e3358e14b2
Merge pull request #6051 from mprse/permissions_2b_v2
...
Permissions 2b: TLS 1.3 sigalg selection
2022-09-28 09:50:04 +02:00
2c282c9bd0
Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets
...
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
2022-09-23 15:48:33 +01:00
d433cd7d07
Merge pull request #6283 from mpg/driver-only-hashes-wrap-up
...
Driver only hashes wrap-up
2022-09-21 08:29:46 +02:00
50969e3af5
ssl-opt.sh: TLS 1.3 opaque key: Add test with unsuitable sig alg
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-09-20 15:57:57 +02:00
7a51305478
Add multi-session tickets test
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-09-19 14:26:07 +08:00
be0224aef3
Merge pull request #6167 from yuhaoth/pr/finalize-tls13-session-tickets
2022-09-18 21:18:13 +02:00
e896705c1a
Take advantage of legacy_or_psa.h being public
...
Opportunities for using the macros were spotted using:
git grep -E -n -A2 'MBEDTLS_(MD|SHA)[0-9]+_C' | egrep 'PSA_WANT_ALG_(MD|SHA)'
then manually filtering the results.
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com >
2022-09-16 12:03:52 +02:00
632939df4b
ssl_client2: print pk key name when provided using key_opaque_algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-09-15 14:16:11 +02:00
4746b10c2e
fix various issues
...
- Format issues
- Possible memory leak
- Improve naming and comment issues
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-09-13 15:37:46 +08:00
0bc834b27f
Enable signature algorithms in ssl programs with PSA based hashes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-09-12 05:37:46 -04:00
0203534c64
Add session save after got new session ticket
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-08-31 23:24:25 +08:00
e00d6d6b55
Merge pull request #6135 from yuhaoth/pr/tls13-finalize-external-psk-negotiation
...
TLS 1.3: SRV: Finalize external PSK negotiation
2022-08-31 17:21:57 +02:00
dcce505a08
Add a missing guard in an example program
...
MD variable is not used in builds without MD.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-08-30 17:56:08 -04:00
c5a23a0f12
fix various issues
...
- code style
- variable initialize
- update comments
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-08-25 11:09:35 +08:00
cccb044804
Style & formatting fixes
...
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-08-23 05:26:02 -04:00
8c95ac4500
Add missing dependencies / alternatives
...
A number of places lacked the necessary dependencies on one of
the used features: MD, key exchange with certificate,
entropy, or ETM.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com >
2022-08-22 17:46:50 -04:00
5d01c05d93
fix various issues
...
- wrong typo in comments
- replace psk null check with key_exchange_mode check
- set psk NULL when error return in export hs psk
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-08-21 12:55:01 +08:00
2b7a51ba8f
Add psk_or_ephemeral mode and tests
...
psk_or_ephemeral exists in theory. This change is for
improving test coverage.
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-08-21 12:51:53 +08:00
25fdc2addb
Fix minor typos
...
Signed-off-by: Jan Bruckner <jan@janbruckner.de >
2022-07-26 10:52:46 +02:00
2b4f02d7fb
Add new_session_ticket err handler
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-07-20 11:07:29 +08:00
ce7d76e2ee
Merge remote-tracking branch 'mbedtls-restricted/development-restricted' into mbedtls-3.2.0rc0-pr
2022-07-11 10:22:37 +02:00
41aa808a56
Merge pull request #952 from gilles-peskine-arm/stdio_buffering-setbuf
...
Turn off stdio buffering with setbuf()
2022-07-04 10:12:22 +01:00
0e39ece23f
Merge pull request #5916 from yuhaoth/pr/tls13-refactor-get-sig-alg-from-pk
...
Refactor signature algorithm chooser
2022-07-04 09:10:08 +02:00
ff15dbab4c
Make definition order a bit neater
...
Signed-off-by: Paul Elliott <paul.elliott@arm.com >
2022-07-01 16:30:08 +01:00
6d576c9646
Call setbuf when reading or writing files: programs
...
After opening a file containing sensitive data, call mbedtls_setbuf() to
disable buffering. This way, we don't expose sensitive data to a memory
disclosure vulnerability in a buffer outside our control.
