d25fab6f79
Update based on comments
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2021-12-02 06:36:27 +00:00
6dc90da740
Rebased on 74217ee and add fixes
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2021-11-26 08:12:43 +00:00
9539501120
Rebase and add fixes
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2021-11-26 08:09:26 +00:00
746f9481ea
Fix 1_3/13 usages in macros and function names
...
Signed-off-by: Xiaofei Bai <xiaofei.bai@arm.com >
2021-11-26 08:08:36 +00:00
74217ee03c
Merge pull request #5202 from xkqian/pr/add_rsa_pkcsv15
...
Pr/add rsa pkcsv15
2021-11-26 08:07:11 +01:00
a0e57ef84f
Merge pull request #5131 from gilles-peskine-arm/dlopen-test
...
dlopen test
2021-11-25 22:03:27 +01:00
4d2329fd8a
Change code based on reviews
...
Remove support signature PKCS1 v1.5 in CertificateVerify.
Remove useless server states in test script
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2021-11-25 02:21:16 +00:00
25476a48b9
Change code based on review
...
Remove useless component in all.sh
Remove use server logs in ssh-opt.sh
Remove useless guards in ssl_client2.c
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2021-11-23 14:01:21 +00:00
ff5f6c8bb0
Refine test code and test scripts
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2021-11-23 08:49:51 +00:00
f977e9af6d
Add componet test and rsa signature options
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2021-11-23 07:19:23 +00:00
bdf26de384
Fix test failure and remove useless code
...
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2021-11-22 09:52:56 +00:00
4b82ca1b70
Refine test code and test scripts
...
Change client test code to support rsa pss signatures
Add test cases for rsa pss signature in ssl-opt.sh
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2021-11-22 05:50:12 +00:00
61f797adfd
Merge pull request #5111 from mprse/aps_mem_leak
...
ssl_client2, ssl_server2: add check for psa memory leaks
2021-11-17 11:54:44 +00:00
834d229117
Fix dynamic library extension on macOS
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-11-12 14:30:22 +01:00
7fb54c5674
More explicit output for the test program
...
Without that, the logs were a bit hard to understand if you didn't know what
to expect.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-11-10 21:08:28 +01:00
b6a0299708
Avoid undefined variable warning without MBEDTLS_MD_C
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-11-10 19:11:32 +01:00
88e3e70df5
Use CMake's knowledge of what system library has dlopen()
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-11-10 19:10:27 +01:00
f80a029f28
Don't build dlopen when building for Windows
...
Windows doesn't have dlopen, not even Linux emulation environments such as
MinGW.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-11-10 19:05:20 +01:00
5dbee582a3
Only link with libdl on Linux
...
Requiring an extra library for dlopen is a Linux non-POSIX-compliance.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-11-10 19:05:20 +01:00
ca144597e8
Run the dlopen test in shared library builds
...
Non-regression for the fix in https://github.com/ARMmbed/mbedtls/pull/5126 :
libmbedtls and libmbedx509 did not declare their dependencies on libmbedx509
and libmbedcrypto when built with make.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-11-10 19:05:20 +01:00
a7c247e87d
New test app for dynamic loading of libmbed* with dlopen
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-11-10 19:05:20 +01:00
d6914e3196
ssl_client2/ssl_server2: Rework ordering of cleanup
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2021-11-10 10:46:11 +01:00
505712338e
ssl_client2: move memory leak check before rng_free()
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2021-11-03 14:19:52 +01:00
53de2622f3
Move psa_crypto_slot_management.h out from psa_crypto_helpers.h
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2021-11-03 09:35:35 +01:00
bbb22bbd9e
ssl_client2/ssl_server2: Move is_psa_leaking() before mbedtls_psa_crypto_free() (and rng_free())
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2021-11-03 09:06:09 +01:00
0dbe1dfa1c
Merge pull request #4859 from brett-warren-arm/supported_groups
...
Add mbedtls_ssl_conf_groups to API
2021-11-02 10:49:09 +01:00
25386b7652
Refactor ssl_{server2,client2} for NamedGroup IDs
...
Signed-off-by: Brett Warren <brett.warren@arm.com >
2021-10-29 14:07:46 +01:00
fed825a9aa
ssl_client2, ssl_server2: add check for psa memory leaks
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2021-10-29 12:32:26 +02:00
4c9313fcd9
Merge pull request #4514 from mpg/generated-files-cmake
...
