David Horstmann
4dfa368681
Fix demo scripts for out-of-tree builds
...
Allow demo scripts to be run from the build directory for out-of-tree
builds.
If the executable is not found in the source tree then search in the
current directory in case the script is being run from a build
directory.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-05-09 18:30:05 +01:00
Gilles Peskine
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids
...
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
2023-05-08 20:38:29 +02:00
Pol Henarejos
d06c6fc45b
Merge branch 'development' into sha3
...
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-05-05 16:01:18 +02:00
Dave Rodgman
417c4c8b2c
Merge pull request #5770 from mstorsjo/win32-fallback-timer
...
Use QueryPerformanceCounter as fallback timer on non-x86 mingw
2023-05-05 14:31:41 +01:00
Gilles Peskine
53a9ac576d
Merge pull request #7443 from mprse/psa_init_in_programs
...
Init PSA in ssl and x509 programs
2023-04-28 12:49:11 +02:00
Przemek Stekiel
94cf710edc
Revert increase of MEMORY_HEAP_SIZE in ssl_client2
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-24 16:35:40 +02:00
Przemek Stekiel
5346396c48
Fix code-style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-24 09:01:41 +02:00
Przemek Stekiel
758aef60c5
Add guards for mbedtls_psa_crypto_free()
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-24 08:10:01 +02:00
Przemek Stekiel
774f9debf2
Init PSA in fuzz programs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-24 08:07:20 +02:00
Przemek Stekiel
2c1ef0967c
Init PSA in pkey programs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-19 10:16:53 +02:00
Przemek Stekiel
a8c560a799
Free psa crypto at the end of programs when initialized
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-19 10:15:26 +02:00
Przemek Stekiel
e296868b25
Remove print from mini_client
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-17 11:11:01 +02:00
Przemek Stekiel
a0a1c1eab5
Move psa_crypto_init() after other init calls
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-17 11:10:05 +02:00
Przemek Stekiel
6260ee9cab
cert_app: init entropy unconditionally
...
When mbedtls_entropy_free() is called without mbedtls_entropy_init() entropy is uninitialized and contains garbage which may lead to segmentation fault.
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-16 22:42:01 +02:00
Przemek Stekiel
89c636e6cf
Init PSA in ssl and x509 programs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-04-16 22:41:52 +02:00
Valerio Setti
d49cbc1493
test: fix remaining failures in test due to the ECP_LIGHT symbol
...
Changes in test_suite_psa_crypto are to enforce the dependency
on ECP_C which is mandatory for some key's derivation.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
Gilles Peskine
7c1c7ce90e
Merge pull request #7401 from AndrzejKurek/md-guards-missing
...
Add missing md.h includes
2023-04-11 09:32:17 +02:00
Gilles Peskine
c9e8a65d06
Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api
...
ssl_cache: misc improvements
2023-04-11 09:30:40 +02:00
Andrzej Kurek
0af32483f3
Change the format of md.h include comments
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-07 03:10:28 -04:00
Andrzej Kurek
0e03f4c119
Remove unnecessary include
...
This is a PSA-based program and psa/crypto.h
is already included.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-06 07:55:25 -04:00
Andrzej Kurek
316b7dd19c
Add a justification for early md.h include in programs
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-05 14:44:38 -04:00
Andrzej Kurek
da86e2e5bd
Revert to using MBEDTLS_SHA_1_C when mbedtls_sha1 is called directly
...
This was mistakingly changed in #7327 .
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-05 14:39:22 -04:00
Andrzej Kurek
eaea30d30e
Remove duplicated md.h includes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-05 14:36:51 -04:00
toth92g
27f9e7815c
Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields
...
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates
Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
Andrzej Kurek
1b75e5f784
Add missing md.h includes
...
MBEDTLS_MD_CAN_SHAXXX are defined there.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2023-04-04 09:55:06 -04:00
Manuel Pégourié-Gonnard
33783b4646
Manually fix two remaining instances of old macros
...
Unless I missed something, all remaining instance of all macros are in
files where it makes sense to use these. I went over the output of:
git grep -c -E 'MBEDTLS_(MD5|RIPEMD160|SHA[0-9]*)_C'
and I think all the files listed fall into one of the following
acceptable categories:
- documentation and historical documents: Changelog, docs/**/*.md
- config files and related: mbedtls_config.h, configs/*.h,
check_config.h, config_psa.h, etc.
- scripts that build/modify configs: all.sh, depends.py,
set_psa_test_dependencies.py, etc.
- implementation of MD or PSA or related: md.h, psa_util.h, etc. and
corresponding test suites
- implementation of hashes: md5.c, sha256.h, etc. and corresponding test
suites
- two example programs using a low-level hash API: hash/hello.c,
pkey/ecdsa.c
- test/benchmark.c, test/selftest.c: actually want our built-in
implementations
- a function in test_suite_psa_crypto_storage_format that is
specifically for checking if the hash is built in.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
93302422fd
Fix instances of old feature macros being used
...
sed -i -f md.sed include/mbedtls/ssl.h library/hmac_drbg.c programs/pkey/*.c programs/x509/*.c tests/scripts/generate_pkcs7_tests.py tests/suites/test_suite_random.data
Then manually revert programs/pkey/ecdsa.c as it's using a low-level
hash API.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-24 10:43:40 +01:00
Manuel Pégourié-Gonnard
7224086ebc
Remove legacy_or_psa.h
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
23fc437037
SSL: fix test failures
...
