1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-13 19:21:32 +03:00
Commit Graph

640 Commits

Author SHA1 Message Date
cd0fb1d178 Merge pull request #9105 from jetm/ssl-client2-get-req-host
ssl_client2: Add Host to HTTP GET request
2024-10-31 11:32:49 +00:00
99b57bd35a Merge pull request #1272 from eleuzi01/forward-1263
Fix 1.3 cli-auth optional reporting of (ext)KeyUsage issues
2024-08-28 19:38:36 +02:00
92a391e0fe Always print detailed cert errors in test programs
Previously the client was only printing them on handshake success, and
the server was printing them on success and some but not all failures.

This makes ssl-opt.sh more consistent as we can always check for the
presence of the expected message in the output, regardless of whether
the failure is hard or soft.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2024-08-16 17:24:05 +01:00
0858fdca38 Merge pull request #9189 from misch7/fix-v3.6-issues-9186-and-9188
Fix build of v3.6 (issues #9186 and #9188)
2024-08-12 09:34:17 +00:00
0420093795 Adjust spacing in sample programs
Signed-off-by: Michael Schuster <michael@schuster.ms>
2024-08-09 10:29:58 +01:00
8db8d6182f Fix missing-prototype errors in sample programs
Signed-off-by: Michael Schuster <michael@schuster.ms>
2024-08-09 10:29:58 +01:00
8dde3b3dec Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-08-05 15:41:58 +01:00
b476d4bf21 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-03 10:20:41 +01:00
1aef649dde ssl_client2: Add Host to HTTP GET request
If an IP address shares multiple domain names with different SSL
certificates and makes a GET request without the remote server name
(host), it will fail with a 421 Misdirect Request.

Signed-off-by: Javier Tia <javier.tia@linaro.org>
2024-05-06 14:39:33 -06:00
7201bc6b05 ssl_client2: Fix early data log
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-08 16:03:09 +01:00
e33b349c90 Merge pull request #8864 from valeriosetti/issue8848
Deprecate or remove mbedtls_pk_wrap_as_opaque
2024-03-01 15:54:32 +00:00
9b4e964c2c Merge pull request #8760 from ronald-cron-arm/tls13-write-early-data
TLS 1.3: Add mbedtls_ssl_write_early_data() API
2024-02-29 14:31:55 +00:00
7541ebea52 programs: remove usage of mbedtls_pk_wrap_as_opaque() from tests
This is replaced with: mbedtls_pk_get_psa_attributes() +
mbedtls_pk_import_into_psa() + mbedtls_pk_setup_opaque().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-27 10:44:33 +01:00
0aead12706 ssl_client2: Improve loop writing early data
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:37:33 +01:00
b4fd47e897 ssl_client2: Default to library default for early data enablement
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-21 17:37:33 +01:00
a5561893e7 ssl_client2: Add support for early data writing
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
2fe0ec8c31 ssl_client2: Add buffer overflow check
Add buffer overflow check to build_http_request().

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
ccfaefa361 ssl_client2: Switch from int to size_t
Switch from int to size_t for some
data lengths and counter local
variables.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
4e1bd470fb ssl_client2: Move code to build http request
Move code to build http request into a
dedicated function.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
54a3829453 ssl_client2: Simplify early_data option
No need to define specific early data,
the idea is rather to just send the
usual request data as early data
instead of standard application data.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-07 08:06:46 +01:00
6d0a093582 use mbedtls_ssl_session_init() to init session variable
Use mbedtls_ssl_session_init() to init variable just like
session-family APIs described

Signed-off-by: Benson Liou <benson.liou@sony.com>
2023-12-27 22:03:24 +08:00
a9581d2d5f Fix CI failure of uninitialized fp
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-11 01:50:34 +00:00
aedfc0932b Revert to ae952174a7 and addressing some comments
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-08 10:43:24 +00:00
963468035d Add the test framework of early data
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 09:19:43 +00:00
daddfb520d Open the file once read in the file path
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 08:14:30 +00:00
35c026c09e Read early data file
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 06:10:34 +00:00
2a8035b495 Add read early data code
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 03:54:40 +00:00
57db590586 Rework to revert the early_data enabled flag
We have two options for early data.
early_data to indicate early data enable or not.
early_data_file to provide path file to read early data from

Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-07 03:29:22 +00:00
ae952174a7 Enable early data depend on whether the early data file exist
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 10:27:27 +00:00
611c717c02 Sync the early_data option with internal parameters in ssl_client2
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 09:24:58 +00:00
f8fe11d14d Remove the generic file read functions and simply the early data read
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 07:40:50 +00:00
eaebedb30b Refine the detect code to enable early data or not
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 02:55:16 +00:00
b1db72923e Rename the generic read functions to ssl_read_file_text
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 02:33:38 +00:00
6c678d7543 Improve the comments of early data input
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-06 02:20:51 +00:00
70fbdcf904 Change early data flag to input file
Signed-off-by: Xiaokang Qian <xiaokang.qian@arm.com>
2023-12-05 05:50:08 +00:00
d5ed36ff24 early data: rename configuration function
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:24 +08:00
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
afc6a992c5 Merge pull request #8381 from gilles-peskine-arm/20231017-misc-cleanup
Cleanups in test code
2023-10-30 18:08:01 +00:00
a0e810de4b Convey that it's ok for mbedtls_ssl_session_save to fail
mbedtls_ssl_session_save() always outputs the output length, even on error.
Here, we're only calling it to get the needed output length, so it's ok to
ignore the return value. Convey this to linters.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-10-17 16:04:27 +02:00
f745e5b8de Merge remote-tracking branch 'development' into HEAD 2023-08-23 20:35:32 +02:00
acd32c005f programs: add helper functions for supported EC curves
- get full list, or
- get TLS ID from name

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
45255e4c71 Adapt names (curves -> groups)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
39a0a76fcc SSL programs: improve command-line error reporting
Every now and then, I see of these programs failing with a super-long
usage message that gives no clue as to what went wrong. (Recently it
happened with a test case in ssl-opt.sh with a fairly long command line
that was entirely correct, except some options were not valid in this
config - the test should have been skipped but wasn't due to some other
bug. It took me longer to figure out than it should have, and could have
if the program had simply reported which param was not recognized.)

Also, have an explicit "help" command, separate "help_ciphersuites", and
have default usage message that's not multiple screens long.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-27 09:28:24 +02:00
3eea9a461c SSL programs: allow invoking without arguments
All options have reasonable default so the programs don't need arguments
to do something useful.

It is widely accepted for programs that can work without arguments need
not insist on the user passing arguments, see 'ls', 'wc', 'sort', 'more'
and any number of POSIX utilities that all work without arguments.

It is also the historical behaviour of those programs, and something
relied one by at least a few team members.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-26 11:29:35 +02:00
0b74434e2a SSL programs: group options processing in 1 place
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-26 11:28:00 +02:00
75a5a9c205 Code cleanup
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 09:57:23 +02:00
ff9fcbcace ssl_client2, ssl_server2: code optimization + guards adaptation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:53:40 +02:00
da4fba64b8 Further code optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
316c19ef93 Adapt guards, dependencies + optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>

Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
6d7da5ee1e Add FFDH support in client2, server2 applications
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00