Benson Liou
6d0a093582
use mbedtls_ssl_session_init() to init session variable
...
Use mbedtls_ssl_session_init() to init variable just like
session-family APIs described
Signed-off-by: Benson Liou <benson.liou@sony.com>
2023-12-27 22:03:24 +08:00
Gilles Peskine
9552a52f5f
Declare dependency on bignum in sample programs
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-24 19:51:57 +01:00
Gilles Peskine
52cc2a6368
Use new mbedtls_ecp_keypair functions in sample programs
...
This eliminates the use of MBEDTLS_PRIVATE in sample programs to access
fields of an mbedtls_ecp_keypair structure.
When displaying elliptic curve points, the program now display the
coordinates in the standard form instead of the internal representation.
The auxiliary function show_ecp_key is present in three programs. It's more
complex than the previous code which was also triplicated. There's no good
place for such auxiliary functions that don't belong in the library and are
used in multiple sample programs.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-24 19:49:43 +01:00
Gilles Peskine
4392fc101f
Unify some common rules of programs/Makefile and tests/Makefile
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-22 11:49:35 +01:00
Gilles Peskine
076fd25480
Unify common variables of programs/Makefile and tests/Makefile
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-22 11:48:56 +01:00
Gilles Peskine
f3d1ae1f05
Create common.make with LOCAL_CFLAGS and friends
...
Create a common.make for definitions that are shared between tests/Makefile
and programs/Makefile, to facilitate maintenance. Start populating it with
CFLAGS/LDFLAGS variables. More to follow in subsequent commits.
Keep library/Makefile independent, at least for the time being.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-22 11:48:56 +01:00
Gilles Peskine
f5c5ce7789
Partly unify LOCAL_CFLAGS
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-22 11:48:56 +01:00
Gilles Peskine
4ad5733836
Unify treatment of MBEDTLS_TEST_OBJS
...
Unify the treatment of MBEDTLS_TEST_OBJS between programs/Makefile and
tests/Makefile: include it via LOCAL_LD_FLAGS in both cases. Document why
the definition of MBEDTLS_TEST_OBJS is different.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-22 11:48:56 +01:00
Gilles Peskine
afccc1a6d5
Indent nested conditionals
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-12-22 11:48:52 +01:00
Paul Elliott
e4b3f75298
Remove unnecessary check
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-12-18 14:49:34 +00:00
Paul Elliott
79dc6dad81
Improve make pthread linking mechanism
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-12-18 14:49:34 +00:00
Paul Elliott
80fa88e2fa
Remove warning with GCC 12 and TSan
...
Compiler is unhappy that the return from mbedtls_cipher_get_name() could
be NULL as this is used in a printf statement.
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-12-18 14:49:34 +00:00
Bence Szépkúti
a085fa8ccf
Merge pull request #8627 from tom-cosgrove-arm/ip_len
...
Avoid use of `ip_len` as it clashes with a macro in AIX system headers
2023-12-18 02:03:17 +00:00
Gilles Peskine
a211bb7f01
Merge pull request #8596 from xkqian/tls13_early_data_input_file
...
Change early data flag to input file
2023-12-11 21:14:57 +00:00
Xiaokang Qian
a9581d2d5f
Fix CI failure of uninitialized fp
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-11 01:50:34 +00:00
Tom Cosgrove
656d4b3c74
Avoid use of ip_len
as it clashes with a macro in AIX system headers
...
Fixes #8624
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
2023-12-08 21:51:15 +00:00
Xiaokang Qian
aedfc0932b
Revert to ae952174a7
and addressing some comments
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-08 10:43:24 +00:00
David Horstmann
64cd2f21ed
Fix potential double-free in calloc selftest
...
Where calloc returns two references to the same buffer, avoid calling
free() on both references by setting one to NULL.
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-12-07 14:26:44 +00:00
Ronald Cron
90d07118ad
Merge pull request #6721 from yuhaoth/pr/tls13-early-data-extension-of-nst
...