1. Change USE_PSA_CRYPTO_INIT/DONE to MD_OR_USE.
2. Add missing occurrences - some of these were already necessary in
principle (in one form or another) but where missing and this was not
detected so far as `psa_hash` doesn't complain in case of a missing
init, but now MD makes it visible.
3. Add missing include in ssl_test_lib.h.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Manuel Pégourié-Gonnard
bef824d394
SSL: use MD_CAN macros
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
Paul Elliott
9f02a4177b
Merge pull request #7009 from mprse/csr_write_san
...
Added ability to include the SubjectAltName extension to a CSR - v.2
2023-03-17 10:07:27 +00:00
Pengyu Lv
b1895899f1
ssl_cache: Improve some comments
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-16 14:33:28 +08:00
Gilles Peskine
2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api
...
ssl_cache: Add cache entry removal api
2023-03-15 15:38:06 +01:00
Pengyu Lv
f30488f5cd
Move the usage string of cache_remove to USAGE_CACHE
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-15 09:53:45 +08:00
Przemek Stekiel
f86fe73d59
Fix error on Windows builds (conversion from 'unsigned long' to 'uint8_t')
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-14 09:55:29 +01:00
Pengyu Lv
753d02ffd4
ssl_server2: Add options to support cache removal
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-13 09:28:17 +08:00
Przemek Stekiel
55ceff6d2f
Code optimization and style fixes
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-10 14:36:16 +01:00
Przemek Stekiel
68ca81c8fe
Change separator for SAN names to ';'
...
When ';' is used as a separator san names must be provided in quotation marks:
./cert_req filename=../../tests/data_files/server8.key subject_name=dannybackx.hopto.org san="URI:http://pki.example.com/;IP:127.1.1.0;DNS:example.com "
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-09 14:04:11 +01:00
Dave Rodgman
5e5aa4a4e6
Merge pull request #7218 from tom-cosgrove-arm/fix-typos-230307
...
Fix typos in development prior to release
2023-03-08 17:19:59 +00:00
Manuel Pégourié-Gonnard
289e5baa83
Merge pull request #7082 from valeriosetti/issue6861
...
driver-only ECDSA: add ssl-opt.sh testing with testing parity
2023-03-08 16:45:38 +01:00
Tom Cosgrove
5c8505f061
Fix typos
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-03-07 11:39:52 +00:00
Przemek Stekiel
6cb59c55c3
ip_string_to_bytes: remove status, add info about supported ip version
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-06 10:13:20 +01:00
Pol Henarejos
f61d6c0a2b
Merge branch 'development' into sha3
2023-03-04 00:03:06 +01:00
Przemek Stekiel
5a49d3cce3
Replace mbedtls_x509_san_node with mbedtls_x509_subject_alternative_name
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-03 12:58:11 +01:00
Przemek Stekiel
3a92593d1e
Adapt cert_req app to support SAN IP
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-03-03 12:58:11 +01:00
Gilles Peskine
df6e84a447
Test the PSA alternative header configuration macros
...
Test that MBEDTLS_PSA_CRYPTO_PLATFORM_FILE and
MBEDTLS_PSA_CRYPTO_STRUCT_FILE can be set to files in a directory that comes
after the standard directory in the include file search path.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-02-23 17:18:33 +01:00
Valerio Setti
5ba1d5eb2c
programs: use proper macro for ECDSA capabilities in ssl_sever2
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-23 08:15:17 +01:00
Hannes Tschofenig
6b108606fa
Added ability to include the SubjectAltName extension to a CSR
...
Signed-off-by: Hannes Tschofenig <hannes.tschofenig@arm.com>
2023-02-21 13:42:39 +01:00
Dave Rodgman
54647737f6
Add checks to selftest
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-10 16:16:17 +00:00
Pol Henarejos
b3b220cbf8
Correct style.
...
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-02-08 12:52:18 +01:00
Pol Henarejos
a6779287e8
Style.
...
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-02-08 00:50:04 +01:00
Pol Henarejos
4e747337ee
Merge branch 'development' into sha3
...
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2023-02-07 19:55:31 +01:00
Dave Rodgman
f31c9e441b
Merge pull request #7019 from tom-cosgrove-arm/dont-use-cast-assignment-in-ssl_server2.c
...
Don't use cast-assignment in ssl_server.c
2023-02-06 12:13:08 +00:00
Dave Rodgman
94c9c96c94
Merge pull request #6998 from aditya-deshpande-arm/fix-example-programs-usage
...
Fix incorrect dispatch to USAGE in example programs, which causes uninitialized memory to be used
2023-02-06 09:53:50 +00:00
Tom Cosgrove
de85725507
Don't use cast-assignment in ssl_server.c
...
Would have used mbedtls_put_unaligned_uint32(), but alignment.h is in library/.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-02-03 16:38:05 +00:00
Aditya Deshpande
9b45f6bb68
Fix more argc checks
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-02-03 16:15:30 +00:00
Dave Rodgman
6dd757a8ba
Fix use of sizeof without brackets
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 12:40:50 +00:00
Aditya Deshpande
644a5c0b2b
Fix bugs in example programs: change argc == 0 to argc < 2
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
2023-01-30 16:48:13 +00:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843
...
