mbedtls

mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-08-08 17:42:09 +03:00

Author	SHA1	Message	Date
toth92g	434143976c	Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates Signed-off-by: toth92g <toth92g@gmail.com>	2023-01-02 20:27:31 +01:00
Manuel Pégourié-Gonnard	c98624af3c	Merge pull request #6680 from valeriosetti/issue6599 Allow isolation of EC J-PAKE password when used in TLS	2022-12-14 11:04:33 +01:00
Valerio Setti	d75c5c4405	test: pake: fail in case the opaque key is destroyed unexpectedly Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-13 11:51:32 +01:00
Valerio Setti	785116a5be	test: pake: modify opaque key verification before destruction Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-12 11:59:25 +01:00
Valerio Setti	eb3f788b03	tls: pake: do not destroy password key in TLS Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-08 18:42:58 +01:00
Valerio Setti	d5fa0bfb85	test: pake: check psa key validity before destroying it Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-07 16:02:42 +01:00
Ronald Cron	fbba0e9d75	Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface TLS 1.3: Refactor early data configuration interface.	2022-12-07 09:42:12 +01:00
Jerry Yu	d146a37d56	Change the definition of max_early_data_size argument. `conf_max_early_data_size` does not reuse as en/disable. When call it, we should call `conf_early_data()` also. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-06 14:56:54 +08:00
Jerry Yu	2c93fc1544	Revert "Add reco_debug_level to reduce debug output" This reverts commit `a6934776c9`. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-06 11:05:54 +08:00
Jerry Yu	54dfcb7794	fix comments and debug info issues Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-05 15:43:09 +08:00
Tom Cosgrove	1797b05602	Fix typos prior to release Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>	2022-12-04 17:19:59 +00:00
Valerio Setti	d6feb20869	test: pake: allow opaque password only when USE_PSA is enabled Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-12-02 14:28:49 +01:00
Jerry Yu	7854a4e019	Add max_early_data_size option for ssl_sever2 - to set max_early_data_set Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-01 23:11:48 +08:00
Jerry Yu	a6934776c9	Add reco_debug_level to reduce debug output Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-12-01 23:11:48 +08:00
Valerio Setti	661b9bca75	test: psa_pake: add specific log message for the opaque password Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-29 17:28:17 +01:00
Valerio Setti	77e8315f5b	fix formatting and typos Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-29 17:28:04 +01:00
Valerio Setti	d572a82df9	tls: psa_pake: add test for opaque password Signed-off-by: Valerio Setti <vsetti@baylibre.com>	2022-11-29 11:30:56 +01:00
Gilles Peskine	fd7aa13671	Merge pull request #6436 from yanrayw/ssl_client2-add-build-version Add build version to the output of ssl_client2 and ssl_server2	2022-11-10 14:39:38 +01:00
Yanray Wang	eaf46d1291	Add output of build version in ssl_server2 Usage: - By default, build version is printed out in the beginning of ssl_server2 application. - ./ssl_server2 build_version=1 only prints build verison and stop Signed-off-by: Yanray Wang <yanray.wang@arm.com>	2022-10-28 10:53:50 +08:00
Gilles Peskine	744fd37d23	Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0 Fix unusual macros	2022-10-25 19:55:29 +02:00
David Horstmann	3f44e5b11a	Refactor macro-spanning if in ssl_server2.c Signed-off-by: David Horstmann <david.horstmann@arm.com>	2022-10-24 13:12:19 +01:00
Ronald Cron	73fe8df922	Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to guard TLS code (both 1.2 and 1.3) specific to handshakes involving PSKs. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	e68ab4f55e	Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to guard TLS code (both TLS 1.2 and 1.3) specific to handshakes involving certificates. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-22 14:42:04 +02:00
Ronald Cron	81378b72e8	programs: ssl: Remove dependency on TLS 1.3 for "sig_algs" option Signature algorithms can be specified through the sig_algs option for TLS 1.2 as well. Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:40:56 +02:00
