1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-10-24 13:32:59 +03:00
Commit Graph

662 Commits

Author SHA1 Message Date
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-22 14:42:04 +02:00
Ronald Cron
81378b72e8 programs: ssl: Remove dependency on TLS 1.3 for "sig_algs" option
Signature algorithms can be specified through
the sig_algs option for TLS 1.2 as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:40:56 +02:00
Ronald Cron
20a8e63b23 programs: ssl: Fix some mbedtls_ssl_conf_sig_algs() guards
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-10-21 14:36:43 +02:00
Yanray Wang
076b2d062f Improve the method of printing string build version
Following changes are introduced with this commit:
- Call mbedtls_version_get_string before printing string
  build version instead of printing macro directly
- Output build version in the beginning of ssl_client2 program

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-21 11:22:44 +08:00
Andrzej Kurek
6ee1e20d7f Replace x509_CRT_PARSE_C with KEY_EXCHANGE_WITH_CERT_ENABLED
SSL programs use certificates in an exchange, so it's more natural
to have such dependency instead of just certificate parsing.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:09 -04:00
Andrzej Kurek
e38b788b79 Add missing key exchange dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Andrzej Kurek
68327748d3 Add missing dependencies
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-10-19 08:35:08 -04:00
Yanray Wang
ff4181e246 Fix build error in cmake while printing digital build version
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-18 18:20:40 +08:00
Yanray Wang
d976673dd6 Add build version to the output of ssl_client2
Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2022-10-18 10:53:49 +08:00
Xiaokang Qian
bc663a0461 Refine code based on commnets
Change code layout
Change hostname_len type to size_t
Fix various issues

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:06:01 +00:00
Xiaokang Qian
adf84a4a8c Remove public api mbedtls_ssl_reset_hostname()
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:05:11 +00:00
Xiaokang Qian
fb8ac46add Change the name of servername when re-connect
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:44 +00:00
Xiaokang Qian
281fd1bdd8 Add server name check when proposeing pre-share key
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2022-10-12 11:03:41 +00:00
Manuel Pégourié-Gonnard
e3358e14b2 Merge pull request #6051 from mprse/permissions_2b_v2
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
Paul Elliott
2c282c9bd0 Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
2022-09-23 15:48:33 +01:00
Manuel Pégourié-Gonnard
d433cd7d07 Merge pull request #6283 from mpg/driver-only-hashes-wrap-up
Driver only hashes wrap-up
2022-09-21 08:29:46 +02:00
Ronald Cron
50969e3af5 ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2022-09-20 15:57:57 +02:00
Jerry Yu
7a51305478 Add multi-session tickets test
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-19 14:26:07 +08:00
Ronald Cron
be0224aef3 Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets 2022-09-18 21:18:13 +02:00
Manuel Pégourié-Gonnard
e896705c1a Take advantage of legacy_or_psa.h being public
Opportunities for using the macros were spotted using:

    git grep -E -n -A2 'MBEDTLS_(MD|SHA)[0-9]+_C' | egrep 'PSA_WANT_ALG_(MD|SHA)'

then manually filtering the results.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2022-09-16 12:03:52 +02:00
Przemek Stekiel
632939df4b ssl_client2: print pk key name when provided using key_opaque_algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-09-15 14:16:11 +02:00
Jerry Yu
4746b10c2e fix various issues
- Format issues
- Possible memory leak
- Improve naming and comment issues