TLS 1.3: EarlyData SRV: Write `early_data` extension of NewSessionTicket
2023-12-07 09:25:35 +00:00
Xiaokang Qian
963468035d
Add the test framework of early data
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 09:19:43 +00:00
Xiaokang Qian
daddfb520d
Open the file once read in the file path
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 08:14:30 +00:00
Xiaokang Qian
35c026c09e
Read early data file
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 06:10:34 +00:00
Xiaokang Qian
2a8035b495
Add read early data code
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 03:54:40 +00:00
Xiaokang Qian
57db590586
Rework to revert the early_data enabled flag
...
We have two options for early data.
early_data to indicate early data enable or not.
early_data_file to provide path file to read early data from
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 03:29:22 +00:00
Jan Bruckner
f482dcc6c7
Comply with the received Record Size Limit extension
...
Fixes #7010
Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-12-06 15:18:08 +00:00
Manuel Pégourié-Gonnard
d9c69d12ac
Merge pull request #8513 from mschulz-at-hilscher/feature/explicitly-accessing-private-fields-in-benchmark
...
Explicitly accessing private fields in benchmark
2023-12-06 11:06:32 +00:00
Xiaokang Qian
ae952174a7
Enable early data depend on whether the early data file exist
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 10:27:27 +00:00
Jerry Yu
750e06743f
remove misbehavior tests and code
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:22:15 +08:00
Jerry Yu
ea96ac3da9
fix various issues
...
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:37 +08:00
Jerry Yu
3c2b21ed0e
Enable multi max_early_data_size value for connections
...
For test purpose, we set different value for each
session
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:56 +08:00
Xiaokang Qian
611c717c02
Sync the early_data option with internal parameters in ssl_client2
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 09:24:58 +00:00
Xiaokang Qian
f8fe11d14d
Remove the generic file read functions and simply the early data read
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 07:40:50 +00:00
Xiaokang Qian
eaebedb30b
Refine the detect code to enable early data or not
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 02:55:16 +00:00
Xiaokang Qian
b1db72923e
Rename the generic read functions to ssl_read_file_text
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 02:33:38 +00:00
Xiaokang Qian
6c678d7543
Improve the comments of early data input
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 02:20:51 +00:00
Xiaokang Qian
70fbdcf904
Change early data flag to input file
...
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-05 05:50:08 +00:00
Janos Follath
c6f1637f8c
Merge pull request #8534 from paul-elliott-arm/fix_mutex_abstraction
...
Make mutex abstraction and tests thread safe
2023-11-29 13:26:23 +00:00
Tom Cosgrove
12d8b8eaba
Merge pull request #8539 from tom-daubney-arm/add_test_script_psa_hash
...
Add Demo Script for PSA Hash Program
2023-11-27 12:13:18 +00:00
Paul Elliott
f25d831123
Ensure mutex test mutex gets free'd
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-11-23 18:49:43 +00:00
Dave Rodgman
8cd4bc4ac2
Merge pull request #8124 from yanrayw/support_cipher_encrypt_only
...
Support the negative option MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
2023-11-23 17:43:00 +00:00
Paul Elliott
2e3f6902ed
Merge pull request #8549 from gilles-peskine-arm/metatest-gcc-12
...
Fix metatest.c with gcc-12 -Wuse-after-free
2023-11-23 11:09:41 +00:00
Yanray Wang
690ee81533
Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
2023-11-23 10:31:26 +08:00
Gilles Peskine
7a715c4537
Fix the build with gcc-12 -Wuse-after-free
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-21 13:42:40 +01:00
Jerry Yu
713ce1f889
various improvement
...
- improve change log entry
- improve comments
- remove unnecessary statement
- change type of client_age
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:25 +08:00
Jerry Yu
cf9135100e
fix various issues
...
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
25ba4d40ef
rename ticket_creation
to ticket_creation_time
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
Jerry Yu
3ff0b1fda3
Cleanup ticket negative tests.
...
- improve comments
- case 3/4 is for server age check.
- case 5/6 is for client age check
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
ec6d07870d
Replace start
with ticket_creation
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
f16efbc78d
fix various issues
...
- Add comments for ticket test hooks
- improve code style.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Jerry Yu
cebffc3446
change time unit of ticket to milliseconds
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
Gilles Peskine
6267dd59c8
Merge pull request #8463 from gilles-peskine-arm/metatest-create
...
