lib/mbedtls
1
0
Fork 0
mirror of https://github.com/Mbed-TLS/mbedtls.git synced 2025-07-07 12:21:11 +03:00
Code Activity
31,979 Commits 173 Branches 272 Tags
f95bfda1f9b51ee8cd35286fef18d224f1f57023
Commit Graph

690 Commits

Author SHA1 Message Date
toth92g
27f9e7815c Adding openssl configuration file and command to Makefile to be able to reproduce the certificate for testing Authority and Subject Key Id fields 
Increasing heap memory size of SSL_Client2 and SSL_Server2, because the original value is not enough to handle some certificates. The AuthorityKeyId and SubjectKeyId are also parsed now increasing the size of some certificates

Signed-off-by: toth92g <toth92g@gmail.com>
 2023-04-04 17:48:27 +02:00
Manuel Pégourié-Gonnard
bef824d394 SSL: use MD_CAN macros 
Signed-off-by: Manuel Pégourié-Gonnard <manuel.pegourie-gonnard@arm.com>
 2023-03-21 16:29:31 +01:00
Pengyu Lv
b1895899f1 ssl_cache: Improve some comments 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-16 14:33:28 +08:00
Gilles Peskine
2a44ac245f Merge pull request #7217 from lpy4105/issue/6840/add-cache-entry-removal-api 
ssl_cache: Add cache entry removal api
 2023-03-15 15:38:06 +01:00
Pengyu Lv
f30488f5cd Move the usage string of cache_remove to USAGE_CACHE 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-15 09:53:45 +08:00
Pengyu Lv
753d02ffd4 ssl_server2: Add options to support cache removal 
Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-03-13 09:28:17 +08:00
Valerio Setti
5ba1d5eb2c programs: use proper macro for ECDSA capabilities in ssl_sever2 
Signed-off-by: Valerio Setti <valerio.setti@nordicsemi.no>
 2023-02-23 08:15:17 +01:00
Dave Rodgman
f31c9e441b Merge pull request #7019 from tom-cosgrove-arm/dont-use-cast-assignment-in-ssl_server2.c 
Don't use cast-assignment in ssl_server.c
 2023-02-06 12:13:08 +00:00
Tom Cosgrove
de85725507 Don't use cast-assignment in ssl_server.c 
Would have used mbedtls_put_unaligned_uint32(), but alignment.h is in library/.

Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2023-02-03 16:38:05 +00:00
Aditya Deshpande
644a5c0b2b Fix bugs in example programs: change argc == 0 to argc < 2 
Signed-off-by: Aditya Deshpande <aditya.deshpande@arm.com>
 2023-01-30 16:48:13 +00:00
Pengyu Lv
302feb3955 add cases to test session resumption with different ticket_flags 
This commit add test cases to test if the check of kex change mode
in SessionTicket works well.

Signed-off-by: Pengyu Lv <pengyu.lv@arm.com>
 2023-01-13 11:05:56 +08:00
Gilles Peskine
449bd8303e Switch to the new code style 
Signed-off-by: Gilles Peskine <Gilles.Peskine@arm.com>
 2023-01-11 14:50:10 +01:00
Manuel Pégourié-Gonnard
c98624af3c Merge pull request #6680 from valeriosetti/issue6599 
Allow isolation of EC J-PAKE password when used in TLS
 2022-12-14 11:04:33 +01:00
Valerio Setti
d75c5c4405 test: pake: fail in case the opaque key is destroyed unexpectedly 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-13 11:51:32 +01:00
Valerio Setti
785116a5be test: pake: modify opaque key verification before destruction 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-12 11:59:25 +01:00
Valerio Setti
eb3f788b03 tls: pake: do not destroy password key in TLS 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-08 18:42:58 +01:00
Valerio Setti
d5fa0bfb85 test: pake: check psa key validity before destroying it 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-07 16:02:42 +01:00
Ronald Cron
fbba0e9d75 Merge pull request #6537 from yuhaoth/pr/tls13-refactor-early-data-configuration-interface 
TLS 1.3: Refactor early data configuration interface.
 2022-12-07 09:42:12 +01:00
Jerry Yu
d146a37d56 Change the definition of max_early_data_size argument. 
`conf_max_early_data_size` does not reuse as en/disable. When
call it, we should call `conf_early_data()` also.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-06 14:56:54 +08:00
Jerry Yu
2c93fc1544 Revert "Add reco_debug_level to reduce debug output" 
This reverts commit a6934776c9.

