Tom Cosgrove
de85725507
Don't use cast-assignment in ssl_server.c
...
Would have used mbedtls_put_unaligned_uint32(), but alignment.h is in library/.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-02-03 16:38:05 +00:00
Dave Rodgman
6dd757a8ba
Fix use of sizeof without brackets
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-02-02 12:40:50 +00:00
Manuel Pégourié-Gonnard
aae61257d1
Merge pull request #6883 from valeriosetti/issue6843
...
Improve X.509 cert writing serial number management
2023-01-30 13:08:57 +01:00
Valerio Setti
af4815c6a4
x509: replace/fix name of new function for setting serial
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-01-26 17:43:09 +01:00
Pengyu Lv
e2f1dbf5ae
update docs of ssl_client2 and improve code format
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-16 12:38:12 +08:00
Pengyu Lv
302feb3955
add cases to test session resumption with different ticket_flags
...
This commit add test cases to test if the check of kex change mode
in SessionTicket works well.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-01-13 11:05:56 +08:00
Valerio Setti
48fdbb3940
programs: cert_write: fixed bug in parsing dec serial
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
791bbe629d
programs: improved cert_write serial management
...
Now it can accept serial both as decimal and hex number (only one format
at a time, of course, not simultaneously).
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:45 +01:00
Valerio Setti
acf12fb744
x509: fix endianness and input data format for x509write_crt_set_serial_new
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
5d164c4e23
fix: add missing deprecation guards
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Valerio Setti
da0afcc2fb
x509: remove direct dependency from BIGNUM_C
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2023-01-12 17:01:44 +01:00
Gilles Peskine
449bd8303e
Switch to the new code style
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-01-11 14:50:10 +01:00
Jerry Yu
a15af37867
Change time resolution of reco_delay from second to millionseconds
...
Per gnutls anti replay issue, it needs millionsecond time delay for
improve the fail rate.
From test result of #6712 , this can improve the fail rate from 4%
to 92%.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-01-07 13:01:42 +08:00
David Horstmann
e3d8f31ba1
Workaround Uncrustify parsing of "asm"
...
The following code:
#ifndef asm
#define asm __asm
#endif
causes Uncrustify to stop correcting the rest of the file. This may be
due to parsing the "asm" keyword in the definition.
Work around this by wrapping the idiom in an *INDENT-OFF* comment
wherever it appears.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-01-03 11:07:09 +00:00
Manuel Pégourié-Gonnard
7a389ddc84
Merge pull request #6784 from valeriosetti/issue6702
...
Make SHA224_C/SHA384_C independent from SHA256_C/SHA512_C
2023-01-03 09:36:58 +01:00
Valerio Setti
d10e0a6341
sha: fix minor issues/typos
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-22 14:25:26 +01:00
Dave Rodgman
2038da9266
Merge pull request #6826 from daverodgman/fix_gettimeofday
...
Fix gettimeofday overflow
2022-12-20 16:01:53 +00:00
Dave Rodgman
7796cc4f24
Fix overflow in mbedtls_timing_hardclock
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-12-20 13:12:23 +00:00
Valerio Setti
e7221a21ad
test: adjust depends.py to new SHA224/SHA384 changes
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-16 14:43:48 +01:00
Gilles Peskine
6b21820bd3
Merge pull request #6687 from gilles-peskine-arm/fuzz-cflags
...
programs/fuzz: set sensible default CFLAGS
2022-12-15 19:47:22 +01:00
Manuel Pégourié-Gonnard
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
...
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
Valerio Setti
46e8fd8263
test: sha: test SHA224 and SHA256 separately
...
This is meant to adapt to the new library design in which
SHA224 and SHA256 can be built independently from each other.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 10:58:02 +01:00
Valerio Setti
898e7a3afe
test: sha: test SHA384 and SHA512 separately
...
This is meant to adapt to the new library design in which
SHA384 and SHA512 can be built independently from each other.
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-14 10:50:54 +01:00
Manuel Pégourié-Gonnard
ebf322ddf6
Merge pull request #6629 from concatime/cmake-config-dir
...
Install CMake files in MbedTLS dir
2022-12-14 10:30:52 +01:00
Valerio Setti
d75c5c4405
test: pake: fail in case the opaque key is destroyed unexpectedly
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-13 11:51:32 +01:00
Valerio Setti
785116a5be
test: pake: modify opaque key verification before destruction
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-12 11:59:25 +01:00
Manuel Pégourié-Gonnard
1a100b69a4
Merge pull request #6705 from davidhorstmann-arm/code-style-script-non-corrected
...
Add code style correction script
2022-12-09 09:41:14 +01:00
Valerio Setti
eb3f788b03
tls: pake: do not destroy password key in TLS
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-08 18:42:58 +01:00
Valerio Setti
d5fa0bfb85
test: pake: check psa key validity before destroying it
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-07 16:02:42 +01:00
Ronald Cron
fbba0e9d75
Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface
...