Generated files cmake
2021-10-28 09:23:41 +02:00
475bfe626e
Merge pull request #5108 from gilles-peskine-arm/base64-no-table-3.0
...
range-based constant-flow base64
2021-10-27 12:18:21 +02:00
9317e09d15
Merge pull request #5007 from mprse/pk_opaque
...
Add key_opaque option to ssl_server2.c + test
2021-10-27 10:52:13 +02:00
c2d2f217fb
ssl_client2/ssl_server_2: use PSA_ALG_ANY_HASH as algorithm for opaque key
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2021-10-26 12:24:34 +02:00
680747b868
Fix the build of sample programs without mbedtls_strerror
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-10-25 22:09:12 +02:00
987984482d
Fix printf format signedness error
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-10-25 22:09:12 +02:00
9a2114ca57
load_roots: properly error out on an invalid option
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-10-25 22:09:12 +02:00
01997e119f
load_roots: fix no-argument detection
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-10-25 22:09:12 +02:00
618a70ede7
load_roots: arguments must be files
...
I had originally thought to support directories with
mbedtls_x509_crt_parse_path but it would have complicated the code more than
I cared for. Remove a remnant of the original project in the documentation.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-10-25 22:09:12 +02:00
2c1442ebc0
New sample program to benchmark certificate loading
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2021-10-25 22:08:33 +02:00
a8d1406107
Rename DEV_MODE to GEN_FILES
...
GEN_FILES is a bit clearer as it describes what the setting
does more precisely.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2021-10-25 13:16:04 +01:00
3e30ad9b0d
Use MBEDTLS_PYTHON_EXECUTABLE
...
Change one occurrence of ${PYTHON} to ${MBEDTLS_PYTHON_EXECUTABLE}
and add implied ${MBEDTLS_PYTHON_EXECUTABLE} to the start of a
different command.
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2021-10-25 13:16:04 +01:00
d64f4b249c
Fix assorted spelling and wording issues
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2021-10-25 13:16:04 +01:00
e90e405e15
Introduce "Dev mode" option
...
When the option is On, CMake will have rules to generate the generated
files using scripts etc. When the option is Off, CMake will assume the
files are available from the source tree; in that mode, it won't require
any extra tools (Perl for example) compared to when we committed the
files to git.
The intention is that users will never need to adjust this option:
- in the development branch (and features branches etc.) the option is
always On (development mode);
- in released tarballs, which include the generated files, we'll switch
the option to Off (release mode) in the same commit that re-adds the
generated files.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2021-10-25 13:16:04 +01:00
15a42c3e26
Allow CMake to generate psa_constant_names_generated.c
...
This one's a bit funny too as the generated file is not a source to the
executable (ie, it's not passed as an argument to the compiler), so
CMake's dependency resolution didn't work even though the file is in the
same directory.
For some reason, the following didn't work either:
add_dependencies(psa_constant_names
${CMAKE_CURRENT_BINARY_DIR}/psa_constant_names_generated.c)
So, apply the same strategy as for cross-directory use of a generated
file by creating a target and using it as a dependency.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2021-10-25 13:16:03 +01:00
86cfa6c27f
Allow CMake to generate query_config.c
...
This one was trickier for two reasons:
1. It's used from another directory, see
https://gitlab.kitware.com/cmake/community/-/wikis/FAQ#how-can-i-add-a-dependency-to-a-source-file-which-is-generated-in-a-subdirectory
2. The C file being generated after CMake is run means CMake can't
automatically scan for included headers and do its usual magic, so we
need to declare the dependency and more importantly the include path.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2021-10-25 13:16:03 +01:00
aedca0c993
Simplify source declarations in ssl/CMakeLists.txt
...
query_config was added twice, and while at it let's declare all the
sources in one place
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2021-10-25 13:16:03 +01:00
8132c2ff46
Address review comments
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2021-10-21 12:26:58 +02:00
6210320215
Merge pull request #4989 from AndrzejKurek/remove-ssl-export-keys
...
Remove MBEDTLS_SSL_EXPORT_KEYS, making it always on
2021-10-18 17:53:56 +02:00
2bb5e9c973
Merge pull request #4760 from gilles-peskine-arm/ecb-alt-ret-3.0
...
Catch failures of mbedtls_aes_crypt_ecb and its DES equivalents
2021-10-14 12:11:20 +02:00
db0ed7c579
ssl_server2.c: fix build err (key_slot - unused variable)
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2021-10-07 15:11:43 +02:00
0483e3d652
Add key_opaque option to ssl_server2.c + test
...
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com >
2021-10-04 11:28:22 +02:00