Improve X.509 cert writing serial number management
2023-01-30 13:08:57 +01:00
Valerio Setti
af4815c6a4
x509: replace/fix name of new function for setting serial
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-26 17:43:09 +01:00
Pengyu Lv
e2f1dbf5ae
update docs of ssl_client2 and improve code format
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 12:38:12 +08:00
Pengyu Lv
302feb3955
add cases to test session resumption with different ticket_flags
...
This commit add test cases to test if the check of kex change mode
in SessionTicket works well.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:56 +08:00
Valerio Setti
48fdbb3940
programs: cert_write: fixed bug in parsing dec serial
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
791bbe629d
programs: improved cert_write serial management
...
Now it can accept serial both as decimal and hex number (only one format
at a time, of course, not simultaneously).
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
acf12fb744
x509: fix endianness and input data format for x509write_crt_set_serial_new
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
5d164c4e23
fix: add missing deprecation guards
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
da0afcc2fb
x509: remove direct dependency from BIGNUM_C
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Gilles Peskine
449bd8303e
Switch to the new code style
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Jerry Yu
a15af37867
Change time resolution of reco_delay from second to millionseconds
...
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.
From test result of #6712 , this can improve the fail rate from 4%
to 92%.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-07 13:01:42 +08:00
David Horstmann
e3d8f31ba1
Workaround Uncrustify parsing of "asm"
...
The following code:
#ifndef asm
#define asm __asm
#endif
causes Uncrustify to stop correcting the rest of the file. This may be
due to parsing the "asm" keyword in the definition.
Work around this by wrapping the idiom in an *INDENT-OFF* comment
wherever it appears.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-03 11:07:09 +00:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702
...
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
2023-01-03 09:36:58 +01:00
Valerio Setti
d10e0a6341
sha: fix minor issues/typos
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-22 14:25:26 +01:00
Dave Rodgman
2038da9266
Merge pull request #6826 from daverodgman/fix_gettimeofday
...
Fix gettimeofday overflow
2022-12-20 16:01:53 +00:00
Dave Rodgman
7796cc4f24
Fix overflow in mbedtls_timing_hardclock
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-20 13:12:23 +00:00
Valerio Setti
e7221a21ad
test: adjust depends.py to new SHA224/SHA384 changes
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-16 14:43:48 +01:00
Gilles Peskine
6b21820bd3
Merge pull request #6687 from gilles-peskine-arm/fuzz-cflags
...
programs/fuzz: set sensible default CFLAGS
2022-12-15 19:47:22 +01:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
...
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
Valerio Setti
46e8fd8263
test: sha: test SHA224 and SHA256 separately
...
This is meant to adapt to the new library design in which
SHA224 and SHA256 can be built independently from each other.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 10:58:02 +01:00
Valerio Setti
898e7a3afe
test: sha: test SHA384 and SHA512 separately
...
This is meant to adapt to the new library design in which
SHA384 and SHA512 can be built independently from each other.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 10:50:54 +01:00
Manuel Pégourié-Gonnard
ebf322ddf6
Merge pull request #6629 from concatime/cmake-config-dir
...
Install CMake files in MbedTLS dir
2022-12-14 10:30:52 +01:00
Valerio Setti
d75c5c4405
test: pake: fail in case the opaque key is destroyed unexpectedly
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-13 11:51:32 +01:00
Valerio Setti
785116a5be
test: pake: modify opaque key verification before destruction
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-12 11:59:25 +01:00
Manuel Pégourié-Gonnard
1a100b69a4
Merge pull request #6705 from davidhorstmann-arm/code-style-script-non-corrected
...
Add code style correction script
2022-12-09 09:41:14 +01:00
Valerio Setti
eb3f788b03
tls: pake: do not destroy password key in TLS
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-08 18:42:58 +01:00
Valerio Setti
d5fa0bfb85
test: pake: check psa key validity before destroying it
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 16:02:42 +01:00
Ronald Cron
fbba0e9d75
Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface
...
TLS 1.3: Refactor early data configuration interface.
2022-12-07 09:42:12 +01:00
Jerry Yu
d146a37d56
Change the definition of max_early_data_size argument.
...
`conf_max_early_data_size` does not reuse as en/disable. When
call it, we should call `conf_early_data()` also.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 14:56:54 +08:00
Jerry Yu
2c93fc1544
Revert "Add reco_debug_level to reduce debug output"
...
This reverts commit a6934776c9
.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 11:05:54 +08:00
Jerry Yu
54dfcb7794
fix comments and debug info issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 15:43:09 +08:00
Tom Cosgrove
1797b05602
Fix typos prior to release
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Issam E. Maghni
760f3a0a48
Install CMake files in MbedTLS dir
...
Right now, CMake files are installed in <prefix>/cmake. That being said,
it gets easily bloated, and the standard is to use a directory with the
same name as the project.
I discovered this issue with this "bug":
https://github.com/termux/termux-packages/issues/12416
The issue's author claimed that MbedTLS's files were not installed in
the lib directory. But the patch applied by termux team broke CMake's
search of MbedTLS config files. So I wanted to upstream the real fix
here instead.
