lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-30 22:43:08 +03:00
Code Activity
20,713 Commits 174 Branches 272 Tags
8b718b5a6663609b1ae29e2d2ec661cac38a8cad
Commit Graph

20713 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
XiaokangQian
23c5be6b94 Enable SNI test for both tls12 and tls13 
Change-Id: Iae5c39668db7caa1a59d7e67f226a5286d91db22
CustomizedGitHooks: yes
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-07 09:43:13 +00:00
Ronald Cron
00e5eaad62 test: ssl: Remove more TLS 1.2 dependencies in handshake state tests 
That way the concerned tests are also run in the
TLS 1.3 only configuration where a TLS 1.3
handshake is performed.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-07 11:14:01 +02:00
Ronald Cron
bdddaef9bb test: ssl: Enable client authentication in handshake state tests 
The endpoint initialization function was setting up
a certificate but the client certificate was not
used because client authentication was not enabled
(not enabled in the default SSL server configuration).

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-07 11:13:49 +02:00
Ronald Cron
209cae9c42 tls13: server: Fix state update in CLIENT_CERTIFICATE 
The state should be updated only if the handler
returns in success.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-06-07 10:58:22 +02:00
pespacek
670913f4dc Fixing return value for ssl_tls13_write_certificate_body() 
Signed-off-by: pespacek <peter.spacek@silabs.com>
 2022-06-07 10:53:39 +02:00
Dave Rodgman
4b55a89327 Merge pull request #5887 from tom-daubney-arm/mbedtls_x509_crt_ext_types_accessor 
Add accessor for x509 certificate extension types
 2022-06-06 21:51:38 +01:00
Andrzej Kurek
e6487ab490 Add a changelog entry for the cookie parsing bounds bug 
Co-authored-by: Gilles Peskine <Gilles.Peskine@arm.com>
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-06 15:31:08 -04:00
Andrzej Kurek
cfb01948c8 Add cookie parsing tests to test_suite_ssl 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-06 15:29:15 -04:00
Andrzej Kurek
c8183cc492 Add missing sid_len in calculations of cookie sizes 
This could lead to a potential buffer overread with small
MBEDTLS_SSL_IN_CONTENT_LEN.
Change the bound calculations so that it is apparent
what lengths and sizes are used.

Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-06 15:28:56 -04:00
Andrzej Kurek
140b589ec6 Fix a bug with executing ssl-client2 in ssl-opt.sh in a subshell 
When executing eval in the background, the next "$!" gives the
eval PID, not the ssl-client2 pid. This causes problems when
a client times out and the script tries to kill it. Instead, it
kills the parent eval call.
This caused problems with subsequent proxy tests receiving
old packets from a client from a previous test.
Moving the "&" to inside the eval call fixes the problem.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-06-06 15:02:36 -04:00
Gilles Peskine
364fd8bb71 More SSL debug messages for ClientHello parsing 
In particular, be verbose when checking the ClientHello cookie in a possible
DTLS reconnection.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2022-06-06 14:25:41 -04:00
Thomas Daubney
5c9c2ce86d Add correct test dependencies 
Functions called within the test mean that MBEDTLS_X509_CRT_PARSE_C
is a test dependency and so is declared in this commit.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-06 16:36:43 +01:00
Thomas Daubney
a5f39e0ec2 Move accessor definition 
Move the definition of the accessor so that it is not defined
within the MBEDTLS_X509_CRT_WRITE_C guards. Thus remove the
dependency from the test and test cases.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-06 15:42:32 +01:00
Dave Rodgman
5e03d9e601 Merge pull request #5837 from robert-shade/robert-shade/add_subdirectory_support 
Allow building as a subdir
 2022-06-06 14:11:06 +01:00
Przemek Stekiel
b57a44bf9b is_kdf_alg_supported: Adapt impl to new build flags for HKDF EXTRACT/EXPAND 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-06 11:26:43 +02:00
Przemek Stekiel
221391b3d2 generate_psa_tests.py: REVERT adapt OpFail test generator for HKDF-Exract/Expand algs 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-06 11:26:43 +02:00
Przemek Stekiel
66867731aa derive_output tests: fix output key length to be consistent with teh description 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-06 11:26:02 +02:00
Przemek Stekiel
cde3f783f5 Make info valid only after secret for HKDF-EXPAND + adapt tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-06 11:26:02 +02:00
Przemek Stekiel
0586f4c4ea Make salt mandatory for HKDF-EXTRACT + adapt tests 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-06 11:25:43 +02:00
Jerry Yu
6994e3e0c2 fix various issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-06 11:50:49 +08:00
Przemek Stekiel
0e99391afe derive_output test: fix output key bit length 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
Przemek Stekiel
3e8249cde0 Add PSA_WANT_ALG_HKDF_EXPAND, PSA_WANT_ALG_HKDF_EXTRACT, adapt code and dependencies 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
Przemek Stekiel
452a415476 Changelog: HKDF-Expand and HKDF-Extract as separate algorithms in the PSA API 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
Przemek Stekiel
73f97d4841 PSA_ALG_HKDF: add salt processing warning 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
Przemek Stekiel
f0f0bd068b test_suite_psa_crypto_metadata: add test cases for the HKDF-Extract/Expand algorithms 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:15 +02:00
Przemek Stekiel
a29b488296 Optimize code by adding PSA_ALG_IS_ANY_HKDF macro 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-03 16:18:09 +02:00
XiaokangQian
129aeb9b0e Update test cases and support sni ca override 
Change-Id: I6052acde0b0ec1c25537f8dd81a35562da05a393
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-02 09:29:18 +00:00
Przemek Stekiel
459ee35062 Fix typo and style 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-06-02 11:16:52 +02:00
Werner Lewis
acd01e58a3 Use ASN1 UTC tags for dates before 2000 
Signed-off-by: Werner Lewis <werner.lewis@arm.com>
 2022-06-01 16:24:28 +01:00
Jerry Yu
f2d32e6c3d fix tls13_only test fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-01 18:05:18 +08:00
Gilles Peskine
8399cccd2e Merge pull request #5829 from paul-elliott-arm/fix_ct_uninit_memory_access 
Fix uninitialised memory access in constant time functions
 2022-06-01 11:42:51 +02:00
Thomas Daubney
3d3cfc5553 Add Changelog entry 
Add Changelog entry for changes made in this PR.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-01 10:23:50 +01:00
Thomas Daubney
3ff4fc6997 Add test data 
Add two test cases for accessor test. One test where desired
ext type is presentent and the other of when the ext type is
not present.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-01 10:23:50 +01:00
Thomas Daubney
bd5466ab7e Add test for accessor 
Add test logic for accessor.

