1
0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-06-10 21:01:41 +03:00
Commit Graph

683 Commits

Author SHA1 Message Date
8dde3b3dec Replace MBEDTLS_PK_HAVE_ECC_KEYS with PSA_WANT_KEY_TYPE_ECC_PUBLIC_KEY
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-08-05 15:41:58 +01:00
b476d4bf21 Replace MBEDTLS_MD_CAN_SHA384 with PSA_WANT_ALG_SHA_384
Signed-off-by: Elena Uziunaite <elena.uziunaite@arm.com>
2024-07-03 10:20:41 +01:00
74191a56e8 ssl_server2: Split early data enablement from max_early_data_size setting
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-03-14 20:00:42 +01:00
7541ebea52 programs: remove usage of mbedtls_pk_wrap_as_opaque() from tests
This is replaced with: mbedtls_pk_get_psa_attributes() +
mbedtls_pk_import_into_psa() + mbedtls_pk_setup_opaque().

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2024-02-27 10:44:33 +01:00
0ecb5fd6f5 Merge pull request #8574 from ronald-cron-arm/ssl-tickets
Fix and align ticket age check in ssl_ticket.c for TLS 1.2 and TLS 1.3
2024-02-21 09:38:46 +00:00
192e0f9b1d ssl_server2: Add read early data support
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-02-01 16:40:47 +01:00
d1c106c787 Define ticket creation time in TLS 1.2 case as well
The purpose of this change is to eventually base
the calculation in ssl_ticket.c of the ticket age
when parsing a ticket on the ticket creation time
both in TLS 1.2 and TLS 1.3 case.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
2024-01-15 08:58:19 +01:00
3a6059beca Merge pull request #7455 from KloolK/record-size-limit/comply-with-limit
Comply with the received Record Size Limit extension
2024-01-09 15:22:17 +00:00
f482dcc6c7 Comply with the received Record Size Limit extension
Fixes #7010

Signed-off-by: Jan Bruckner <jan@janbruckner.de>
2023-12-06 15:18:08 +00:00
750e06743f remove misbehavior tests and code
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:22:15 +08:00
ea96ac3da9 fix various issues
- get ticket_flags with function.
- improve output message and check it.
- improve `ssl_server2` help message

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:17:37 +08:00
3c2b21ed0e Enable multi max_early_data_size value for connections
For test purpose, we set different value for each
session

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-12-06 18:14:56 +08:00
713ce1f889 various improvement
- improve change log entry
- improve comments
- remove unnecessary statement
- change type of client_age

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:59:25 +08:00
cf9135100e fix various issues
- fix CI failure due to wrong usage of ticket_lifetime
- Improve document and comments

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
25ba4d40ef rename ticket_creation to ticket_creation_time
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:19 +08:00
3ff0b1fda3 Cleanup ticket negative tests.
- improve comments
- case 3/4 is for server age check.
- case 5/6 is for client age check

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
ec6d07870d Replace start with ticket_creation
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
f16efbc78d fix various issues
- Add comments for ticket test hooks
- improve code style.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
cebffc3446 change time unit of ticket to milliseconds
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
2023-11-21 09:58:18 +08:00
752dd39a69 Merge pull request #8508 from valeriosetti/issue6323
[G3] Driver-only cipher+aead: TLS: ssl-opt.sh
2023-11-14 11:39:06 +00:00
38e75fb1a7 ssl_server2: remove usage of mbedtls_cipher_info_from_string()
This removes the dependency from cipher module and legacy key/modes
symbols which are used in cipher_wrap.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-10 08:27:39 +01:00
0751761b49 max_early_data_size: rename configuration function
Rename mbedtls_ssl_tls13_conf_max_early_data_size as
mbedtls_ssl_conf_max_early_data_size since in the future
this may not be specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:34 +08:00
d5ed36ff24 early data: rename configuration function
Rename mbedtls_ssl_tls13_conf_early_data as
mbedtls_ssl_conf_early_data since in the future this may not be
specific to TLS 1.3.

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
2023-11-07 11:49:24 +08:00
8b6b41f6cd Merge pull request #8434 from valeriosetti/issue8407
[G2] Make TLS work without Cipher
2023-11-04 15:05:00 +00:00
16799db69a update headers
Signed-off-by: Dave Rodgman <dave.rodgman@arm.com>
2023-11-02 19:47:20 +00:00
74d48c89fa ssl_server2: small improvement of code readability
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-11-02 16:43:55 +01:00
bdf04e840a ssl_server2: support ticket_aead only when CIPHER_C is defined
Cipher parsing requires mbedtls_cipher_info_from_string() which
depends on CIPHER_C.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-10-30 11:36:32 +01:00
5d055f8206 Merge pull request #7844 from mpg/ssl-progs-usage
Fix usage & error reporting in SSL programs
2023-10-26 08:19:25 +00:00
fd3360ebf4 Remove unneeded setting of ret from ssl programs
Remove coverity warnings on unused values.