Create a metatest program
2023-11-20 14:07:08 +00:00
Thomas Daubney
dd2a09a22b
Introduce demo script for PSA hash program
...
Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
2023-11-16 18:45:55 +00:00
Matthias Schulz
70595f7983
Explicitly indicating when private fields are accessed in benchmark.c.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-16 17:43:58 +01:00
Matthias Schulz
3b9240bbd0
Alternative Timing compatible benchmark.c
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-16 17:39:43 +01:00
Matthias Schulz
aa7dffa24a
Add benchmark for RSA 3072.
...
Signed-off-by: Matthias Schulz <mschulz@hilscher.com>
2023-11-16 15:31:32 +01:00
Gilles Peskine
2f40cc05f0
Improve explanations of what bad thing a metatest does
...
Especially clarify the situation with respect to mutex usage.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-16 15:13:38 +01:00
Gilles Peskine
ad2a17eb60
Uniformly use MBEDTLS_THREADING_C guards
...
Since the code compiles with MBEDTLS_THREADING_C, not just with
MBEDTLS_THREADING_PTHREAD, use MBEDTLS_THREADING_C as the guard. The runtime
behavior is only as desired under certain conditions that imply
MBEDTLS_THREADING_PTHREAD, but that's fine: no metatest is expected to pass
in all scenarios, only under specific build- and run-time conditions.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-16 15:09:48 +01:00
Manuel Pégourié-Gonnard
752dd39a69
Merge pull request #8508 from valeriosetti/issue6323
...
[G3] Driver-only cipher+aead: TLS: ssl-opt.sh
2023-11-14 11:39:06 +00:00
Gilles Peskine
cce0012463
Add documentation
...
Explain the goals of metatests, how to write them, and how to read their
output.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-10 15:36:15 +01:00
Gilles Peskine
ccb121500d
Uninitialized read: make the pointer non-volatile rather than the buffer
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-10 11:35:36 +01:00
Gilles Peskine
da6e7a2ac2
More consistent usage of volatile
...
Fix MSVC warning C4090.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-10 10:09:27 +01:00
Valerio Setti
38e75fb1a7
ssl_server2: remove usage of mbedtls_cipher_info_from_string()
...
This removes the dependency from cipher module and legacy key/modes
symbols which are used in cipher_wrap.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:27:39 +01:00
Gilles Peskine
d2fa698155
Strengthen against possible compiler optimizations
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-09 21:46:24 +01:00
Yanray Wang
0751761b49
max_early_data_size: rename configuration function
...
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:34 +08:00
Yanray Wang
d5ed36ff24
early data: rename configuration function
...
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:24 +08:00
Gilles Peskine
a1023e2bd6
programs/test/metatest indirectly includes library/common.h
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
4bc873f0a1
Add missing program to .gitignore
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
102aea2ba8
Add metatests for mutex usage
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
f0d5cf9a0c
Don't use %llx in printf
...
We still do MinGW builds on our CI whose printf doesn't support it!
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
a1dfa14c06
Fix cast from pointer to integer of different size
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
ee8109541a
Don't cast a function pointer to a data pointer
...
That's nonstandard. Instead, convert to an integer.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
6aa9f32124
Use casts when doing nonstandard pointer conversions
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
69e8db0366
Strengthen against Clang optimizations
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
b0f0a64de0
Metatests for basic Asan and Msan features
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:19 +01:00
Gilles Peskine
80ba832be6
Metatests for null pointer dereference
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:09 +01:00
Gilles Peskine
f309fbf0d5
Validate that test_fail causes a test failure
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:09 +01:00
Gilles Peskine
33406b645d
Add a metatest program
...
This program can be used to validate that things that should be detected as
test failures are indeed caught, either by setting the test result to
MBEDTLS_TEST_RESULT_FAILED or by aborting the program.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-11-06 20:33:09 +01:00
Yanray Wang
f24bbd987a
dh_client.c: modify prompt message
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-06 10:02:10 +08:00
Gilles Peskine
8b6b41f6cd
Merge pull request #8434 from valeriosetti/issue8407
...
