Commit graph

1183 commits

Author SHA1 Message Date
Ronald Cron
d1c106c787 Define ticket creation time in TLS 1.2 case as well
The purpose of this change is to eventually base
the calculation in ssl_ticket.c of the ticket age
when parsing a ticket on the ticket creation time
both in TLS 1.2 and TLS 1.3 case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-15 08:58:19 +01:00
Tom Cosgrove
3a6059beca
Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
Gilles Peskine
a211bb7f01
Merge pull request #8596 from xkqian/tls13_early_data_input_file
Change early data flag to input file
2023-12-11 21:14:57 +00:00
Xiaokang Qian
a9581d2d5f Fix CI failure of uninitialized fp
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-11 01:50:34 +00:00
Xiaokang Qian
aedfc0932b Revert to ae952174a7 and addressing some comments
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-08 10:43:24 +00:00
Xiaokang Qian
963468035d Add the test framework of early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 09:19:43 +00:00
Xiaokang Qian
daddfb520d Open the file once read in the file path
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 08:14:30 +00:00
Xiaokang Qian
35c026c09e Read early data file
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 06:10:34 +00:00
Xiaokang Qian
2a8035b495 Add read early data code
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 03:54:40 +00:00
Xiaokang Qian
57db590586 Rework to revert the early_data enabled flag
We have two options for early data.
early_data to indicate early data enable or not.
early_data_file to provide path file to read early data from

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 03:29:22 +00:00
Jan Bruckner
f482dcc6c7 Comply with the received Record Size Limit extension
Fixes #7010

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-12-06 15:18:08 +00:00
Xiaokang Qian
ae952174a7 Enable early data depend on whether the early data file exist
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 10:27:27 +00:00
Jerry Yu
750e06743f remove misbehavior tests and code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:22:15 +08:00
Jerry Yu
ea96ac3da9 fix various issues
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:37 +08:00
Jerry Yu
3c2b21ed0e Enable multi max_early_data_size value for connections
For test purpose, we set different value for each
session

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:56 +08:00
Xiaokang Qian
611c717c02 Sync the early_data option with internal parameters in ssl_client2
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 09:24:58 +00:00
Xiaokang Qian
f8fe11d14d Remove the generic file read functions and simply the early data read
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 07:40:50 +00:00
Xiaokang Qian
eaebedb30b Refine the detect code to enable early data or not
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 02:55:16 +00:00
Xiaokang Qian
b1db72923e Rename the generic read functions to ssl_read_file_text
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 02:33:38 +00:00
Xiaokang Qian
6c678d7543 Improve the comments of early data input
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 02:20:51 +00:00
Xiaokang Qian
70fbdcf904 Change early data flag to input file
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-05 05:50:08 +00:00
Janos Follath
c6f1637f8c
Merge pull request #8534 from paul-elliott-arm/fix_mutex_abstraction
Make mutex abstraction and tests thread safe
2023-11-29 13:26:23 +00:00
Paul Elliott
f25d831123 Ensure mutex test mutex gets free'd
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-23 18:49:43 +00:00
Jerry Yu
713ce1f889 various improvement
- improve change log entry
- improve comments
- remove unnecessary statement
- change type of client_age

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:25 +08:00
Jerry Yu
cf9135100e fix various issues
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
25ba4d40ef rename ticket_creation to ticket_creation_time
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
3ff0b1fda3 Cleanup ticket negative tests.
- improve comments
- case 3/4 is for server age check.
- case 5/6 is for client age check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
ec6d07870d Replace start with ticket_creation
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
f16efbc78d fix various issues
- Add comments for ticket test hooks
- improve code style.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
cebffc3446 change time unit of ticket to milliseconds
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Manuel Pégourié-Gonnard
752dd39a69
Merge pull request #8508 from valeriosetti/issue6323
[G3] Driver-only cipher+aead: TLS: ssl-opt.sh
2023-11-14 11:39:06 +00:00
Valerio Setti
38e75fb1a7 ssl_server2: remove usage of mbedtls_cipher_info_from_string()
This removes the dependency from cipher module and legacy key/modes
symbols which are used in cipher_wrap.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:27:39 +01:00
Yanray Wang
0751761b49 max_early_data_size: rename configuration function
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:34 +08:00
Yanray Wang
d5ed36ff24 early data: rename configuration function
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:24 +08:00
Gilles Peskine
8b6b41f6cd
Merge pull request #8434 from valeriosetti/issue8407
[G2] Make TLS work without Cipher
2023-11-04 15:05:00 +00:00
Dave Rodgman
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Valerio Setti
74d48c89fa ssl_server2: small improvement of code readability
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-02 16:43:55 +01:00
Paul Elliott
afc6a992c5
Merge pull request #8381 from gilles-peskine-arm/20231017-misc-cleanup
Cleanups in test code
2023-10-30 18:08:01 +00:00
Valerio Setti
dc55470341 ssl_context_info: add guards for CIPHER_C
mbedtls_cipher_info_from_type() is only available when CIPHER_C is
defined. So when it is not we just print the cipher type decimal
value on the output instead of the cipher's name.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Valerio Setti
bdf04e840a ssl_server2: support ticket_aead only when CIPHER_C is defined
Cipher parsing requires mbedtls_cipher_info_from_string() which
depends on CIPHER_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Gilles Peskine
5d055f8206
Merge pull request #7844 from mpg/ssl-progs-usage
Fix usage & error reporting in SSL programs
2023-10-26 08:19:25 +00:00
Gilles Peskine
a0e810de4b Convey that it's ok for mbedtls_ssl_session_save to fail
mbedtls_ssl_session_save() always outputs the output length, even on error.
Here, we're only calling it to get the needed output length, so it's ok to
ignore the return value. Convey this to linters.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-17 16:04:27 +02:00
Thomas Daubney
540324cd21 Correct styling of Mbed TLS in documentation
Several bits of documentation were incorrectly styling Mbed TLS
as MbedTLS.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-10-06 17:07:24 +01:00
Paul Elliott
fd3360ebf4 Remove unneeded setting of ret from ssl programs
Remove coverity warnings on unused values.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-09-15 17:41:25 +01:00
Gilles Peskine
e820c0abc8 Update spelling "mbed TLS" to "Mbed TLS"
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":

```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```

Justification for the omissions:

* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
  occurrences are significant names in certificates and such. Changing
  the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
  updates.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-12 19:18:17 +02:00
Gilles Peskine
f745e5b8de Merge remote-tracking branch 'development' into HEAD 2023-08-23 20:35:32 +02:00
Gowtham Suresh Kumar
186731b22a Fix warnings from clang-16
Running clang-16 on mbedtls reports warnings of type "-Wstrict-prototypes".
This patch fixes these warnings by adding void to functions with no
arguments. The generate_test_code.py is modified to insert void into test
functions with no arguments in *.function files.

Signed-off-by: Gowtham Suresh Kumar <gowtham.sureshkumar@arm.com>
2023-07-26 17:11:51 +01:00
Manuel Pégourié-Gonnard
828b3acd6b
Merge pull request #7848 from valeriosetti/issue7749
driver-only ECC: EPCf.TLS testing
2023-07-18 10:33:21 +02:00
Dave Rodgman
91d9daf2b3
Merge pull request #7925 from hasheddan/dtls-server-order
Fix order of steps in DTLS server example program
2023-07-17 09:41:43 +01:00
Daniel Mangum
af2f7a6fcb Fix order of steps in DTLS server example program
Fixes the numbered order of steps in the DTLS server example program.

Signed-off-by: Daniel Mangum <georgedanielmangum@gmail.com>
2023-07-14 12:00:33 -04:00