Ronald Cron	20a8e63b23	programs: ssl: Fix some mbedtls_ssl_conf_sig_algs() guards Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-10-21 14:36:43 +02:00
Andrzej Kurek	b50754ae86	Switch from x509_CRT_PARSE to KEY_EXCHANGE_WITH_CERT_ENABLED Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	d0786f5f26	Revert one of the changes to ssl_server2 dependencies Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	6ee1e20d7f	Replace x509_CRT_PARSE_C with KEY_EXCHANGE_WITH_CERT_ENABLED SSL programs use certificates in an exchange, so it's more natural to have such dependency instead of just certificate parsing. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:09 -04:00
Andrzej Kurek	e38b788b79	Add missing key exchange dependencies Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Andrzej Kurek	68327748d3	Add missing dependencies Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-10-19 08:35:08 -04:00
Gilles Peskine	8fd3254cfc	Merge pull request #6374 from mprse/enc_types Test TLS 1.2 builds with each encryption type	2022-10-12 12:45:50 +02:00
Jerry Yu	c79742303d	Remove unnecessary empty line and fix format issue Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-11 21:22:33 +08:00
Przemek Stekiel	d61a4d3d1a	Fix missing guard and double-space Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-11 09:40:40 +02:00
Jerry Yu	6916e70521	fix various issues - adjust guards. Remove duplicate guards and adjust format. - Return success at function end. Not `ret` - change input len Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-10 21:33:51 +08:00
Przemek Stekiel	68a01a6720	Fix session tickets related build flags in fuzz_server and ssl_server2 Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>	2022-10-10 13:30:43 +02:00
Jerry Yu	03b8f9d299	Adjust guards for `dummy_tickets` Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-08 14:56:38 +08:00
Jerry Yu	25ab654781	Add dummy ticket support Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-10-07 10:11:05 +08:00
Manuel Pégourié-Gonnard	e3358e14b2	Merge pull request #6051 from mprse/permissions_2b_v2 Permissions 2b: TLS 1.3 sigalg selection	2022-09-28 09:50:04 +02:00
Paul Elliott	2c282c9bd0	Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.	2022-09-23 15:48:33 +01:00
Ronald Cron	50969e3af5	ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg Signed-off-by: Ronald Cron <ronald.cron@arm.com>	2022-09-20 15:57:57 +02:00
Jerry Yu	7a51305478	Add multi-session tickets test Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-09-19 14:26:07 +08:00
Manuel Pégourié-Gonnard	e896705c1a	Take advantage of legacy_or_psa.h being public Opportunities for using the macros were spotted using: git grep -E -n -A2 'MBEDTLS_(MD\|SHA)[0-9]+_C' \| egrep 'PSA_WANT_ALG_(MD\|SHA)' then manually filtering the results. Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>	2022-09-16 12:03:52 +02:00
Andrzej Kurek	0bc834b27f	Enable signature algorithms in ssl programs with PSA based hashes Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-09-12 05:37:46 -04:00
Ronald Cron	e00d6d6b55	Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation TLS 1.3: SRV: Finalize external PSK negotiation	2022-08-31 17:21:57 +02:00
Jerry Yu	c5a23a0f12	fix various issues - code style - variable initialize - update comments Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-25 11:09:35 +08:00
Andrzej Kurek	8c95ac4500	Add missing dependencies / alternatives A number of places lacked the necessary dependencies on one of the used features: MD, key exchange with certificate, entropy, or ETM. Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>	2022-08-22 17:46:50 -04:00
Jerry Yu	5d01c05d93	fix various issues - wrong typo in comments - replace psk null check with key_exchange_mode check - set psk NULL when error return in export hs psk Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:55:01 +08:00
Jerry Yu	2b7a51ba8f	Add psk_or_ephemeral mode and tests psk_or_ephemeral exists in theory. This change is for improving test coverage. Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>	2022-08-21 12:51:53 +08:00
Jan Bruckner	25fdc2addb	Fix minor typos Signed-off-by: Jan Bruckner <jan@janbruckner.de>	2022-07-26 10:52:46 +02:00
Ronald Cron	0e39ece23f	Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk Refactor signature algorithm chooser	2022-07-04 09:10:08 +02:00

1 2 3 4 5 ...

629 Commits