This commit adds a call to mbedtls_setbuf() after each call to fopen(),
but only in sample programs that were calling mbedtls_platform_zeroize().
Don't bother protecting stdio buffers in programs where application buffers
weren't protected.
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com >
2022-06-30 17:06:11 +02:00
cc5391048e
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:18:30 +08:00
202919c23d
refine supported sig alg print
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:18:29 +08:00
64f410c246
Add tls13 sig alg parameters
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:16:09 +08:00
a1255e6b8c
fix various issues
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:16:09 +08:00
9bb3ee436b
Revert rsa_pss_rsae_* support for tls12
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:16:08 +08:00
3896ac6e5b
fix ordered sig algs fail for openssl
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:16:06 +08:00
9f4cc5ff65
Add pss_rsae sig algs into test conf
...
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com >
2022-06-29 16:13:41 +08:00
bd10c4e2af
Test accessors to config DN hints for cert request
...
Signed-off-by: Glenn Strauss <gstrauss@gluelogic.com >
2022-06-29 02:54:28 -04:00
ba65fbbe30
Fix comments
...
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-22 17:36:12 +02:00
903c979376
programs: ssl: Add one RSA PSS signature algorithm
...
Add one RSA PSS signature algorithm to the
test list of signature algorithms. This allows
certificate chains exposing an RSA key with
signatures using SHA-1 to be used in tests
where an TLS 1.3 handshake is performed.
Signed-off-by: Ronald Cron <ronald.cron@arm.com >
2022-06-17 08:45:30 +02:00
d5d5b60c07
Add comprehensive test cases for TLS1.3 server side
...
Change-Id: I544cb12b3ffe5edd7d59fa54342ca7db5b5c8a2a
Signed-off-by: XiaokangQian <xiaokang.qian@arm.com >
2022-05-31 02:51:26 +00:00
6dbbf44d78
Fix typos in documentation and constants with typo finding tool
...
Signed-off-by: bootstrap-prime <bootstrap.prime@gmail.com >
2022-05-18 14:15:33 -04:00
9bc53a2e84
Merge pull request #5806 from josesimoes/fix-3031
...
Remove prompt to exit in all programs
2022-05-12 10:50:31 +02:00
8b0ecbccf4
Redo of PR#5345. Fixed spelling and typographical errors found by CodeSpell.
...
Signed-off-by: Shaun Case <warmsocks@gmail.com >
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com >
2022-05-11 21:25:51 +01:00
23419560c9
Remove prompt to exit in all programs
...
Signed-off-by: José Simões <jose.simoes@eclo.solutions >
2022-05-06 17:11:22 +01:00
cb20d202d2
Further code optimization
...
- key_opaque_set_alg_usage(): set alg/usage in loop
- key_opaque_set_alg_usage(): add key paramteter to set default alg/usage if it is not specified by command line parameters
- unify default alg/usage for client and server
- optimize opaque code on client and server side
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-05-06 09:34:30 +02:00
296bfba924
ssl_server2: add key_opaque_algs2 usage info
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-05-05 11:08:34 +02:00
1d25e076f3
ssl_client2: fix default key opaque algs
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-05-05 11:05:10 +02:00
488efa05b6
Fix compiler warnings: initialize local variables: psa_alg, psa_alg2, psa_usage
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-05-05 10:17:01 +02:00
134eb8b6e2
Fix style
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-05-05 10:17:01 +02:00
092128324f
ssl_client2/ss_server2: optimize code for opaque key
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-05-05 10:17:01 +02:00
76a41f5a52
ssl_test_lib: fix compilation flags for default config
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-05-05 10:17:01 +02:00
e5e9ba920f
ssl_server2: refactor opaque code
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-05-05 10:17:01 +02:00
89132a6ab0
Fix call to mbedtls_pk_wrap_as_opaque(): use usage variable instead PSA_KEY_USAGE_SIGN_HASH
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-05-05 10:17:01 +02:00
b58c47a666
ssl_server2: use key opaque algs given from command line
...
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com >
2022-05-05 10:17:01 +02:00