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-06 11:05:54 +08:00
Jerry Yu
54dfcb7794 fix comments and debug info issues 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-05 15:43:09 +08:00
Tom Cosgrove
1797b05602 Fix typos prior to release 
Signed-off-by: Tom Cosgrove <tom.cosgrove@arm.com>
 2022-12-04 17:19:59 +00:00
Valerio Setti
d6feb20869 test: pake: allow opaque password only when USE_PSA is enabled 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-12-02 14:28:49 +01:00
Jerry Yu
7854a4e019 Add max_early_data_size option for ssl_sever2 
- to set max_early_data_set

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-01 23:11:48 +08:00
Jerry Yu
a6934776c9 Add reco_debug_level to reduce debug output 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-12-01 23:11:48 +08:00
Valerio Setti
661b9bca75 test: psa_pake: add specific log message for the opaque password 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-29 17:28:17 +01:00
Valerio Setti
77e8315f5b fix formatting and typos 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-29 17:28:04 +01:00
Valerio Setti
d572a82df9 tls: psa_pake: add test for opaque password 
Signed-off-by: Valerio Setti <vsetti@baylibre.com>
 2022-11-29 11:30:56 +01:00
Gilles Peskine
fd7aa13671 Merge pull request #6436 from yanrayw/ssl_client2-add-build-version 
Add build version to the output of ssl_client2 and ssl_server2
 2022-11-10 14:39:38 +01:00
Yanray Wang
eaf46d1291 Add output of build version in ssl_server2 
Usage:
- By default, build version is printed out in the beginning of
ssl_server2 application.
- ./ssl_server2 build_version=1 only prints build verison and stop

Signed-off-by: Yanray Wang <yanray.wang@arm.com>
 2022-10-28 10:53:50 +08:00
Gilles Peskine
744fd37d23 Merge pull request #6467 from davidhorstmann-arm/fix-unusual-macros-0 
Fix unusual macros
 2022-10-25 19:55:29 +02:00
David Horstmann
3f44e5b11a Refactor macro-spanning if in ssl_server2.c 
Signed-off-by: David Horstmann <david.horstmann@arm.com>
 2022-10-24 13:12:19 +01:00
Ronald Cron
73fe8df922 Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED 
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_PSK_ENABLED to
guard TLS code (both 1.2 and 1.3) specific
to handshakes involving PSKs.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
e68ab4f55e Introduce and use MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED 
Introduce and use
MBEDTLS_SSL_HANDSHAKE_WITH_CERT_ENABLED to
guard TLS code (both TLS 1.2 and 1.3) specific
to handshakes involving certificates.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-22 14:42:04 +02:00
Ronald Cron
81378b72e8 programs: ssl: Remove dependency on TLS 1.3 for "sig_algs" option 
Signature algorithms can be specified through
the sig_algs option for TLS 1.2 as well.

Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:40:56 +02:00
Ronald Cron
20a8e63b23 programs: ssl: Fix some mbedtls_ssl_conf_sig_algs() guards 
Signed-off-by: Ronald Cron <ronald.cron@arm.com>
 2022-10-21 14:36:43 +02:00
Andrzej Kurek
b50754ae86 Switch from x509_CRT_PARSE to KEY_EXCHANGE_WITH_CERT_ENABLED 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek
d0786f5f26 Revert one of the changes to ssl_server2 dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek
6ee1e20d7f Replace x509_CRT_PARSE_C with KEY_EXCHANGE_WITH_CERT_ENABLED 
SSL programs use certificates in an exchange, so it's more natural
to have such dependency instead of just certificate parsing.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:09 -04:00
Andrzej Kurek
e38b788b79 Add missing key exchange dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Andrzej Kurek
68327748d3 Add missing dependencies 
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>
 2022-10-19 08:35:08 -04:00
Gilles Peskine
8fd3254cfc Merge pull request #6374 from mprse/enc_types 
Test TLS 1.2 builds with each encryption type
 2022-10-12 12:45:50 +02:00
Jerry Yu
c79742303d Remove unnecessary empty line and fix format issue 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-11 21:22:33 +08:00
Przemek Stekiel
d61a4d3d1a Fix missing guard and double-space 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-11 09:40:40 +02:00
Jerry Yu
6916e70521 fix various issues 
- adjust guards. Remove duplicate guards and adjust format.
- Return success at function end. Not `ret`
- change input len

Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-10 21:33:51 +08:00
Przemek Stekiel
68a01a6720 Fix session tickets related build flags in fuzz_server and ssl_server2 
Signed-off-by: Przemek Stekiel <przemyslaw.stekiel@mobica.com>
 2022-10-10 13:30:43 +02:00
Jerry Yu
03b8f9d299 Adjust guards for dummy_tickets 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-08 14:56:38 +08:00
Jerry Yu
25ab654781 Add dummy ticket support 
Signed-off-by: Jerry Yu <jerry.h.yu@arm.com>
 2022-10-07 10:11:05 +08:00
Manuel Pégourié-Gonnard
e3358e14b2 Merge pull request #6051 from mprse/permissions_2b_v2 
Permissions 2b: TLS 1.3 sigalg selection
 2022-09-28 09:50:04 +02:00
Paul Elliott
2c282c9bd0 Merge pull request #6180 from yuhaoth/pr/add-tls13-multiple-session-tickets 
TLS 1.3: NewSessionTicket: Add support for sending multiple tickets per session.
 2022-09-23 15:48:33 +01:00