Here are some examples of projects using directories:
- https://github.com/xiph/flac/blob/1.4.2/CMakeLists.txt#L239
- https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.15.2/CMakeLists.txt#L675
- https://github.com/catchorg/Catch2/blob/v3.2.0/CMakeLists.txt#L62
- https://github.com/capnproto/capnproto/blob/v0.10.2/c++/CMakeLists.txt#L162
Signed-off-by: Issam E. Maghni <issam.e.maghni@mailbox.org>
2022-12-04 03:00:38 +00:00
Valerio Setti
d6feb20869
test: pake: allow opaque password only when USE_PSA is enabled
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 14:28:49 +01:00
Jerry Yu
7854a4e019
Add max_early_data_size option for ssl_sever2
...
- to set max_early_data_set
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Jerry Yu
a6934776c9
Add reco_debug_level to reduce debug output
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Valerio Setti
661b9bca75
test: psa_pake: add specific log message for the opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 17:28:17 +01:00
Valerio Setti
77e8315f5b
fix formatting and typos
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 17:28:04 +01:00
Gilles Peskine
9ec14f6dcb
programs/fuzz: set sensible default CFLAGS
...
Running make from programs/fuzz didn't set any optimization flags (running
make from programs or from the root inherited the parent's optimization
flags). Default to -O2.
There were no -W flags. Default to -Wall -Wextra, but not -Werror in line
with the other makefiles.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-29 17:23:19 +01:00
Valerio Setti
d572a82df9
tls: psa_pake: add test for opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 11:30:56 +01:00
Bence Szépkúti
a17d038ee1
Merge branch 'development' into pr3431
2022-11-22 15:54:52 +01:00
Ronald Cron
d12922a69a
Merge pull request #6486 from xkqian/tls13_add_early_data_indication
...
The merge job of the internal CI ran successfully. This is good to go.
2022-11-17 12:48:50 +01:00
Gilles Peskine
32605b24be
Merge pull request #6559 from ihsinme/patch-1
...
dh_genprime: Fix issue where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure
2022-11-15 12:38:41 +01:00
Xiaokang Qian
2cd5ce0c6b
Fix various issues cause rebase to latest code
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 10:33:53 +00:00
Xiaokang Qian
9a0aafbe79
Enable/disable MBEDTLS_SSL_EARLY_DATA for cases in ssl-opt.sh
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 02:49:46 +00:00
David Horstmann
5b98d73864
Linewrap for the benefit of Uncrustify
...
The last line of programs/psa/key_ladder_demo.c is of the following
form:
#endif /* Very long comment ... */
Uncrustify tries to reduce the length:
#endif \
/* Very long comment ... */
and causes a compiler error as there is a continuation line with no
actual code in it. Work around this by linewrapping the comment
in advance.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-11-14 12:10:37 +00:00
Xiaokang Qian
0e97d4d16d
Add early data indication to client side
...
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:50 +00:00
Gilles Peskine
fd7aa13671
Merge pull request #6436 from yanrayw/ssl_client2-add-build-version
...
Add build version to the output of ssl_client2 and ssl_server2
2022-11-10 14:39:38 +01:00
ihsinme
d21ecd71c0
dh_genprime: Fix issue where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure
...
In 'dh_genprime.c', the following condition can be found inside an 'if' statement:
ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) != 0
As the '!=' operator binds closer than the assignment operator ('='), the value assigned to 'ret' will be the boolean result of the comparison (0 or 1) instead of the status code returned by 'mbedtls_mpi_write_file'. This means that the above statement is actually equivalent to:
ret = ( mbedtls_mpi_write_file( "P = ", &P, 16, fout ) != 0 )
What we want instead is for the the status code to be assigned to 'ret'. If the value assigned is non-zero, it will be 'truthy' and the 'if' branch will be taken.
( ret = mbedtls_mpi_write_file( "P = ", &P, 16, fout ) ) != 0
This PR fixes the issue by explicitly specifying the precedence of operations with parentheses.
Signed-off-by: ihsinme <ihsinme@gmail.com>
2022-11-10 12:58:15 +03:00
Dave Rodgman
f58172fe43
Merge remote-tracking branch 'origin/development' into pr3431
2022-11-10 09:54:49 +00:00
Gilles Peskine
bf249accc7
Merge pull request #6498 from yuhaoth/pr/fix-session-resumption-fail-when-hostname-is-not-localhost
...
BUG: Fix session resumption fail when hostname is not localhost
2022-11-07 17:33:38 +01:00
Dave Rodgman
55fd0b9fc1
Merge pull request #6121 from daverodgman/pr277
...
cert_write - add a way to set extended key usages - rebase
2022-10-31 13:27:49 +00:00
Jerry Yu
2883219edb
Improve output message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-30 13:53:31 +08:00
Jerry Yu
c3a7fa386e
Update output message when certification verified fail
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-28 12:38:33 +08:00
Jerry Yu
ad9e99bd2e
fix session resumption fail when hostname is not localhost
...
Change-Id: Icb2f625bb11debb5c7cae36e34d7270f7baae4d5
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-28 12:30:58 +08:00
Yanray Wang
eaf46d1291
Add output of build version in ssl_server2
...
Usage:
- By default, build version is printed out in the beginning of
ssl_server2 application.
- ./ssl_server2 build_version=1 only prints build verison and stop
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-28 10:53:50 +08:00
Yanray Wang
84645e92c6
Simplify code of adding output in ssl_client2
...
- print build version macro defined in build_info.h directly
- Remove all the MBEDTLS_VERSION_C guards as build version
information is always available in build_info.h
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-28 10:53:22 +08:00
Dave Rodgman
66e05505b6
Support generating DER format certificates
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-10-27 17:41:40 +01:00
Gilles Peskine
744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0
...
