mbedtls

Author	SHA1	Message	Date
Glenn Strauss	e328245618	Add test case use of mbedtls_ssl_ticket_rotate Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-02-09 14:33:16 -05:00
Manuel Pégourié-Gonnard	6f20595b6e	Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity Clarify key types message from ssl_client2 and ssl_server2	2022-02-03 11:33:03 +01:00
Manuel Pégourié-Gonnard	1ab2d6966c	Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs Resolve problems with reduced configs using USE_PSA_CRYPTO	2022-02-02 10:20:26 +01:00
Gilles Peskine	cc50f1be43	Fix copypasta Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-31 22:53:30 +01:00
Gilles Peskine	05bf89da34	Clarify key types message from ssl_client2 and ssl_server2 If no key is loaded in a slot, say "none", not "invalid PK". When listing two key types, use punctuation that's visibly a sequence separator (","). Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2022-01-25 17:50:25 +01:00
Jerry Yu	11f0a9c2c4	fix deprecated-declarations error replace sig_hashes with sig_alg Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-01-25 12:46:17 +08:00
Manuel Pégourié-Gonnard	fcca7cfa97	Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite Add accessors for ciphersuite info	2022-01-24 11:13:31 +01:00
Manuel Pégourié-Gonnard	ff743a7f38	Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets TLS Cipher 1a: extend testing of tickets	2022-01-24 10:25:29 +01:00
Glenn Strauss	6eef56392a	Add tests for accessors for ciphersuite info Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>	2022-01-23 08:37:02 -05:00
Andrzej Kurek	7a58d5283b	Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED Fix dependencies across test ssl programs. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-19 12:34:02 -05:00
Gabor Mezei	d4bea1efd5	Add ticket_aead option for ssl_server2 The ticket_aead option allows to specify the session ticket protection. Signed-off-by: Gabor Mezei <gabor.mezei@arm.com>	2022-01-12 16:21:15 +01:00
Andrzej Kurek	03e01461ad	Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO Fix library references, tests and programs. Testing is performed in the already present all.sh test. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-01-03 12:53:24 +01:00
Ronald Cron	6f135e1148	Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3 As we have now a minimal viable implementation of TLS 1.3, let's remove EXPERIMENTAL from the config option enabling it. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2021-12-10 13:47:55 +01:00
Xiaofei Bai	d25fab6f79	Update based on comments Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-12-02 06:36:27 +00:00
Xiaofei Bai	746f9481ea	Fix 1_3/13 usages in macros and function names Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com>	2021-11-26 08:08:36 +00:00
paul-elliott-arm	61f797adfd	Merge pull request #5111 from mprse/aps_mem_leak ssl_client2, ssl_server2: add check for psa memory leaks	2021-11-17 11:54:44 +00:00
Przemyslaw Stekiel	d6914e3196	ssl_client2/ssl_server2: Rework ordering of cleanup Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-11-10 10:46:11 +01:00
Przemyslaw Stekiel	53de2622f3	Move psa_crypto_slot_management.h out from psa_crypto_helpers.h Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-11-03 09:35:35 +01:00
Przemyslaw Stekiel	bbb22bbd9e	ssl_client2/ssl_server2: Move is_psa_leaking() before mbedtls_psa_crypto_free() (and rng_free()) Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-11-03 09:06:09 +01:00
Manuel Pégourié-Gonnard	0dbe1dfa1c	Merge pull request #4859 from brett-warren-arm/supported_groups Add mbedtls_ssl_conf_groups to API	2021-11-02 10:49:09 +01:00
Brett Warren	25386b7652	Refactor ssl_{server2,client2} for NamedGroup IDs Signed-off-by: Brett Warren <brett.warren@arm.com>	2021-10-29 14:07:46 +01:00
Przemyslaw Stekiel	fed825a9aa	ssl_client2, ssl_server2: add check for psa memory leaks Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-29 12:32:26 +02:00
Manuel Pégourié-Gonnard	9317e09d15	Merge pull request #5007 from mprse/pk_opaque Add key_opaque option to ssl_server2.c + test	2021-10-27 10:52:13 +02:00
Przemyslaw Stekiel	c2d2f217fb	ssl_client2/ssl_server_2: use PSA_ALG_ANY_HASH as algorithm for opaque key Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-26 12:24:34 +02:00
Przemyslaw Stekiel	8132c2ff46	Address review comments Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-21 12:26:58 +02:00
Przemyslaw Stekiel	db0ed7c579	ssl_server2.c: fix build err (key_slot - unused variable) Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-07 15:11:43 +02:00
Przemyslaw Stekiel	0483e3d652	Add key_opaque option to ssl_server2.c + test Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>	2021-10-04 11:28:22 +02:00
Andrzej Kurek	5902cd64e2	Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on This option only gated an ability to set a callback, but was deemed unnecessary as it was yet another define to remember when writing tests, or test configurations. Fixes #4653. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2021-09-29 10:15:42 -04:00