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-09-13 15:37:46 +08:00
Andrzej Kurek
0bc834b27f Enable signature algorithms in ssl programs with PSA based hashes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-09-12 05:37:46 -04:00
Jerry Yu
0203534c64 Add session save after got new session ticket
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-08-31 23:24:25 +08:00
Andrzej Kurek
cccb044804 Style & formatting fixes
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-23 05:26:02 -04:00
Andrzej Kurek
8c95ac4500 Add missing dependencies / alternatives
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate, 
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
2022-08-22 17:46:50 -04:00
Jerry Yu
2b4f02d7fb Add new_session_ticket err handler
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-07-20 11:07:29 +08:00
Jerry Yu
202919c23d refine supported sig alg print
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:18:29 +08:00
Jerry Yu
64f410c246 Add tls13 sig alg parameters
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-06-29 16:16:09 +08:00
Manuel Pégourié-Gonnard
9bc53a2e84 Merge pull request #5806 from josesimoes/fix-3031
Remove prompt to exit in all programs
2022-05-12 10:50:31 +02:00
Shaun Case
8b0ecbccf4 Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
Signed-off-by: Shaun Case <warmsocks@gmail.com>
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2022-05-11 21:25:51 +01:00
josesimoes
23419560c9 Remove prompt to exit in all programs
Signed-off-by: José Simões <jose.simoes@eclo.solutions>
2022-05-06 17:11:22 +01:00
Przemek Stekiel
cb20d202d2 Further code optimization
- key_opaque_set_alg_usage(): set alg/usage in loop
- key_opaque_set_alg_usage(): add key paramteter to set default alg/usage if it is not specified by command line parameters
- unify default alg/usage for client and server
- optimize opaque code on client and server side

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-06 09:34:30 +02:00
Przemek Stekiel
1d25e076f3 ssl_client2: fix default key opaque algs
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 11:05:10 +02:00
Przemek Stekiel
488efa05b6 Fix compiler warnings: initialize local variables: psa_alg, psa_alg2, psa_usage
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
092128324f ssl_client2/ss_server2: optimize code for opaque key
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
89132a6ab0 Fix call to mbedtls_pk_wrap_as_opaque(): use usage variable instead PSA_KEY_USAGE_SIGN_HASH
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
a17b5c6ba2 ssl_client: use key opaque algs given from command line
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
77fc9ab1ba Fix typos and code style
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Przemek Stekiel
f1822febc4 ssl client: add key_opaque_algs command line option
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-05-05 10:17:01 +02:00
Manuel Pégourié-Gonnard
068a13d909 Merge pull request #5771 from superna9999/5761-rsa-decrypt-rework-pk-wrap-as-opaque
RSA decrypt 0: Rework `mbedtls_pk_wrap_as_opaque()`
2022-05-02 09:06:49 +02:00
Neil Armstrong
94e371af91 Update mbedtls_pk_wrap_as_opaque() usage in SSL client2 & server2
Signed-off-by: Neil Armstrong <narmstrong@baylibre.com>
2022-04-28 13:27:59 +02:00
Przemek Stekiel
b293aaa61b Enable support for psa opaque DHE-PSK key exchange on the client side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:54:33 +02:00
Przemek Stekiel
19b80f8151 Enable support for psa opaque ECDHE-PSK key exchange on the client side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:28 +02:00
Przemek Stekiel
fc72e428ed ssl_client2: Enable support for TLS 1.2 RSA-PSK opaque ciphersuite
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-04-22 14:52:27 +02:00
Glenn Strauss
e3af4cb72a mbedtls_ssl_(read|write)_version using tls_version
remove use of MBEDTLS_SSL_MINOR_VERSION_*
remove use of MBEDTLS_SSL_MAJOR_VERSION_*
(only remaining use is in tests/suites/test_suite_ssl.data)

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:14 -04:00
Glenn Strauss
60bfe60d0f mbedtls_ssl_ciphersuite_t min_tls_version,max_tls_version
Store the TLS version in tls_version instead of major, minor version num

Note: existing application use which accesses the struct member
(using MBEDTLS_PRIVATE) is not compatible, as the struct is now smaller.

Reduce size of mbedtls_ssl_ciphersuite_t

members are defined using integral types instead of enums in
order to pack structure and reduce memory usage by internal
ciphersuite_definitions[]

Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com>
2022-04-14 15:40:12 -04:00
Jerry Yu
3a58b462b6 add pss_rsae_sha{384,512}
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2022-03-22 15:13:34 +08:00
Przemek Stekiel
3f076dfb6d Fix comments for conditional compilation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2022-03-04 09:36:46 +01:00
Przemyslaw Stekiel
169f115bf0 ssl_client2: init psa crypto for TLS 1.3 build
Signed-off-by: Przemyslaw Stekiel <przemyslaw.stekiel@mobica.com>
2022-02-14 17:15:04 +01:00