f614bde912
Merge pull request #7656 from mprse/ffdh_tls13_v2_drivers
...
FFDH 4: driver-only parity testing - with TLS 1.3
2023-07-10 13:08:47 +02:00
e183ecef3d
Merge pull request #7136 from yanrayw/5692-record-compatsh-test-cases
...
Record the outcome of each test case in compat.sh
2023-07-10 12:08:32 +01:00
dda0019e2e
ssl_test_lib: fix rebase error
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-10 10:22:51 +02:00
5c41ae867b
Merge pull request #7887 from ronald-cron-arm/fix-hrr-in-psk-kem
...
tls13: server: Fix spurious HRR
2023-07-10 09:58:13 +02:00
5bdebb2004
ssl_test_lib: fix variable naming for curve group
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-10 09:13:57 +02:00
54e23792c8
tls: replace numeric values with proper TLS IANA symbols
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-10 09:13:57 +02:00
fb6356f003
ssl_test_lib: simplify function which prints supported curves
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-10 09:13:57 +02:00
deb676442d
ssl_test_lib: manage FFDH keys the same way as ECC ones
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-10 09:13:57 +02:00
ee3a4d0d38
debug: replace occurence of ECP_LIGHT with PK_HAVE_ECC_KEYS
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-10 09:13:57 +02:00
6f0441d11e
tls: replace occurencies of ECP_LIGHT with PK_HAVE_ECC_KEYS
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-10 09:13:57 +02:00
acd32c005f
programs: add helper functions for supported EC curves
...
- get full list, or
- get TLS ID from name
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-10 09:13:57 +02:00
0085c2e486
test: fix message's text
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-10 09:10:20 +02:00
16b70f2b1a
test: enabled ssl-opt testing in no_ecp_at_all components
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-10 09:10:20 +02:00
49e6907b5b
tls: replace ECP_LIGHT occurrencies with PK_HAVE_ECC_KEYS
...
Up to this point "make test" runs successfully. "ssl-opt" has
not been tested yet.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-10 09:10:20 +02:00
887f823deb
test: re-enable TLS and key exchanges in no_ecp_at_all component
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-10 09:10:20 +02:00
5a3f5f450c
Add changelog entries
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-07-10 13:25:28 +08:00
5cbb93ef14
Add test for cache timeout getter
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-07-10 13:25:24 +08:00
db6143364a
Add test for endpoint getter
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-07-10 11:33:23 +08:00
30e0870937
Add test for hostname getter
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-07-10 11:33:23 +08:00
08daebb410
Make endpoint getter parameter a pointer to const
...
It would be convenient for users to query the endpoint
type directly from a ssl context:
```
mbedtls_ssl_conf_get_endpoint(
mbedtls_ssl_context_get_config(&ssl))
```
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-07-10 11:33:23 +08:00
accd53ff6a
Add getter access to endpoint field in mbedtls_ssl_config
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-07-10 11:33:23 +08:00
918ebf3975
Add getter access to hostname field in mbedtls_ssl_context
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-07-10 11:33:23 +08:00
af724dd112
ssl_cache: Add getter access to timeout field
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-07-10 11:33:23 +08:00
7dbd2bf90c
Merge pull request #7441 from gilles-peskine-arm/mbedtls_x509_crt_parse_path-qemu-bug
...
More mbedtls_x509_crt_parse_path() tests, and note qemu-user bug when 32-bit code run on 64-bit host
2023-07-07 19:15:31 +01:00
aa7cbd619c
build_info: replace PK_CAN_ECDH with CAN_ECDH and fix comments
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-07 19:02:23 +02:00
6eb005435c
tls: fix guards for legacy ECDH contexts
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-07 19:02:23 +02:00
3d237b5ff1
ssl_misc: fix guards for PSA data used in XXDH key exchanges
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-07 19:02:16 +02:00
2dfe7993af
Merge pull request #6914 from davidhorstmann-arm/cmake-pass-through-config-defines
...
Pass `MBEDTLS_CONFIG_FILE` defines through cmake
2023-07-07 17:01:57 +01:00
c5f41bfeb8
Merge pull request #7212 from sergio-nsk/patch-4
...
Fix error: comparison of integers of different signs: 'SOCKET' and 'int'
2023-07-07 16:45:55 +01:00
0a0d0d5527
ssl: keep all helper definitions in ssl_ciphersuites.h
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-07 17:31:40 +02:00
ed365e66bb
ssl: improve/fix definitions for internal helpers
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-07 17:31:40 +02:00
a15078b784
pk: do not duplicate internal symbols for ECDH/ECDSA capabilities
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-07 17:31:40 +02:00
e87915b66f
ssl: update new symbols to include also FFDH
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-07 17:23:53 +02:00
b302efc8d9
debug: replace ECDH_C symbol with key exchange one
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-07 17:23:53 +02:00
c2232eadfb
tls: replace PK_CAN_ECDH guards with new helpers
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-07 17:23:53 +02:00
7aeec54094
tls: replace ECDH_C guards with new helpers
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-07 17:23:53 +02:00
00dc4063e2
ssl: add new helpers for TLS 1.2/1.3 ECDH(E) key exchanges
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-07 17:23:53 +02:00
a787c0f986
Add Changelog for driver-only ECC so far
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-07-07 17:09:14 +02:00
d38ee855eb
Add ChangeLog entry for PK_OPAQUE extensions
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-07-07 17:09:14 +02:00
7a82e27a10
Add documentation on driver-only ECC
...
Just one part left for later.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-07-07 17:09:14 +02:00
6d5f4946e6
Add docs/driver-only-builds.md
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-07-07 17:09:14 +02:00
602a0919f3
Merge pull request #7464 from yuhaoth/pr/Change-clock-source-to-bootime-for-ms-time
...
Replace CLOCK_MONOTONIC with CLOCK_BOOTTIME for `mbedtls_ms_time` on linux
2023-07-07 15:42:17 +01:00
461d59b2f8
Merge pull request #7858 from mprse/ffdh_tls13_v2_f
...
Make use of FFDH keys in TLS 1.3 - follow-up
2023-07-07 16:19:35 +02:00
8abb3497ad
Merge branch 'development' into mbedtls_x509_crt_parse_path-qemu-bug
...
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2023-07-07 15:11:35 +01:00
c75ff730cd
Add change log
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-07-07 15:53:34 +02:00
8a74f07c2a
tls13: server: Fix spurious HRR
...
If the server during a TLS 1.3 handshake selects
the PSK key exchange mode, it does not matter
if it did not find in the key share extension
a key share for a group it supports. Such a
key share is used and necessary only in the
case of the ephemeral or PSK ephemeral key
exchange mode. This is a possible scenario in
the case of a server that supports only the PSK
key exchange mode and a client that also
supports a key exchange mode with ephemeral keys.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2023-07-07 15:53:12 +02:00
f05ca737da
Update comment
...
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2023-07-07 12:59:22 +02:00
c4749b1c66
Merge pull request #7584 from gilles-peskine-arm/fuzz-file-open-fail
...
Fuzz programs: print an error if loading the reproducer fails
2023-07-07 11:51:59 +01:00
2d3ba07bf4
Add ChangeLog entry for CMake config defines
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2023-07-07 11:25:40 +01:00
1917ee7cd1
Merge pull request #7867 from gilles-peskine-arm/readme-python3.8
...
Officially require Python 3.8
2023-07-07 09:58:15 +01:00
