fd3360ebf4
Remove unneeded setting of ret from ssl programs
...
Remove coverity warnings on unused values.
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2023-09-15 17:41:25 +01:00
e820c0abc8
Update spelling "mbed TLS" to "Mbed TLS"
...
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":
```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```
Justification for the omissions:
* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
occurrences are significant names in certificates and such. Changing
the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
updates.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-09-12 19:18:17 +02:00
acd32c005f
programs: add helper functions for supported EC curves
...
- get full list, or
- get TLS ID from name
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-07-10 09:13:57 +02:00
45255e4c71
Adapt names (curves -> groups)
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-07-05 09:26:26 +02:00
75a5a9c205
Code cleanup
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-13 09:57:23 +02:00
ff9fcbcace
ssl_client2, ssl_server2: code optimization + guards adaptation
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:53:40 +02:00
da4fba64b8
Further code optimizations
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:09 +02:00
6d7da5ee1e
Add FFDH support in client2, server2 applications
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2023-06-06 12:31:08 +02:00
97edeb4fb8
Merge pull request #6866 from mprse/extract-key-ids
...
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
2023-05-08 20:38:29 +02:00
d49cbc1493
test: fix remaining failures in test due to the ECP_LIGHT symbol
...
Changes in test_suite_psa_crypto are to enforce the dependency
on ECP_C which is mandatory for some key's derivation.
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-04-11 11:33:50 +02:00
c9e8a65d06
Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api
...
ssl_cache: misc improvements
2023-04-11 09:30:40 +02:00
27f9e7815c
Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields
...
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates
Signed-off-by: toth92g <toth92g@gmail.com >
2023-04-04 17:48:27 +02:00
bef824d394
SSL: use MD_CAN macros
...
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2023-03-21 16:29:31 +01:00
b1895899f1
ssl_cache: Improve some comments
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-03-16 14:33:28 +08:00
2a44ac245f
Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api
...
ssl_cache: Add cache entry removal api
2023-03-15 15:38:06 +01:00
f30488f5cd
Move the usage string of cache_remove to USAGE_CACHE
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-03-15 09:53:45 +08:00
753d02ffd4
ssl_server2: Add options to support cache removal
...
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-03-13 09:28:17 +08:00
5ba1d5eb2c
programs: use proper macro for ECDSA capabilities in ssl_sever2
...
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no >
2023-02-23 08:15:17 +01:00
f31c9e441b
Merge pull request #7019 from tom-cosgrove-arm/dont-use-cast-assignment-in-ssl_server2.c
...
Don't use cast-assignment in ssl_server.c
2023-02-06 12:13:08 +00:00
de85725507
Don't use cast-assignment in ssl_server.c
...
Would have used mbedtls_put_unaligned_uint32(), but alignment.h is in library/.
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2023-02-03 16:38:05 +00:00
644a5c0b2b
Fix bugs in example programs: change argc == 0 to argc < 2
...
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com >
2023-01-30 16:48:13 +00:00
302feb3955
add cases to test session resumption with different ticket_flags
...
This commit add test cases to test if the check of kex change mode
in SessionTicket works well.
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com >
2023-01-13 11:05:56 +08:00
449bd8303e
Switch to the new code style
...
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2023-01-11 14:50:10 +01:00
c98624af3c
Merge pull request #6680 from valeriosetti/issue6599
...
Allow isolation of EC J-PAKE password when used in TLS
2022-12-14 11:04:33 +01:00
d75c5c4405
test: pake: fail in case the opaque key is destroyed unexpectedly
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-12-13 11:51:32 +01:00
785116a5be
test: pake: modify opaque key verification before destruction
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-12-12 11:59:25 +01:00
eb3f788b03
tls: pake: do not destroy password key in TLS
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-12-08 18:42:58 +01:00
d5fa0bfb85
test: pake: check psa key validity before destroying it
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-12-07 16:02:42 +01:00
fbba0e9d75
Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface
...
TLS 1.3: Refactor early data configuration interface.
2022-12-07 09:42:12 +01:00
d146a37d56
Change the definition of max_early_data_size argument.
...
`conf_max_early_data_size` does not reuse as en/disable. When
call it, we should call `conf_early_data()` also.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-06 14:56:54 +08:00
2c93fc1544
Revert "Add reco_debug_level to reduce debug output"
...
This reverts commit a6934776c9jerry.h.yu@arm.com >
2022-12-06 11:05:54 +08:00
54dfcb7794
fix comments and debug info issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-05 15:43:09 +08:00
1797b05602
Fix typos prior to release
...
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com >
2022-12-04 17:19:59 +00:00
d6feb20869
test: pake: allow opaque password only when USE_PSA is enabled
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-12-02 14:28:49 +01:00
7854a4e019
Add max_early_data_size option for ssl_sever2
...
- to set max_early_data_set
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-01 23:11:48 +08:00
a6934776c9
Add reco_debug_level to reduce debug output
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-12-01 23:11:48 +08:00
661b9bca75
test: psa_pake: add specific log message for the opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-29 17:28:17 +01:00
77e8315f5b
fix formatting and typos
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-29 17:28:04 +01:00
d572a82df9
tls: psa_pake: add test for opaque password
...
Signed-off-by: Valerio Setti <vsetti@baylibre.com >
2022-11-29 11:30:56 +01:00
fd7aa13671
Merge pull request #6436 from yanrayw/ssl_client2-add-build-version
...
Add build version to the output of ssl_client2 and ssl_server2
2022-11-10 14:39:38 +01:00
eaf46d1291
Add output of build version in ssl_server2
...
Usage:
- By default, build version is printed out in the beginning of
ssl_server2 application.
- ./ssl_server2 build_version=1 only prints build verison and stop
Signed-off-by: Yanray Wang <yanray.wang@arm.com >
2022-10-28 10:53:50 +08:00
744fd37d23
Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0
...
Fix unusual macros
2022-10-25 19:55:29 +02:00
3f44e5b11a
Refactor macro-spanning if in ssl_server2.c
...
Signed-off-by: David Horstmann <david.horstmann@arm.com >
2022-10-24 13:12:19 +01:00
73fe8df922
Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED
...
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-22 14:42:04 +02:00
e68ab4f55e
Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED
...
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-22 14:42:04 +02:00
81378b72e8
programs: ssl: Remove dependency on TLS 1.3 for "sig_algs" option
...
Signature algorithms can be specified through
the sig_algs option for TLS 1.2 as well.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-21 14:40:56 +02:00
20a8e63b23
programs: ssl: Fix some mbedtls_ssl_conf_sig_algs() guards
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-10-21 14:36:43 +02:00
b50754ae86
Switch from x509_CRT_PARSE to KEY_EXCHANGE_WITH_CERT_ENABLED
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-19 08:35:09 -04:00
d0786f5f26
Revert one of the changes to ssl_server2 dependencies
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-19 08:35:09 -04:00
6ee1e20d7f
Replace x509_CRT_PARSE_C with KEY_EXCHANGE_WITH_CERT_ENABLED
...
SSL programs use certificates in an exchange, so it's more natural
to have such dependency instead of just certificate parsing.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-10-19 08:35:09 -04:00