Manuel Pégourié-Gonnard	e45ee40f7e	Merge pull request #4811 from hanno-arm/tls13_ciphersuite_api Add TLS 1.3 ciphersuite and key exchange identifiers and API	2021-08-30 09:47:46 +02:00
Jerry Yu	31c01d303e	Rename available values for tls13_kex_modes Rename `psk_pure` to `psk` and `ephemeral_pure` to `ephemeral` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-25 18:13:53 +08:00
Jerry Yu	447a3bee17	fix wrong typo and format issues Change-Id: I99a4c7d28c26bfcc43bc8947485d1dfafb6974dc Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-18 09:55:36 +08:00
Jerry Yu	7276f13c93	fix comments for sig_algs parser Change-Id: I68bd691c4b67fb18ff9d55ead34f5517b1b981de Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-17 18:25:57 +08:00
Hanno Becker	a9e4e6fd6f	ssl_server2: Add usage string for TLS 1.3 key exchange modes Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-08-12 06:31:52 +01:00
Hanno Becker	2c0f697fbc	Support TLS 1.3 key exchange config in ssl_client2/ssl_server2 Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-08-12 06:31:14 +01:00
Hanno Becker	11ceadd382	Add cmdline param for TLS 1.3 sig alg config to ssl_{client,server}2 Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-08-10 13:55:46 +01:00
Jerry Yu	2a572cf376	Move socket setup behind ssl structure setup. If socket setup fail, ssl structure setup won't be called. And the order of them do not affect final result, but it will break ssl setup negative tests. Change the order can fix that. issue: #4844 Change-Id: I2488ed5f74773421eb1eac0cfd7f1ce4fbb0b32d Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-09 18:57:24 +08:00
Jerry Yu	b1dc59a125	Add tls1.3 parameters to ssl_{client,server2} To support tls1.3 relative tests, add `tls1_3` parameter for `{min,max}_version` and `force_version` issues: #4844 Change-Id: I1b22a076582374b8aabc733086562e9d03a94a2a Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2021-08-09 18:57:24 +08:00
Gilles Peskine	f00f152444	Add output size parameter to signature functions The functions mbedtls_pk_sign(), mbedtls_pk_sign_restartable(), mbedtls_ecdsa_write_signature() and mbedtls_ecdsa_write_signature_restartable() now take an extra parameter indicating the size of the output buffer for the signature. No change to RSA because for RSA, the output size is trivial to calculate. Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>	2021-06-25 00:46:22 +02:00
Gilles Peskine	e9bc857327	Merge pull request #4552 from hanno-arm/mbedtls_3_0_key_export Implement modified key export API for Mbed TLS 3.0	2021-06-22 18:52:37 +02:00
Manuel Pégourié-Gonnard	508d3a5824	Merge pull request #4664 from tom-daubney-arm/rm_truncated_HMAC_ext Remove truncated HMAC extension	2021-06-22 11:53:10 +02:00
Hanno Becker	7e6c178b6d	Make key export callback and context connection-specific Fixes #2188 Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Hanno Becker	c4c38caca5	Adjust example programs to new key export API Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Hanno Becker	2d6e6f8fec	Remove '_ext' suffix from SSL key exporter API Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-18 18:40:19 +01:00
Manuel Pégourié-Gonnard	6f19ce317b	Fix async support in ssl_server2 Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-17 09:41:00 +02:00
Manuel Pégourié-Gonnard	1503a9adab	Use a proper DRBG in programs Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-17 09:40:15 +02:00
Manuel Pégourié-Gonnard	84dea01f36	Add RNG params to private key parsing This is necessary for the case where the public part of an EC keypair needs to be computed from the private part - either because it was not included (it's an optional component) or because it was compressed (a format we can't parse). This changes the API of two public functions: mbedtls_pk_parse_key() and mbedtls_pk_parse_keyfile(). Tests and programs have been adapted. Some programs use a non-secure RNG (from the test library) just to get things to compile and run; in a future commit this should be improved in order to demonstrate best practice. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2021-06-17 09:38:38 +02:00
Thomas Daubney	22989d027a	Removes MBEDTLS_SSL_TRUNCATED_HMAC code from ssl programs Commit removes code dependent on MBEDTLS_SSL_TRUNCATED_HMAC from SSL client and sever example programs. Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>	2021-06-16 16:19:53 +01:00
Ronald Cron	c4c761e35e	Merge remote-tracking branch 'mbedtls/development' into mbedtls_private_with_python Conflicts: include/mbedtls/ssl.h include/psa/crypto_struct.h Conflicts fixed by using the code from development branch and manually re-applying the MBEDTLS_PRIVATE wrapping.	2021-06-14 16:17:32 +02:00
Manuel Pégourié-Gonnard	16fdab79a5	Merge pull request #4382 from hanno-arm/max_record_payload_api Remove MFL query API and add API for maximum plaintext size of incoming records	2021-06-08 11:07:27 +02:00
Hanno Becker	59d3670fa5	Fix ssl-opt.sh test cases grepping for MFL configuration output Use and grep for the new max in/out record payload length API instead. Signed-off-by: Hanno Becker <hanno.becker@arm.com>	2021-06-08 05:35:29 +01:00

1 2 3 4 5 ...

543 commits