Signed-off-by: Paul Elliott <paul.elliott@arm.com>
2023-09-15 17:41:25 +01:00
e820c0abc8 Update spelling "mbed TLS" to "Mbed TLS"
The official spelling of the trade mark changed from all-lowercase "mbed"
to normal proper noun capitalization "Mbed" a few years ago. We've been
using the new spelling in new text but still have the old spelling in a
lot of text. This commit updates most occurrences of "mbed TLS":

```
sed -i -e 's/mbed TLS/Mbed TLS/g' $(git ls-files ':!ChangeLog' ':!tests/data_files/**' ':!tests/suites/*.data' ':!programs/x509/*' ':!configs/tfm*')
```

Justification for the omissions:

* `ChangeLog`: historical text.
* `test/data_files/**`, `tests/suites/*.data`, `programs/x509/*`: many
  occurrences are significant names in certificates and such. Changing
  the spelling would invalidate many signatures and tests.
* `configs/tfm*`: this is an imported file. We'll follow the upstream
  updates.

Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
2023-09-12 19:18:17 +02:00
f745e5b8de Merge remote-tracking branch 'development' into HEAD 2023-08-23 20:35:32 +02:00
acd32c005f programs: add helper functions for supported EC curves
- get full list, or
- get TLS ID from name

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-07-10 09:13:57 +02:00
45255e4c71 Adapt names (curves -> groups)
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-07-05 09:26:26 +02:00
39a0a76fcc SSL programs: improve command-line error reporting
Every now and then, I see of these programs failing with a super-long
usage message that gives no clue as to what went wrong. (Recently it
happened with a test case in ssl-opt.sh with a fairly long command line
that was entirely correct, except some options were not valid in this
config - the test should have been skipped but wasn't due to some other
bug. It took me longer to figure out than it should have, and could have
if the program had simply reported which param was not recognized.)

Also, have an explicit "help" command, separate "help_ciphersuites", and
have default usage message that's not multiple screens long.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-27 09:28:24 +02:00
3eea9a461c SSL programs: allow invoking without arguments
All options have reasonable default so the programs don't need arguments
to do something useful.

It is widely accepted for programs that can work without arguments need
not insist on the user passing arguments, see 'ls', 'wc', 'sort', 'more'
and any number of POSIX utilities that all work without arguments.

It is also the historical behaviour of those programs, and something
relied one by at least a few team members.

Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-26 11:29:35 +02:00
0b74434e2a SSL programs: group options processing in 1 place
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-06-26 11:28:00 +02:00
75a5a9c205 Code cleanup
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-13 09:57:23 +02:00
ff9fcbcace ssl_client2, ssl_server2: code optimization + guards adaptation
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:53:40 +02:00
da4fba64b8 Further code optimizations
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:09 +02:00
6d7da5ee1e Add FFDH support in client2, server2 applications
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
2023-06-06 12:31:08 +02:00
97edeb4fb8 Merge pull request #6866 from mprse/extract-key-ids
Extracting SubjectKeyId and AuthorityKeyId in case of x509 V3 extensions v.2
2023-05-08 20:38:29 +02:00
d49cbc1493 test: fix remaining failures in test due to the ECP_LIGHT symbol
Changes in test_suite_psa_crypto are to enforce the dependency
on ECP_C which is mandatory for some key's derivation.

Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-04-11 11:33:50 +02:00
c9e8a65d06 Merge pull request #7298 from lpy4105/issue/6840/add-cache-entry-removal-api
ssl_cache: misc improvements
2023-04-11 09:30:40 +02:00
27f9e7815c Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates

Signed-off-by: toth92g <toth92g@gmail.com>
2023-04-04 17:48:27 +02:00
bef824d394 SSL: use MD_CAN macros
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
2023-03-21 16:29:31 +01:00
b1895899f1 ssl_cache: Improve some comments
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-16 14:33:28 +08:00
2a44ac245f Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api
ssl_cache: Add cache entry removal api
2023-03-15 15:38:06 +01:00
f30488f5cd Move the usage string of cache_remove to USAGE_CACHE
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-15 09:53:45 +08:00
753d02ffd4 ssl_server2: Add options to support cache removal
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
2023-03-13 09:28:17 +08:00
5ba1d5eb2c programs: use proper macro for ECDSA capabilities in ssl_sever2
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
2023-02-23 08:15:17 +01:00