[G2] Make TLS work without Cipher
2023-11-04 15:05:00 +00:00
Dave Rodgman
f8be5f6ade
Fix overlooked files
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 20:43:00 +00:00
Dave Rodgman
16799db69a
update headers
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
Valerio Setti
74d48c89fa
ssl_server2: small improvement of code readability
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-02 16:43:55 +01:00
Yanray Wang
b67b47425e
Rename MBEDTLS_CIPHER_ENCRYPT_ONLY as MBEDTLS_BLOCK_CIPHER_NO_DECRYPT
...
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-10-31 17:22:06 +08:00
Paul Elliott
afc6a992c5
Merge pull request #8381 from gilles-peskine-arm/20231017-misc-cleanup
...
Cleanups in test code
2023-10-30 18:08:01 +00:00
Valerio Setti
dc55470341
ssl_context_info: add guards for CIPHER_C
...
mbedtls_cipher_info_from_type() is only available when CIPHER_C is
defined. So when it is not we just print the cipher type decimal
value on the output instead of the cipher's name.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Valerio Setti
bdf04e840a
ssl_server2: support ticket_aead only when CIPHER_C is defined
...
Cipher parsing requires mbedtls_cipher_info_from_string() which
depends on CIPHER_C.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
Gilles Peskine
5d055f8206
Merge pull request #7844 from mpg/ssl-progs-usage
...
Fix usage & error reporting in SSL programs
2023-10-26 08:19:25 +00:00
Gilles Peskine
0ea1b8fe8c
Merge pull request #7982 from gilles-peskine-arm/sample_program_demo_scripts-3.4
...
Run sample program demo scripts in all.sh
2023-10-18 10:03:52 +00:00
Gilles Peskine
62418dd20b
Merge pull request #8350 from waleed-elmelegy-arm/fix-null-dereference-in-x509-cert-write
...
Fix possible NULL dereference issue in X509 cert_write program
2023-10-18 10:03:36 +00:00
Paul Elliott
d44ee9e6d1
Merge pull request #8351 from waleed-elmelegy-arm/fix-null-dereference-in-x509-cert-req
...
Fix possible NULL dereference issue in X509 cert_req program
2023-10-18 09:01:31 +00:00
Gilles Peskine
a0e810de4b
Convey that it's ok for mbedtls_ssl_session_save to fail
...
mbedtls_ssl_session_save() always outputs the output length, even on error.
Here, we're only calling it to get the needed output length, so it's ok to
ignore the return value. Convey this to linters.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-17 16:04:27 +02:00
David Horstmann
9534dfd15b
Reword error message on format of SAN arguments
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-10-17 14:59:31 +01:00
David Horstmann
4a493b267f
Reword error message on format of SAN arguments
...
Signed-off-by: David Horstmann <david.horstmann@arm.com>
2023-10-17 14:57:23 +01:00
Yanray Wang
aa01ee303a
Merge remote-tracking branch 'origin/development' into support_cipher_encrypt_only
2023-10-16 17:38:32 +08:00
Gilles Peskine
28b56335bb
Merge pull request #7942 from tom-daubney-arm/psa_crypto_example_hash
...
Add example program for PSA hash
2023-10-13 15:22:58 +00:00
Waleed Elmelegy
5867465e90
Fix code style issue in cert_write program
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-10-13 10:03:12 +01:00
Waleed Elmelegy
eade3fedb2
Fix code style issue in cert_req program
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-10-13 09:59:19 +01:00
Waleed Elmelegy
ac97af223e
Fix possible NULL dereference issue in X509 cert_req program
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-10-12 15:46:06 +01:00
Waleed Elmelegy
1444c0eb20
Add changelog entry for x509 cert_write null dereference fix
...
Also fix a typo in cert_write.c
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-10-12 14:31:06 +01:00
Waleed Elmelegy
476c1198e8
Fix possible NULL dereference issue in X509 cert_write program
...
Signed-off-by: Waleed Elmelegy <waleed.elmelegy@arm.com>
2023-10-12 14:19:25 +01:00