Fix unusual macros
2022-10-25 19:55:29 +02:00
David Horstmann
3f44e5b11a
Refactor macro-spanning if in ssl_server2.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-24 13:12:19 +01:00
David Horstmann
f160ef1dd1
Refactor macro-spanning if in ssl_client2.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-10-24 13:11:38 +01:00
Yanray Wang
7f9ddb584a
Merge branch 'Mbed-TLS:development' into ssl_client2-add-build-version
2022-10-24 12:19:39 +08:00
Ronald Cron
73fe8df922
Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
...
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e
Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
...
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
81378b72e8
programs: ssl: Remove dependency on TLS 1.3 for "sig_algs" option
...
Signature algorithms can be specified through
the sig_algs option for TLS 1.2 as well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:40:56 +02:00
Ronald Cron
20a8e63b23
programs: ssl: Fix some mbedtls_ssl_conf_sig_algs() guards
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:36:43 +02:00
Yanray Wang
076b2d062f
Improve the method of printing string build version
...
Following changes are introduced with this commit:
- Call mbedtls_version_get_string before printing string
build version instead of printing macro directly
- Output build version in the beginning of ssl_client2 program
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-21 11:22:44 +08:00
Andrzej Kurek
b50754ae86
Switch from x509_CRT_PARSE to KEY_EXCHANGE_WITH_CERT_ENABLED
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
d0786f5f26
Revert one of the changes to ssl_server2 dependencies
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
6ee1e20d7f
Replace x509_CRT_PARSE_C with KEY_EXCHANGE_WITH_CERT_ENABLED
...
SSL programs use certificates in an exchange, so it's more natural
to have such dependency instead of just certificate parsing.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
eabeb30c65
Fix SHA512 vs SHA384 dependencies
...
When building SHA512 without SHA384,
there are some code paths that resulted
in unused variables or usage of undefined code.
This commit fixes that.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
e38b788b79
Add missing key exchange dependencies
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
68327748d3
Add missing dependencies
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Yanray Wang
ff4181e246
Fix build error in cmake while printing digital build version
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-18 18:20:40 +08:00
Yanray Wang
d976673dd6
Add build version to the output of ssl_client2
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-18 10:53:49 +08:00
Ronald Cron
49e4184812
Merge pull request #6299 from xkqian/tls13_add_servername_check
...
Add server name check when proposing pre-share key
2022-10-13 16:00:59 +02:00
Gilles Peskine
0fe6631486
Merge pull request #6291 from gilles-peskine-arm/platform.h-unconditional-3.2
...
Include platform.h unconditionally
2022-10-13 10:19:22 +02:00
Pol Henarejos
c9754c3ec1
Merge branch 'Mbed-TLS:development' into sha3
2022-10-13 08:28:13 +02:00
Xiaokang Qian
bc663a0461
Refine code based on commnets
...
Change code layout
Change hostname_len type to size_t
Fix various issues
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:01 +00:00
Xiaokang Qian
adf84a4a8c
Remove public api mbedtls_ssl_reset_hostname()
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:05:11 +00:00
Xiaokang Qian
fb8ac46add
Change the name of servername when re-connect
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:44 +00:00
Xiaokang Qian
281fd1bdd8
Add server name check when proposeing pre-share key
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:41 +00:00
Gilles Peskine
8fd3254cfc
Merge pull request #6374 from mprse/enc_types
...
Test TLS 1.2 builds with each encryption type
2022-10-12 12:45:50 +02:00
Jerry Yu
c79742303d
Remove unnecessary empty line and fix format issue
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-11 21:22:33 +08:00
Przemek Stekiel
d61a4d3d1a
Fix missing guard and double-space
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-11 09:40:40 +02:00
Jerry Yu
6916e70521
fix various issues
...
- adjust guards. Remove duplicate guards and adjust format.
- Return success at function end. Not `ret`
- change input len
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-10 21:33:51 +08:00
Przemek Stekiel
68a01a6720
Fix session tickets related build flags in fuzz_server and ssl_server2
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-10-10 13:30:43 +02:00
Jerry Yu
03b8f9d299
Adjust guards for dummy_tickets
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-08 14:56:38 +08:00
Jerry Yu
25ab654781
Add dummy ticket support
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-10-07 10:11:05 +08:00
Manuel Pégourié-Gonnard
e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
...
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
Paul Elliott
2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets
...
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
2022-09-23 15:48:33 +01:00
Manuel Pégourié-Gonnard
d433cd7d07
Merge pull request #6283 from mpg/driver-only-hashes-wrap-up
...
Driver only hashes wrap-up
2022-09-21 08:29:46 +02:00
Ronald Cron
50969e3af5
ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 15:57:57 +02:00
Jerry Yu
7a51305478
Add multi-session tickets test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:26:07 +08:00
Ronald Cron
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets
2022-09-18 21:18:13 +02:00
Manuel Pégourié-Gonnard
e896705c1a
Take advantage of legacy_or_psa.h being public
...
Opportunities for using the macros were spotted using:
git grep -E -n -A2 'MBEDTLS_(MD|SHA)[0-9]+_C' | egrep 'PSA_WANT_ALG_(MD|SHA)'
then manually filtering the results.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Gilles Peskine
e9b55929dc
Remove useless platform macro redefinitions: automatic part
...
