2cecd8aaad
Merge pull request #3624 from daxtens/timeless
...
RFC: Fix builds with MBEDTLS_HAVE_TIME disabled and test
2022-03-15 16:43:19 +00:00
10e5cdbbbf
Merge pull request #5454 from gstrauss/cert_cb-user_data
...
server certificate selection callback
2022-03-10 11:51:42 +01:00
d815114f93
Merge pull request #5524 from mprse/tls_ecdh_2c
...
TLS ECDH 2c: ECHDE in TLS 1.3 (client-side)
2022-03-08 11:43:45 +01:00
541318ad70
Refactor ssl_context_info time printing
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
554b820747
Guard cache_timeout in ssl_server2 with MBEDTLS_HAVE_TIME
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-03-04 05:07:45 -05:00
9ed9bc9377
programs/ssl: Fix compile errors when MBEDTLS_HAVE_TIME is not defined
...
Signed-off-by: Raoul Strackx <raoul.strackx@fortanix.com >
[dja: add some more fixes, tweak title]
Signed-off-by: Daniel Axtens <dja@axtens.net >
2022-03-04 05:07:45 -05:00
3f076dfb6d
Fix comments for conditional compilation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-03-04 09:36:46 +01:00
48a37f01b3
Add cert_cb use to programs/ssl/ssl_server2.c
...
(for use by some tests/)
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-02-25 19:55:53 -05:00
169f115bf0
ssl_client2: init psa crypto for TLS 1.3 build
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2022-02-14 17:15:04 +01:00
a941b62985
Create public macros for ssl_ticket key,name sizes
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-02-09 15:28:28 -05:00
e328245618
Add test case use of mbedtls_ssl_ticket_rotate
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-02-09 14:33:16 -05:00
6f20595b6e
Merge pull request #5462 from gilles-peskine-arm/ssl-test-pkey-message-clarity
...
Clarify key types message from ssl_client2 and ssl_server2
2022-02-03 11:33:03 +01:00
1ab2d6966c
Merge pull request #5385 from AndrzejKurek/use-psa-crypto-reduced-configs
...
Resolve problems with reduced configs using USE_PSA_CRYPTO
2022-02-02 10:20:26 +01:00
cc50f1be43
Fix copypasta
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-01-31 22:53:30 +01:00
05bf89da34
Clarify key types message from ssl_client2 and ssl_server2
...
If no key is loaded in a slot, say "none", not "invalid PK".
When listing two key types, use punctuation that's visibly a sequence
separator (",").
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-01-25 17:50:25 +01:00
11f0a9c2c4
fix deprecated-declarations error
...
replace sig_hashes with sig_alg
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-01-25 12:46:17 +08:00
fcca7cfa97
Merge pull request #5428 from gstrauss/mbedtls_ssl_ciphersuite
...
Add accessors for ciphersuite info
2022-01-24 11:13:31 +01:00
ff743a7f38
Merge pull request #5425 from gabor-mezei-arm/5181_tls_cipher_extend_testing_of_tickets
...
TLS Cipher 1a: extend testing of tickets
2022-01-24 10:25:29 +01:00
6eef56392a
Add tests for accessors for ciphersuite info
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-01-23 08:37:02 -05:00
7a58d5283b
Add missing dependencies on MBEDTLS_KEY_EXCHANGE_SOME_PSK_ENABLED
...
Fix dependencies across test ssl programs.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-01-19 12:34:02 -05:00
d4bea1efd5
Add ticket_aead option for ssl_server2
...
The ticket_aead option allows to specify the session ticket protection.
Signed-off-by: Gabor Mezei <gabor.mezei@arm.com >
2022-01-12 16:21:15 +01:00
03e01461ad
Make KEY_ID_ENCODES_OWNER compatible with USE_PSA_CRYPTO
...
Fix library references, tests and programs.
Testing is performed in the already present all.sh test.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-01-03 12:53:24 +01:00
6f135e1148
Rename MBEDTLS_SSL_PROTO_TLS1_3_EXPERIMENTAL to MBEDTLS_SSL_PROTO_TLS1_3
...
As we have now a minimal viable implementation of TLS 1.3,
let's remove EXPERIMENTAL from the config option enabling
it.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2021-12-10 13:47:55 +01:00
ef9cccaf3c
Fix printf format specifier
...
Also mark function as printf variant so compiler will pickup any future
issues.
