
Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
...
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e
Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
...
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
81378b72e8
programs: ssl: Remove dependency on TLS 1.3 for "sig_algs" option
...
Signature algorithms can be specified through
the sig_algs option for TLS 1.2 as well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:40:56 +02:00
Ronald Cron
20a8e63b23
programs: ssl: Fix some mbedtls_ssl_conf_sig_algs() guards
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:36:43 +02:00