Some source files had code to set mbedtls_xxx aliases when
MBEDTLS_PLATFORM_C is not defined. These aliases are defined unconditionally
by mbedtls/platform.h, so these macro definitions were redundant. Remove
them.
This commit used the following code:
```
perl -i -0777 -pe 's~#if !defined\(MBEDTLS_PLATFORM_C\)\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*#endif.*\n~~mg' $(git grep -l -F '#if !defined(MBEDTLS_PLATFORM_C)')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:34:15 +02:00
Gilles Peskine
945b23c46f
Include platform.h unconditionally: automatic part
...
We used to include platform.h only when MBEDTLS_PLATFORM_C was enabled, and
to define ad hoc replacements for mbedtls_xxx functions on a case-by-case
basis when MBEDTLS_PLATFORM_C was disabled. The only reason for this
complication was to allow building individual source modules without copying
platform.h. This is not something we support or recommend anymore, so get
rid of the complication: include platform.h unconditionally.
There should be no change in behavior since just including the header should
not change the behavior of a program.
This commit replaces most occurrences of conditional inclusion of
platform.h, using the following code:
```
perl -i -0777 -pe 's!#if.*\n#include "mbedtls/platform.h"\n(#else.*\n(#define (mbedtls|MBEDTLS)_.*\n|#include <(stdarg|stddef|stdio|stdlib|string|time)\.h>\n)*)?#endif.*!#include "mbedtls/platform.h"!mg' $(git grep -l '#include "mbedtls/platform.h"')
```
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-09-15 20:33:07 +02:00
Przemek Stekiel
632939df4b
ssl_client2: print pk key name when provided using key_opaque_algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:16:11 +02:00
Jerry Yu
4746b10c2e
fix various issues
...
- Format issues
- Possible memory leak
- Improve naming and comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 15:37:46 +08:00
Andrzej Kurek
0bc834b27f
Enable signature algorithms in ssl programs with PSA based hashes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:37:46 -04:00
Dave Rodgman
1577c548d1
Use NULL instead of 0
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-09-09 10:22:15 +01:00
Nayna Jain
106a0afc5a
pkcs7: provide fuzz harness
...
This allows for pkcs7 fuzz testing with OSS-Fuzz.
Signed-off-by: Daniel Axtens <dja@axtens.net>
Signed-off-by: Nayna Jain <nayna@linux.ibm.com>
2022-09-01 19:45:41 -05:00
Jerry Yu
0203534c64
Add session save after got new session ticket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 23:24:25 +08:00
Ronald Cron
e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation
...
TLS 1.3: SRV: Finalize external PSK negotiation
2022-08-31 17:21:57 +02:00
Andrzej Kurek
dcce505a08
Add a missing guard in an example program
...
MD variable is not used in builds without MD.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-30 17:56:08 -04:00
Manuel Pégourié-Gonnard
bf22a2500b
Merge pull request #6208 from AndrzejKurek/tls-tests-no-md-structured
...
Remove the dependency on MD from TLS 1.2 tests
2022-08-30 12:34:37 +02:00
Manuel Pégourié-Gonnard
a84ce3fa81
Merge pull request #6111 from superna9999/6101-programs-dont-build-with-libtestdriver-and-use-psa
...
Programs don't build with libtestdriver and USE_PSA
2022-08-30 12:29:01 +02:00
Dave Rodgman
c5e0a8a890
Add missing error message
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:25:45 +01:00
Dave Rodgman
64937856e0
Correct order of extended key usage attributes
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:25:45 +01:00
Dave Rodgman
18b02d35d6
Remove redundant sig_alg argument
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:25:45 +01:00
Dave Rodgman
2ee7bbd10a
Replace some constant values with sizeof
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:25:45 +01:00
Dave Rodgman
5f3f0d06e6
Address minor review comments
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:25:45 +01:00
Dave Rodgman
ec9f6b4de1
Fix minor compile errors
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:25:45 +01:00
Nicholas Wilson
99a96b1c22
Improve programs/cert_write with a way to set the signature digest
...
This is useful for generating SHA-1 and MD5 certificates for test
purposes. I guess RSA-PSS could be added too, but I don't need that
now.
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:08:43 +01:00
Nicholas Wilson
8e5bdfbbcf
Improve programs/cert_write with a way to set extended key usages
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-08-30 10:08:43 +01:00
Jerry Yu
c5a23a0f12
fix various issues
...
- code style
- variable initialize
- update comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-25 11:09:35 +08:00
Andrzej Kurek
cccb044804
Style & formatting fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:26:02 -04:00
Andrzej Kurek
8c95ac4500
Add missing dependencies / alternatives
...
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate,
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Jerry Yu
5d01c05d93
fix various issues
...
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:55:01 +08:00
Jerry Yu
2b7a51ba8f
Add psk_or_ephemeral mode and tests
...
psk_or_ephemeral exists in theory. This change is for
improving test coverage.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-21 12:51:53 +08:00
Jerry Yu
62c8763de7
Improve macro expansion help message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-11 10:18:36 +08:00
Jerry Yu
08dccc1f75
Improve help message
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-10 10:02:04 +08:00
Neil Armstrong
9bb8e0d3c5
Fix fuzz_privkey build without MBEDTLS_ENTROPY_C defined
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-08-08 13:56:13 +02:00
Jerry Yu
2fcb056ea9
Add requires_{any,all}_configs_enabled functions
...