TLS 1.3: Refactor early data configuration interface.
2022-12-07 09:42:12 +01:00
Jerry Yu
d146a37d56
Change the definition of max_early_data_size argument.
...
`conf_max_early_data_size` does not reuse as en/disable. When
call it, we should call `conf_early_data()` also.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 14:56:54 +08:00
Jerry Yu
2c93fc1544
Revert "Add reco_debug_level to reduce debug output"
...
This reverts commit a6934776c9
.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-06 11:05:54 +08:00
Jerry Yu
54dfcb7794
fix comments and debug info issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-05 15:43:09 +08:00
Tom Cosgrove
1797b05602
Fix typos prior to release
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2022-12-04 17:19:59 +00:00
Issam E. Maghni
760f3a0a48
Install CMake files in MbedTLS dir
...
Right now, CMake files are installed in <prefix>/cmake. That being said,
it gets easily bloated, and the standard is to use a directory with the
same name as the project.
I discovered this issue with this "bug":
https://github.com/termux/termux-packages/issues/12416
The issue's author claimed that MbedTLS's files were not installed in
the lib directory. But the patch applied by termux team broke CMake's
search of MbedTLS config files. So I wanted to upstream the real fix
here instead.
Here are some examples of projects using directories:
- https://github.com/xiph/flac/blob/1.4.2/CMakeLists.txt#L239
- https://gitlab.freedesktop.org/dbus/dbus/-/blob/dbus-1.15.2/CMakeLists.txt#L675
- https://github.com/catchorg/Catch2/blob/v3.2.0/CMakeLists.txt#L62
- https://github.com/capnproto/capnproto/blob/v0.10.2/c++/CMakeLists.txt#L162
Signed-off-by: Issam E. Maghni <issam.e.maghni@mailbox.org>
2022-12-04 03:00:38 +00:00
Valerio Setti
d6feb20869
test: pake: allow opaque password only when USE_PSA is enabled
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-12-02 14:28:49 +01:00
Jerry Yu
7854a4e019
Add max_early_data_size option for ssl_sever2
...
- to set max_early_data_set
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Jerry Yu
a6934776c9
Add reco_debug_level to reduce debug output
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-12-01 23:11:48 +08:00
Valerio Setti
661b9bca75
test: psa_pake: add specific log message for the opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 17:28:17 +01:00
Valerio Setti
77e8315f5b
fix formatting and typos
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 17:28:04 +01:00
Gilles Peskine
9ec14f6dcb
programs/fuzz: set sensible default CFLAGS
...
Running make from programs/fuzz didn't set any optimization flags (running
make from programs or from the root inherited the parent's optimization
flags). Default to -O2.
There were no -W flags. Default to -Wall -Wextra, but not -Werror in line
with the other makefiles.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2022-11-29 17:23:19 +01:00
Valerio Setti
d572a82df9
tls: psa_pake: add test for opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
2022-11-29 11:30:56 +01:00
Bence Szépkúti
a17d038ee1
Merge branch 'development' into pr3431
2022-11-22 15:54:52 +01:00
Ronald Cron
d12922a69a
Merge pull request #6486 from xkqian/tls13_add_early_data_indication
...
The merge job of the internal CI ran successfully. This is good to go.
2022-11-17 12:48:50 +01:00
Gilles Peskine
32605b24be
Merge pull request #6559 from ihsinme/patch-1
...
dh_genprime: Fix issue where the error code returned by mbedtls_mpi_write_file() is incorrectly reported on failure
2022-11-15 12:38:41 +01:00
Xiaokang Qian
2cd5ce0c6b
Fix various issues cause rebase to latest code
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 10:33:53 +00:00
Xiaokang Qian
9a0aafbe79
Enable/disable MBEDTLS_SSL_EARLY_DATA for cases in ssl-opt.sh
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-15 02:49:46 +00:00
David Horstmann
5b98d73864
Linewrap for the benefit of Uncrustify
...
The last line of programs/psa/key_ladder_demo.c is of the following
form:
#endif /* Very long comment ... */
Uncrustify tries to reduce the length:
#endif \
/* Very long comment ... */
and causes a compiler error as there is a continuation line with no
actual code in it. Work around this by linewrapping the comment
in advance.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2022-11-14 12:10:37 +00:00
Xiaokang Qian
0e97d4d16d
Add early data indication to client side
...
Add fields to mbedtls_ssl_context
Add write early data indication function
Add check whether write early data indication
Add early data option to ssl_client2
Add test cases for early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-11-14 03:13:50 +00:00
Gilles Peskine
fd7aa13671
Merge pull request #6436 from yanrayw/ssl_client2-add-build-version
...
Add build version to the output of ssl_client2 and ssl_server2
2022-11-10 14:39:38 +01:00