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-01 10:23:50 +01:00
Thomas Daubney
979aa49d1c Add accessor for x509 certificate extension types 
Add accessor for x509 certificate extension types

Signed-off-by: Thomas Daubney <thomas.daubney@arm.com>
 2022-06-01 10:22:14 +01:00
Jerry Yu
7bf3358a2d Remove duplicated tests 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-01 16:55:17 +08:00
Jerry Yu
1443537da3 fix test fail when WANT_READ/WRITE returned 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-06-01 15:53:31 +08:00
XiaokangQian
f4f0f6961a Enable requires_openssl_tls1_3 in sni test cases 
Change-Id: I71fbabe0b2ff80d5f1f15ae7df2b048503ccf965
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-06-01 00:42:27 +00:00
XiaokangQian
ac41edfc5e Enable requires_gnutls_tls1_3 in sni test cases 
Change-Id: Iea18f4e6a6b4c6b90612b43a5bcd396cdd506335
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-31 13:22:13 +00:00
Jerry Yu
66537f40b6 fix certificate request fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 19:53:05 +08:00
Jerry Yu
1e7c438b67 remove tls1.3 dependancy 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 19:51:38 +08:00
Gilles Peskine
f940693960 Merge pull request #5725 from tom-daubney-arm/x25519_program 
Rewrite x25519 example program
 2022-05-31 11:27:22 +02:00
Gilles Peskine
09858ae664 Merge pull request #5813 from mprse/deprecate_mbedtls_cipher_setup_psa 
Deprecate mbedtls_cipher_setup_psa()
 2022-05-31 10:56:52 +02:00
XiaokangQian
2ccd97b8ef Change test case name to sni 
Change-Id: I8f6e68deab71cc49741cbdf233cf876e29683db9
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com>
 2022-05-31 08:30:17 +00:00
Janos Follath
07c2e5e6d5 Merge pull request #5860 from superna9999/4745-psa-jpake-api-fixes 
PSA J-PAKE API has missing elements and confusing documentation
 2022-05-31 08:27:32 +01:00
Jerry Yu
66adf3155c Update comments 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:23:29 +08:00
Jerry Yu
df0a71a0b0 Add handshake version test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Jerry Yu
b3d86de3ea fix hanshake wrapup fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Jerry Yu
0a92d6c8eb fix move state to handshake over fail 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00
Jerry Yu
df65b66003 Add handshake over test 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-05-31 15:06:04 +08:00