- requires_any_configs_enabled
- requires_all_configs_enabled
- requires_any_configs_disabled
- requires_all_configs_disabled
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-31 12:23:39 +08:00
Jan Bruckner
25fdc2addb
Fix minor typos
...
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2022-07-26 10:52:46 +02:00
Jerry Yu
2b4f02d7fb
Add new_session_ticket err handler
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Paul Elliott
7adb8cbc0e
Revert "Add generated files for 3.2.0 release"
...
This reverts commit cb21f2eab3
.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 18:18:30 +01:00
Paul Elliott
cb21f2eab3
Add generated files for 3.2.0 release
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-11 13:56:01 +01:00
Ronald Cron
ce7d76e2ee
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
Paul Elliott
41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf
...
Turn off stdio buffering with setbuf()
2022-07-04 10:12:22 +01:00
Ronald Cron
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk
...
Refactor signature algorithm chooser
2022-07-04 09:10:08 +02:00
Paul Elliott
bae7a1a5a6
Merge pull request #5620 from gstrauss/dn_hints
...
Add accessors to config DN hints for cert request
2022-07-01 17:23:14 +01:00
Paul Elliott
ff15dbab4c
Make definition order a bit neater
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2022-07-01 16:30:08 +01:00
Gilles Peskine
6d576c9646
Call setbuf when reading or writing files: programs
...
After opening a file containing sensitive data, call mbedtls_setbuf() to
disable buffering. This way, we don't expose sensitive data to a memory
disclosure vulnerability in a buffer outside our control.
This commit adds a call to mbedtls_setbuf() after each call to fopen(),
but only in sample programs that were calling mbedtls_platform_zeroize().
Don't bother protecting stdio buffers in programs where application buffers
weren't protected.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-30 17:06:11 +02:00
Jerry Yu
cc5391048e
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:18:30 +08:00
Jerry Yu
202919c23d
refine supported sig alg print
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:18:29 +08:00
Jerry Yu
64f410c246
Add tls13 sig alg parameters
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:09 +08:00
Jerry Yu
a1255e6b8c
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:09 +08:00
Jerry Yu
9bb3ee436b
Revert rsa_pss_rsae_* support for tls12
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:08 +08:00
Jerry Yu
3896ac6e5b
fix ordered sig algs fail for openssl
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:06 +08:00
Jerry Yu
9f4cc5ff65
Add pss_rsae sig algs into test conf
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:13:41 +08:00
Glenn Strauss
bd10c4e2af
Test accessors to config DN hints for cert request
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-06-29 02:54:28 -04:00
Gilles Peskine
0ff241a1ea
Remove largely useless bit of test log to silence GCC 12
...
GCC 12 emits a warning because it thinks `buffer1` is used after having been
freed. The code is correct C because we're only using the value of
`(uintptr_t)buffer1`, not `buffer1`. However, we aren't using the value for
anything useful: it doesn't really matter if an alloc-free-alloc sequence
returns the same address twice. So don't print that bit of information, and
this way we don't need to save the old address.
Fixes #5974 .
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-06-25 14:29:23 +02:00
Ronald Cron
ba65fbbe30
Fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-22 17:36:12 +02:00
Ronald Cron
903c979376
programs: ssl: Add one RSA PSS signature algorithm
...
Add one RSA PSS signature algorithm to the
test list of signature algorithms. This allows
certificate chains exposing an RSA key with
signatures using SHA-1 to be used in tests
where an TLS 1.3 handshake is performed.
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-06-17 08:45:30 +02:00
Ronald Cron
4ccd226cbf
Merge pull request #5864 from xkqian/tls13_add_comprehensive_cases
...
Tls13 add comprehensive cases
2022-06-15 09:18:11 +02:00
Gilles Peskine
f940693960
Merge pull request #5725 from tom-daubney-arm/x25519_program
...
Rewrite x25519 example program
2022-05-31 11:27:22 +02:00
XiaokangQian
d5d5b60c07
Add comprehensive test cases for TLS1.3 server side
...
Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
2022-05-31 02:51:26 +00:00
Thomas Daubney
413550c529
Change memcmp call
...
Previous call used sizeof() function which is not needed.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-05-23 16:11:31 +01:00
Pol Henarejos
7dbd5d1760
Add self tests (taken from #1549 ).
...
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2022-05-20 20:42:33 +02:00
Pol Henarejos
ebb3640ada
Added SHA3 to benchmark.
...
Taken from #1549 , as it is closed.
Signed-off-by: Pol Henarejos <pol.henarejos@cttc.es>
2022-05-20 20:07:40 +02:00
Thomas Daubney
70c0088239
Change use of olen variables
...
Removed olen variable in favour of storing olens for
client and server separately.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-05-20 18:46:10 +01:00
bootstrap-prime
6dbbf44d78
Fix typos in documentation and constants with typo finding tool
...
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com>
2022-05-18 14:15:33 -04:00
Thomas Daubney
306a89094a
Add additional error checking
...
Initialise client and server secret buffers and check their
lengths.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-05-18 15:26:39 +01:00
Thomas Daubney
ec2ec42828
Fix formatting
...
Line up function parameters.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-05-18 10:23:20 +01:00
Thomas Daubney
64042b8d3d
Fix typo
...
Fix typo that was caught during review.