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2021-12-09 17:25:04 +00:00
3820c150d1
Prevent resource leak
...
If -f was used as an argument twice to the program, then it would leak
the file resource, due to overwriting it on the second pass
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2021-12-09 12:48:51 +00:00
d25fab6f79
Update based on comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2021-12-02 06:36:27 +00:00
6dc90da740
Rebased on 74217ee and add fixes
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2021-11-26 08:12:43 +00:00
9539501120
Rebase and add fixes
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2021-11-26 08:09:26 +00:00
746f9481ea
Fix 1_3/13 usages in macros and function names
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2021-11-26 08:08:36 +00:00
4d2329fd8a
Change code based on reviews
...
Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2021-11-25 02:21:16 +00:00
25476a48b9
Change code based on review
...
Remove useless component in all.sh
Remove use server logs in ssh-opt.sh
Remove useless guards in ssl_client2.c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2021-11-23 14:01:21 +00:00
ff5f6c8bb0
Refine test code and test scripts
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2021-11-23 08:49:51 +00:00
f977e9af6d
Add componet test and rsa signature options
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2021-11-23 07:19:23 +00:00
bdf26de384
Fix test failure and remove useless code
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2021-11-22 09:52:56 +00:00
4b82ca1b70
Refine test code and test scripts
...
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2021-11-22 05:50:12 +00:00
61f797adfd
Merge pull request #5111 from mprse/aps_mem_leak
...
ssl_client2, ssl_server2: add check for psa memory leaks
2021-11-17 11:54:44 +00:00
d6914e3196
ssl_client2/ssl_server2: Rework ordering of cleanup
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2021-11-10 10:46:11 +01:00
505712338e
ssl_client2: move memory leak check before rng_free()
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2021-11-03 14:19:52 +01:00
53de2622f3
Move psa_crypto_slot_management.h out from psa_crypto_helpers.h
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2021-11-03 09:35:35 +01:00
bbb22bbd9e
ssl_client2/ssl_server2: Move is_psa_leaking() before mbedtls_psa_crypto_free() (and rng_free())
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2021-11-03 09:06:09 +01:00
0dbe1dfa1c
Merge pull request #4859 from brett-warren-arm/supported_groups
...
Add mbedtls_ssl_conf_groups to API
2021-11-02 10:49:09 +01:00
25386b7652
Refactor ssl_{server2,client2} for NamedGroup IDs
...
Signed-off-by: Brett Warren <brett.warren@arm.com >
2021-10-29 14:07:46 +01:00
fed825a9aa
ssl_client2, ssl_server2: add check for psa memory leaks
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2021-10-29 12:32:26 +02:00
4c9313fcd9
Merge pull request #4514 from mpg/generated-files-cmake
...
Generated files cmake
2021-10-28 09:23:41 +02:00
9317e09d15
Merge pull request #5007 from mprse/pk_opaque
...
Add key_opaque option to ssl_server2.c + test
2021-10-27 10:52:13 +02:00
c2d2f217fb
ssl_client2/ssl_server_2: use PSA_ALG_ANY_HASH as algorithm for opaque key
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2021-10-26 12:24:34 +02:00
a8d1406107
Rename DEV_MODE to GEN_FILES
...
GEN_FILES is a bit clearer as it describes what the setting
does more precisely.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2021-10-25 13:16:04 +01:00
d64f4b249c
Fix assorted spelling and wording issues
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2021-10-25 13:16:04 +01:00
e90e405e15
Introduce "Dev mode" option
...
When the option is On, CMake will have rules to generate the generated
files using scripts etc. When the option is Off, CMake will assume the
files are available from the source tree; in that mode, it won't require
any extra tools (Perl for example) compared to when we committed the
files to git.
The intention is that users will never need to adjust this option:
- in the development branch (and features branches etc.) the option is
always On (development mode);
- in released tarballs, which include the generated files, we'll switch
the option to Off (release mode) in the same commit that re-adds the
generated files.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2021-10-25 13:16:04 +01:00
86cfa6c27f
Allow CMake to generate query_config.c
...
This one was trickier for two reasons:
1. It's used from another directory, see
https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#how-can-i-add-a-dependency-to-a-source-file-which-is-generated-in-a-subdirectory
2. The C file being generated after CMake is run means CMake can't
automatically scan for included headers and do its usual magic, so we
need to declare the dependency and more importantly the include path.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2021-10-25 13:16:03 +01:00