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2022-05-18 09:59:55 +01:00
Dave Rodgman
d87e46f3de
Merge pull request #3641 from okhowang/c99
...
Pass c99 to compiler
2022-05-12 14:01:10 +01:00
Manuel Pégourié-Gonnard
9bc53a2e84
Merge pull request #5806 from josesimoes/fix-3031
...
Remove prompt to exit in all programs
2022-05-12 10:50:31 +02:00
Andrzej Kurek
5c65c5781f
Fix additional misspellings found by codespell
...
Remaining hits seem to be hex data, certificates,
and other miscellaneous exceptions.
List generated by running codespell -w -L
keypair,Keypair,KeyPair,keyPair,ciph,nd
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-05-11 21:25:54 +01:00
Shaun Case
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
Dave Rodgman
faef649dec
Fix Ubuntu compile error in udp_proxy.c
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 19:55:45 +01:00
josesimoes
23419560c9
Remove prompt to exit in all programs
...
Signed-off-by: José Simões <jose.simoes@eclo.solutions>
2022-05-06 17:11:22 +01:00
Przemek Stekiel
cb20d202d2
Further code optimization
...
- key_opaque_set_alg_usage(): set alg/usage in loop
- key_opaque_set_alg_usage(): add key paramteter to set default alg/usage if it is not specified by command line parameters
- unify default alg/usage for client and server
- optimize opaque code on client and server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 09:34:30 +02:00
Przemek Stekiel
296bfba924
ssl_server2: add key_opaque_algs2 usage info
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 11:08:34 +02:00
Przemek Stekiel
1d25e076f3
ssl_client2: fix default key opaque algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 11:05:10 +02:00
Przemek Stekiel
488efa05b6
Fix compiler warnings: initialize local variables: psa_alg, psa_alg2, psa_usage
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
134eb8b6e2
Fix style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
092128324f
ssl_client2/ss_server2: optimize code for opaque key
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
76a41f5a52
ssl_test_lib: fix compilation flags for default config
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
e5e9ba920f
ssl_server2: refactor opaque code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
89132a6ab0
Fix call to mbedtls_pk_wrap_as_opaque(): use usage variable instead PSA_KEY_USAGE_SIGN_HASH
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
b58c47a666
ssl_server2: use key opaque algs given from command line
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
344c561292
ssl_server2: Add support for key_opaque_algs2 command line paramtere
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
a17b5c6ba2
ssl_client: use key opaque algs given from command line
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
01396a16da
ssl_test_lib: add function translate given opaque algoritms to psa
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
77fc9ab1ba
Fix typos and code style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
4ca0d72c3b
ssl server: add key_opaque_algs command line option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
f1822febc4
ssl client: add key_opaque_algs command line option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
85d692d1c4
ssl client/server: add parsing function for key_opaque_algs command line option
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Manuel Pégourié-Gonnard
068a13d909
Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque
...
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
2022-05-02 09:06:49 +02:00
Manuel Pégourié-Gonnard
67397fa4fd
Merge pull request #5704 from mprse/mixed_psk_2cx
...
Mixed PSK 2a, 2b, 2c: enable client/server support opaque RSA-PSK, ECDHE-PSK, DHE-PSK
2022-04-29 10:47:16 +02:00
Neil Armstrong
94e371af91
Update mbedtls_pk_wrap_as_opaque() usage in SSL client2 & server2
...
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-28 13:27:59 +02:00
Gilles Peskine
72b99edf31
Merge pull request #5381 from mpg/benchmark-ecc-heap
...
Improve benchmarking of ECC heap usage
2022-04-22 16:43:11 +02:00
Przemek Stekiel
cb322eac6b
Enable support for psa opaque DHE-PSK key exchange on the server side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
b293aaa61b
Enable support for psa opaque DHE-PSK key exchange on the client side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
14d11b0877
Enable support for psa opaque ECDHE-PSK key exchange on the server side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:53:55 +02:00
Przemek Stekiel
19b80f8151
Enable support for psa opaque ECDHE-PSK key exchange on the client side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
aeb710fec5
Enable support for psa opaque RSA-PSK key exchange on the server side
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
fc72e428ed
ssl_client2: Enable support for TLS 1.2 RSA-PSK opaque ciphersuite
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:27 +02:00
Martin Storsjö
5c1479d04a
Use QueryPerformanceCounter as fallback timer on non-x86 mingw
...
The QueryPerformanceCounter implementation previously was within
defined(_MSC_VER), but it works just as well on other Windows
toolchains, like mingw.
For most common mingw x86 build configurations, one of the earlier
inline assembly implementations would end up used, but for non-x86
(arm, aarch64), it would end up falling back on the gettimeofday
implementation.
This implementation did build successfully (as mingw toolchains do
provide gettimeofday, contrary to MSVC), but the header providing
gettimeofday, <sys/time.h>, wasn't ever included when building
targeting Windows - thus the function was called without a proper
declaration.
Clang 15 changes such implicit function declarations into a hard
error by default, when building in C99 mode (or newer) [1].
(While Clang 15 still is under development, this may still change
before it's released, but it's a valid issue in any case.)
[1] 7d644e1215
Signed-off-by: Martin Storsjö <martin@martin.st>
2022-04-22 13:12:52 +03:00
Ronald Cron
38b8aa4f63
Merge pull request #5539 from xkqian/add_client_hello_to_server
...
Add client hello into server side
2022-04-22 10:26:00 +02:00